CODEWITHSUNDEEP
laravelpasswords
Sai Krishna
Sai Krishna

Reputation: 557

Laravel - I keep getting 'This password reset token is invalid' when I try to reset password

this is my config/auth.php

 'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,
        ],
        'customers' => [
            'provider' => 'customers',
            'table' => 'customer_password_resets',
            'expire' => 120,
        ],
        'admin' => [
            'provider' => 'admins',
            'table' => 'admin_password_resets',
            'expire' => 60,
        ],
    ],

when trying to reset customer password , I get the error 'This token is invalid".

This is my ResetsPassword.php -> reset()

 public function reset(Request $request)
    {
        $this->validate($request, $this->rules(), $this->validationErrorMessages());


        $response = $this->broker()->reset(
            $this->credentials($request), function ($user, $password) {
                $this->resetPassword($user, $password);
            }
        );


        return $response == Password::PASSWORD_RESET
                    ? $this->sendResetResponse($response)
                    : $this->sendResetFailedResponse($request, $response);
    }

Here is the password reset request: password reset request

Upvotes: 1

Views: 4317

Answers (1)

matticustard
matticustard

Reputation: 5149

A password reset token must be generated prior to posting to the password.update route. Typically, this occurs when the user enters their email address into a form before being sent a password reset link.

For a custom implementation, you may need to generate the token manually.

use Illuminate\Auth\Passwords\PasswordBroker;

// insert a token record into the password reset table
$token = app(PasswordBroker::class)->createToken($customer);

EDIT: The token is returned from the broker as an unhashed value, while at the same time, it is stored in the database as a hashed value. Make sure the unhashed token value is being submitted to the reset() method as the parameter token with no underscore, unlike the CSRF _token.

Also, your Customer model must extend Authenticatable.

class Customer extends Authenticatable
{
    // ...
}

Upvotes: 3

Related Questions