CODEWITHSUNDEEP
laravellaravel-5
Matt Pierce
Matt Pierce

Reputation: 805

Laravel Password Reset Token

Okay, this is very beginner, but I'd like an explanation. In the built-in Laravel password reset in the "postReset" method below, it specifies "token"...however, when using {!! csrf_field() !!} in the view, it generate as the input name="_token". Does the _ count as an actual character when matching up the names? Just confused how the database migration uses "token", but the csrf field sets up the input name as "_token". 

public function postReset(Request $request)
    {
        $this->validate($request, [
            'token' => 'required',
            'email' => 'required|email',
            'password' => 'required|confirmed|min:6',
        ]);

        $credentials = $request->only(
            'email', 'password', 'password_confirmation', 'token'
        );

        $response = Password::reset($credentials, function ($user, $password) {
            $this->resetPassword($user, $password);
        });

Thanks,

Upvotes: 5

Views: 6186

Answers (2)

vipmaa
vipmaa

Reputation: 1122

I face same issue before its not related with CSRF in my case, as I read from the code he search for third segment to get token from url which he use for reset. but if you use localization system will missing it as below screen

enter image description here

You can make small work around to fix it 

@php
    $segments = \Request::segments();
    $token = end($segments);
@endphp

<form method="POST" action="{{ route('password.request') }}">
{!!  csrf_field() !!}
<input type="hidden" name="token" value="{{$token}}">

Upvotes: 4

Sulthan Allaudeen
Sulthan Allaudeen

Reputation: 11320

You don't need a _token for password reset or migration. But it is absolutely needed if you are sending any inputs to the laravel in post method.

Laravel makes it easy to protect your application from cross-site request forgery (CSRF) attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.

Source

How can i include the csrf token in my form ?

You can include the csrf token by having this inside your form

<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">

Tip :

You can handle the action after the CSRF Token filter inside 

app\Http\Middleware\VerifyCsrfToken.php

Hope this helps you.

Upvotes: 3

Related Questions