CODEWITHSUNDEEP
phplaravelauthenticationencryptionforgot-password
gbalduzzi
gbalduzzi

Reputation: 10176

Send reset link with Laravel Auth and encrypted user table

I have a laravel 5.4 installation and I always used the default Laravel Authentication guard to handle user authentication and, mainly, the password restore process.

Now I had to encrypt the email in the users table using the Elocryptfive library, so I also added email_hash field where the hash of the mail is stored in the db in order to easily retrieve users by their email.

I can easily authenticate users using the hash:

Auth::attempt([
    'email_hash' => hash('sha256', $request->get('email')), 
    'password' => $request->get('password')]
, $remember);

What I can't get working is the password reset process. Is there a class to override in order to retrieve users by email_hash, then access the decrypted email and send the mail, without rewriting the whole password forgotten process?

Upvotes: 0

Views: 2449

Answers (1)

gbalduzzi
gbalduzzi

Reputation: 10176

I found a way to achieve this. I will answer my own question to provide a useful solution if someone else needs some help on the topic:

In your ForgotPasswordController.php, override the sendResetLinkEmail function:

/**
 * Send a reset link to the given user.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\RedirectResponse
 */
public function sendResetLinkEmail(Request $request)
{
    $this->validateEmail($request);

    $hashed = hash('sha256', $request->get('email'));
    $user = User::where('email_hash', $hashed)->first();

    if (!is_null($user)) {
        $response = Password::sendResetLink(
            ['email_hash' => $hashed]
        );
    } else {
        $response = Password::INVALID_USER;
    }

    return $response == Password::RESET_LINK_SENT
        ? $this->sendResetLinkResponse($response)
        : $this->sendResetLinkFailedResponse($request, $response);
}

In your ResetPasswordController.php, override the credentials function:

/**
 * Get the password reset credentials from the request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return array
 */
protected function credentials(Request $request)
{
    return [
        'email_hash' => hash('sha256', $request->get('email')),
        'password' => $request->get('password'),
        'password_confirmation' => $request->get('password_confirmation'),
        'token' => $request->get('token')
    ];
}

Thanks to Mike Rodham for pointing out the right direction, I hope it helps someone.

Upvotes: 1

Related Questions