CODEWITHSUNDEEP
phplaravel
Aleksei Mikhaltsov
Aleksei Mikhaltsov

Reputation: 1

Laravel - The token field is required while reset password

I update laravel 5.2.4 to 5.6. While fixing some bugs I got error while password reset - "The token field is required."

I use parameter in forms - @csrf

                    <form class="form-horizontal" role="form" method="POST" action="{{ url('/password/email') }}">

            @csrf

                        <div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
                            <label class="col-md-4 control-label">E-Mail Address</label>

                            <div class="col-md-6">
                                <input type="email" class="form-control" name="email" value="{{ old('email') }}">

                                @if ($errors->has('email'))
                                    <span class="help-block">
                                        <strong>{{ $errors->first('email') }}</strong>
                                    </span>
                                @endif
                            </div>
                        </div>

                        <div class="form-group">
                            <div class="col-md-6 col-md-offset-4">
                                <button type="submit" class="btn btn-primary">
                                    <i class="fa fa-btn fa-envelope"></i>Send Password Reset Link
                                </button>
                            </div>
                        </div>
                    </form>

In routes

    Route::get('password/reset/{token?}', 'Auth\PasswordController@showResetForm');
    Route::post('password/email', 'Auth\PasswordController@sendResetLinkEmail');
    Route::post('password/reset', 'Auth\PasswordController@reset');

PasswordController:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Http\Request;

/**
 * @property string linkRequestView
 * @property string resetView
 */
class PasswordController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset requests
    | and uses a simple trait to include this behavior. You're free to
    | explore this trait and override any methods you wish to tweak.
    |
    */
    use ResetsPasswords;

    /**
     * Create a new password controller instance.
     *
     * @param Request $request
     */
    public function __construct(Request $request)
    {
        $this->middleware('guest');
        $this->linkRequestView = 'auth.passwords.email';
        $this->resetView = 'auth.passwords.reset';
        if (strpos($request->path(), 'ex') === 0) {
            $this->linkRequestView = 'ex.auth.passwords.email';
            $this->resetView = 'ex.auth.passwords.reset';
        }
    }
}

What I must change to solve this problem? When I see html code on page - token field exist "_token" but when I submit - token required.

Upvotes: 0

Views: 2653

Answers (3)

JohnDoe
JohnDoe

Reputation: 1

For anyone coming across this, I found the problem.

In your App\Providers\FortifyServiceProvider.php make sure you have this:

Fortify::resetPasswordView(function ($request) {
    return view('auth.reset-password', ['request' => $request]);
});

In your auth.reset-password.blade.php make sure you have:

<form class="form" action="{{ route('password.update') }}" method="POST">

@csrf

<input type="hidden" name="token" value="{{ $request->route('token') }}">

Key thing here is $request->route('token')

Took me hours trying to find figure that out!

Thank you

Upvotes: 0

doulos
doulos

Reputation: 61

In my case (Laravel 7.x) i was missing the csrf token and the password reset token so when i put both it work correctly:

<form action="{{ route('password.update') }}" method="post">
  @csrf
    <input type="hidden" name="token" value="{{ $token }}">
    ...

Upvotes: 0

STA
STA

Reputation: 34688

You need the csrf token by having this inside your form element :

<input type="hidden" name="token" value="{{ csrf_token() }}">

If avobe method fail then give the token value as :

<input type="hidden" name="token" value="{{ $token }}">

Upvotes: 3

Related Questions