I am using the default password reset. I would like to directly send the password reset link to the email address of the user. How am I going to do that?
It works using mailtrap.io. All the password reset link were emailed to my mailtrap account. However, I want to configure it in a way that it will send direct reset link to the user email address. Have tried different configuration but doesnt work.
Related
I am using Laravel's default email functionality when sending the password reset link to users, and because of this, i wanted to change some parts of the email content that's being sent. One of those is the base URL of the reset link in the email.
In the email, it has this:
I wanted to change the Base URL http://localhost:8081 into something different since I am hosting other web apps on a different domain.
How can I do that?
Any tips are greatly appreciated!
You mean you have 2 servers. One for user to click reset password (an email will be sent to user). The other for handling reset password logic (after user click the link in email, fill new information and submit)
Is that right?
You can check Reset Email Customization and domain you can set in .env for getting
I would like to know if it's a good practice in terms of security to send the decrypted password to a new user by email. Someone could tell me his feeling?
If i would like to send the password decrypted should i use this ?
$decrypt= Crypt::decrypt($user->password);
thanks a lot in advance
You can't decrypt hashed password. The good practice is to use Laravel resetting password feature.
Once you have defined the routes and views to reset your user's passwords, you may simply access the route in your browser at /password/reset. The ForgotPasswordController included with the framework already includes the logic to send the password reset link e-mails, while the ResetPasswordController includes the logic to reset user passwords.
After a password is reset, the user will automatically be logged into the application and redirected to /home
https://laravel.com/docs/5.4/passwords
Based on the comments:
Once user is register send him/her a link to create a new password.
If you don't want to allow them to access other pages until they create a new password. Add the middleware to check whether user has create a new password or not.
From view point of security, password must be hashed value. You shouldn't use encryption/decryption for password.
I'm using Parse javascript API. If a user has logged out, I will not have a 'currentUser'. Therefore, when I try to use the Parse.User.requestPasswordReset call, it will not work. Is there another way to offer users a way to reset their password if they have been logged out? It seems strange that having a currentUser is required.
It isn't required. You don't say why you think it is, but only an e-mail address is required in order to request a reset (as the result is an e-mail being sent to the user). It's normal to simply have the user type their e-mail address in to trigger the reset logic. Indeed if the user was logged in you would need to be careful about allowing e-mail address editing and then password reset selection...
When a user initially signs up through my app on Parse.com, they supply a username, an email address, and a password.
They verify that email address before they can start using the Parse.com functionalities. So now the user has a valid username, email address and password.
Then, consider this scenario:
1) The user changes his or her email address. 2) The user fails to validate the new email address. 3) The user doesn't use the app for a while. 4) The user forgets his or her password. 5) The user asks to reset the password.
If the user used his or her old email address for the password reset, that address is now gone and the user won't be able to reset the password using that email address.
If the user used the new email address, that address is not verified. Furthermore, it might not have been verified because it could have been typed in wrongly. So the user won't be able to reset the password using that email address.
How is this supposed to have gone down? Is there any way to keep the old email address until the new email address has been verified? That is the only way I can see that this would work.
Have you tried to use the Trigger features from Parse CloudCode?
https://parse.com/docs/cloudcode/guide#cloud-code-aftersave-triggers
Here you can perform code before or after some Object changing. So you can do what you suggested in the bottom of your question: save in another field de old email when the email or emailVerified fields changes.
I need a solution to send the OLD password of a customer who click and enter his email address in Forgot your password page. The default email template send just a link inviting the customer to reset his password at the site's page.
The current password is saved as MD5. You can't send them their current password.