This password reset token is invalid while trying to reset password in laravel

Question

I am having issue in my password reset and i am getting the error of this password reset token is invalid i am unable to solve this issue:

My Controller:

class ResetPasswordController extends Controller
{
    use ResetsPasswords;
}

My Routes:

\Illuminate\Support\Facades\Auth::routes();

Route::get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm');
Route::post('password/reset', 'Auth\ResetPasswordController@reset')->name('password.request');

And my View:

<form class="form-horizontal" method="POST" action="{{ route('password.request') }}">
    {{ csrf_field() }}
    <input type="hidden" name="token" value="{{ $token }}">
    <div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
        <label for="email" class="col-md-4 control-label">E-Mail Address</label>
        <div class="col-md-6">
            <input id="email" type="email" class="form-control" name="email" value="{{ $email or old('email') }}" required autofocus>
            @if ($errors->has('email'))
                <span class="help-block">
                    <strong>{{ $errors->first('email') }}</strong>
                </span>
            @endif
        </div>
    </div>
    <div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
        <label for="password" class="col-md-4 control-label">Password</label>
        <div class="col-md-6">
            <input id="password" type="password" class="form-control" name="password" required>
            @if ($errors->has('password'))
                <span class="help-block">
                    <strong>{{ $errors->first('password') }}</strong>
                </span>
            @endif
        </div>
    </div>
    <div class="form-group{{ $errors->has('password_confirmation') ? ' has-error' : '' }}">
        <label for="password-confirm" class="col-md-4 control-label">Confirm Password</label>
        <div class="col-md-6">
            <input id="password-confirm" type="password" class="form-control" name="password_confirmation" required>
            @if ($errors->has('password_confirmation'))
                <span class="help-block">
                    <strong>{{ $errors->first('password_confirmation') }}</strong>
                </span>
            @endif
        </div>
    </div>
    <div class="form-group">
        <div class="col-md-6 col-md-offset-4">
            <button type="submit" class="btn btn-primary">
                Reset Password
            </button>
        </div>
    </div>
</form>

I have also added the screen shot of my error please have a look on it also and solution will be highly appreciated!

Answer 1

You should also check which hash function you are using while registering the user, if the hash function for storing the user password while resetting is different from the one used to login the user you might recieve this error. In my case one was using bcrypt and one was using Hash::make

Answer 2

In my case, the issue was the users table. I created the users table manually with my custom fields prior to installing laravel breeze and added the breeze required fields manually to table. I did not used breeze migration. That caused the issue.

Now I run breeze migration to create users table and then added my custom fields manually. It solved the issue.

Answer 3

I had a different issue.

My passwords configuration in auth.php looks like this:

'passwords' => [
    'users' => [
        'provider' => 'users',
        'table' => 'password_resets',
        'expire' => env('AUTH_PASSWORD_EXPIRE')
    ],
],

But I forgot to configure the AUTH_PASSWORD_EXPIRE .env variable on my live server.

Answer 4

I got this issue resolved by running migrations. The password reset token column had the wrong type. It was not storing token correctly due to the wrong charset/collation of the column. Run migration and it should be fine.

or maybe your reset password form does not contain an input for email

Answer 5

I has solved this problem with Laravel 7.x. I think Laravel 6.x is the same!

1. I create a variable $token = Str::random(64);
2. Next I create a record in password_resets table with value of token is: bcrypt($token)
   ( bcrypt() is function create password when you seed database)
3. Finally, link you send to email is origin $token

Answer 6

Because your token is incorrect, it should be a string length of 64 characters and look like this:

a8935edacb0711a304395c1f58979b545b4a636387053de6012e73048e5a60d2

And in your password_resets table in your database, it should be encrypted and look like this:

$2y$10$YOdbMZk2N7xLsfXZIuMIv.ZayZQCB21L.GXVPdtt/WMOO1hJL7enO

---

Change your MAIL_DRIVER= to log, truncate password_resets table (if on local), then do another password reset, then check your logs to read the email and see what the password reset token is. Copy and paste that url in your browser and see if you still get that error then we take it from there. :)