How to trigger password reset without a notification in Laravel Breeze? - laravel

Using Laravel 9 with Breeze I want when a user with a specific role has been created, he should receive a custom welcome mail with a link to a view, where he needs to set a password
How can I just trigger the password reset without the default forgot password mail, but get the token that I can use in my custom mail for the link?

Create a random string of 35 characters.
Create an entry in the password_resets table comprising the user's email address, a hashed (bcrypt()) version of the token just created, and the current timestamp
Send the user an email with a link leading to /reset-password/{$token}
Example, assuming $user is the new user account;
$token = Str::random(35);
DB::table('password_resets')->insert([
'email' => $user->email,
'token' => bcrypt($token),
'created_at' => now(),
]);
$user->notify(new WelcomeNewUser($token));
and then in the notification class;
public $token;
public function __construct($token)
{
$this->token = $token;
}
//
public function toMail($notifiable)
{
return (new MailMessage)
->line('You have been invited to use our application')
->action('Set a password', url(route('password.reset',['token'=>$this->token])))
->line('Thank you for using our application!');
}

Related

laravel passport custom value user_id in table oauth_access_tokens

I have master table user with name employee, So I wan't use that table not default table from laravel auth users. How to modify laravel passport so that I can use column from employee table?
this my login code
public function login(){
if(Auth::attempt(['email' => request('email'), 'password' => request('password')])){
$user = Auth::user();
$success['token'] = $user->createToken('nApp')->accessToken;
return response()->json(['success' => $success], $this->successStatus);
}
else{
return response()->json(['error'=>'Unauthorised'], 401);
}
}
In your config/auth.php you have providers and providers have drivers...
So the drivers make it to the model you want to use...
If you have some authentication process that use User model, then you can use helper function : auth('YOUR GUARD NAME')->user().
Your guard name is in config/auth.php too.

Laravel make manual password reset

I am working in laravel,
I am stuck in reset password manually,
I verify the mail is exist in database or not if mail is exist than it will redirect to reset password page.
When user type the password and submit the form, at that time password is not update in mongoDb database.
here's my function...
class ForgotPasswordController extends Controller
{
public function confirmPassword(Request $request, $email)
{
$this->validate($request, [
'password' => 'required|string|min:6'
]);
$admin = AdminAuth::find($email);
$admin->password = $request->get('password');
$admin->save();
return view('auth.login');
}
}
Try
$admin->password = Hash::make($request->get('password'));
More details here. And remember: never save users passwords explicit in db.

remove validation from email parameter in laravel 5.6. I am using authenticate() method

I am trying to authenticate the using using ajax and laravel 5.6 authenticate() method. If I pass 'email' and 'password' parameters then it works fine but If I change the email parameter to user_email then it gives me validation that "Email field is required".
So I need help to authenticate the user using different parameters (like user_email etc.) instead of email and password.
Here is the code file path app\Http\Controllers\AUth\LoginController.php
protected function authenticate(Request $request, $user){
if(!request->ajax()){
return response()->json([
'auth' => auth()->check(),
'user' => $user,
'intented' => $this->redirectPath()
]);
}
}
Thank you
Paste this on your login controller
public function username()
{
return 'user_email';
}

Customise Reset Password Email and pass User Data in Laravel 5.3

I am using Laravel 5.3 and customizing the Password Reset Email Template. I have done the following changes to create my own html email for the notification using a custom Mailable class. This is my progress so far:
ForgotPasswordController:
public function postEmail(Request $request)
{
$this->validate($request, ['email' => 'required|email']);
$response = Password::sendResetLink($request->only('email'), function (Message $message) {
$message->subject($this->getEmailSubject());
});
switch ($response) {
case Password::RESET_LINK_SENT:
return Response::json(['status' => trans($response)], 200);
case Password::INVALID_USER:
return Response::json(['email' => trans($response)], 400);
}
}
User Model:
public function sendPasswordResetNotification($token)
{
Mail::queue(new ResetPassword($token));
}
ResetPassword Mailable Class:
protected $token;
public function __construct($token)
{
$this->token = $token;
}
public function build()
{
$userEmail = 'something'; // How to add User Email??
$userName = 'Donald Trump'; // How to find out User's Name??
$subject = 'Password Reset';
return $this->view('emails.password')
->to($userEmail)
->subject($subject)
->with([
'token' => $this->token
'userEmail' => $userEmail,
'userName' => $userName
]);
}
If you noticed above, I am not sure how do I pass the user's name and find out the user's email address. Do I need to send this data from the User Model or do I query it from the Mailable class? Can someone show me how I can do that please?
Usually you ask for the user email in order to send a reset password email, that email should come as a request parameter to your route controller.
By default, L5.3 uses post('password/email) route to handle a reset password request. This route execute sendResetLinkEmail method which is defined in the 'SendsPasswordResetEmails' trait used by the App\Http\Controllers\Auth\ForgotPasswordController.
From here you can take one of 2 options:
1st: You could overwrite the route to call another function in the same controller (or any other controller, in this case could be your postEmail function) which search for the user model by the email you received, then you can pass the user model as function parameter to the method which execute the queue mail action (this may or may not require to overwrite the SendsPasswordResetEmails, depends on how you handle your reset password method).
This solution would looks something like this:
In routes/web.php
post('password/email', 'Auth\ForgotPasswordController#postEmail')
in app/Mail/passwordNotification.php (for instance)
protected $token;
protected $userModel;
public function __construct($token, User $userModel)
{
$this->token = $token;
$this->userModel = $userModel;
}
public function build()
{
$userEmail = $this->userModel->email;
$userName = $this->userModel->email
$subject = 'Password Reset';
return $this->view('emails.password')
->to($userEmail)
->subject($subject)
->with([
'token' => $this->token
'userEmail' => $userEmail,
'userName' => $userName
]);
}
in app/Http/Controllers/Auth/ForgotPasswordController
public function postEmail(Request $request)
{
$this->validate($request, ['email' => 'required|email']);
$userModel = User::where('email', $request->only('email'))->first();
Mail::queue(new ResetPassword($token));
//Manage here your response
}
2nd: You could just overwirte the trait SendsPasswordResetEmails to search for the user model by the email and use your customized function in sendResetLinkEmail function. There you could use your function but notice that you still have to handle somehow an status to create a response as you already have it on ForgotPasswordController.
I hope it helps!

Laravel login flow

When using default auth scaffold from Laravel, at register the password is hashed with bcrypt in RegisterController.php under create function
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}
I would like to know where is the function that hashes the user input for password at login? It must be somewhere built inside vendor folder but i can't find it.
So when the user want's to login he enters the plain text password and this plain text gets hashed again with bcrypt and then compared with saved and hashed password in DB. But where does laravel make this? In which function?
Laravel never decrypts your password
Bcrypt passwords in Laravel are never decrypted, the password entered by the user just gets compared to the already hashed password stored in the database.
Update:
If you are authenticating using Eloquents User Model;
vendor/laravel/ framework/src/Illuminate/Auth/EloquentUserProvider.php
public function validateCredentials(UserContract $user, array $credentials)
{
$plain = $credentials['password'];
return $this->hasher->check($plain, $user->getAuthPassword());
}
If you are authenticating the Database driver;
vendor/laravel/ framework//src/Illuminate/Auth/DatabaseUserProvider.php
public function validateCredentials(UserContract $user, array $credentials)
{
$plain = $credentials['password'];
return $this->hasher->check($plain, $user->getAuthPassword());
}
bcrypt is the function that turns it into hash. It is a one way hash algo and can't be decrypted. The password that user sends in plain text, convert that using bcrypt and then compare in db.

Resources