I am developing an app.App login is through phone number and is will show password reset only if the phone is verified in client side and after than reset password request occur.So in simple i want to reset password of user without any verification in backend
so i can safely assume phone number verification is done by OTP? like when they request for password change the server will send a sms to the registered users phone number to verify that it is the actual phone number holder who is requesting for password change.
but you still have to verify that the OTP number provided by the user matches with the one generate from backend and then only change the user password.
EXAMPLE
$user = User::where('contact', $request->contact)
if($request->otp == $user->reset_otp)
{
$user->password = bcrypt($request->password);
$user->save();
}
Related
I'm using Laravel 7.x and sanctum. Logins are working and I would like to create a Forgot Password option from my SPA application.
I'm struggling with the basics as most of the examples in the documentation rely on the auth scaffolding. So far I've managed to get the following:
I have a controller class called ForgotPasswordController with a method called reset that receives the email to be reset via POST.
I've created a object: $user = User::where('email', $email)->get()->first();
At this point I'm too unfamiliar with the architecture to know where to go next, whether it's the Password facade, I see some additional classes in the Illuminat\Auth\Password namespace. My goal is to create an expiring token, email it to the user via the default email config (I know how to send the email / design the template) and then be able to make the webservice call that will allow the password to be resolved.
Here's what I think I know...
I've set CanResetPassword trait on my user models, which I believe are necessary to support the native methods for password reset
I believe the goal is to create a reset token keyed against the user email that expires after a period of time, then send that token appended to a url in an email (I don't know the architectural implications surrounding the generation of the token beyond the table row)
There's a Password facade with a sendResetLink method - but this
method can't work for spa applications because the base url of the
client app will be different, so I'm assuming something native will have to be re-written. In fact, calling this method will return an error of Route [password.reset] not defined.
I'm assuming I will need the password Facade, if so, what is the method to generate the token? Should I just email the link with the token appended or are there other architectural considerations to support the token expiration?
Apologies if my questions are flawed, I'm unclear on the architecture so I'm making assumptions.
Have you tried Laravel authentication? All authentication requirements have been moved to a package called laravel/ui.
By installing that package you can use Laravel authentication. It will take care of your registration, login, and forgot password processes.
This package will create some controllers for all those processes and those you need for forgot password are
ForgotPasswordController: will generate and send reset password links.
ResetPasswordController: will reset the password by getting user's email, new password, and reset password token.
But if you don't want to use the official Laravel package you should take these steps:
Show a "Request reset password form" to the user.
Validate the provided email by the user.
Generate a random reset password token and store it at DB (Need a table with at least two fields: email and token).
Send that token to the user(It's better if you send it as a URL parameter in the reset password link).
When the user navigated to the reset password page, ask for email again and validate the token by checking your DB table and matching the email and token.
Reset the password to whatever the user wants at this point.
Update: I use this piece of code for generating random tokens:
$email = 'user#email.com';
$token = \Illuminate\Support\Str::random(10);
while(\DB::table('reset_password_tokens')->where('token', $token)->exists()) {
$token = \Illuminate\Support\Str::random(10);
}
\DB::table('reset_password_tokens')->insert(compact('email', 'token'));
I am using JWT token for auth in laravel project, and now I am stuck in forgot password. I want to make a token valid for only one click. after user clicked set password on his email he can set his password but another try to set password is impossible. I want to make a user and send him an email with a link to set a password with token on it valid for only one click or something like this.
Normally, just in-valid token when user reset password successfully. you should delete token after user reset password success
I want to login users after authenticating them using OAuth and Google account without entering any password.
I know Auth::login functon can do such action but I don't know how to get the user instance while they haven't been authenticated yet.
Is there a way to do that?
You can 'manually' log a user in in two diefferent ways:
// log user in by ID
Auth::loginUsingId([id of user]);
Or
$user = User::find([id here]);
// or maybe
$user = User::whereUsername([username here])->first();
// and then
Auth::login($user);
See the documentation for authentication.
I've been using Swiftmailer to handle my app's email communication through to Gmail for some time now.
In the last 24 hours, a whole bunch of errors about the username and password not being accepted has popped up on the server log files.
From what I can understand, my options are to set up 2-step verification, or have an app specific password. Which is the right one for this type of scenario?
$transport = Swift_SmtpTransport::newInstance('smtp.gmail.com', 587, 'tls')
->setUsername($username)
->setPassword($password)
;
$mailer = Swift_Mailer::newInstance($transport);
$message = Swift_Message::newInstance();
$message->setSubject($subject);
$message->setFrom(array($from));
$message->setTo(array($to));
if(isset($cc) && $cc!="") $message->setCc(array($cc));
if(isset($bcc) && $bcc!="") $message->setBcc($bcc);
Thanks for your time and help.
I am using authlogic for authentication through API
I want to implement if user forgot his password then api send an autogenerated password to user's email account , I don't want to send instructions for password resetting to user email
I am not getting how to update password in database for that user record.
I have tried to reset password this way
#user.password = Params[:password]
#user.password_confirmation = params[:password_confirmation]
I searched alot not getting what exactly it needs to set password this way and I search in authlogic documentation but not getting whether these will be helpful for me.
thanks