避免“自动登录"重置密码时 [英] Avoid "auto login" when password is reset

问题描述

我正在研究Laravel项目.我不是最初的开发人员，因此，如果我犯了一个错误，请原谅并解释它的含义.

I am working on a Laravel project. I was not the original developer, so if I make a mistake, forgive me and explain what it was please.

在此项目中，我们有一个模块来请求新密码.提交表单后，用户将被重定向到 route('password.request')，我相信这是隐藏在框架中的某个地方.

In this project, we have a module to request a new password. when the form is submited, the user is redirected to route('password.request') which is, I believe, somewhere hidden in the framework.

问题在于，当用户获得新密码后，他将自动登录并可以访问页面.但是他不应该这样做，因为他没有管理员权限.

The problem is that when the user gets it's new password, he is automaticaly logged in and can access the pages. But he is not supposed to because he does not have admin rights.

因此，我尝试注销用户并将其重定向到主页，但是没有任何运气.

So I tried to logout and redirect the user to the main page, without any luck.

有人可以解释为什么laravel(或我"，因为它们是我尚未探索的项目的某些部分)为什么这样做以及如何解决此问题?

Can someone explain why is laravel (or "me", as they are some parts of the project I have not explored yet) doing that and how to fix this?

reset.blade.php(用于请求新密码的表单)

reset.blade.php (form to request new password)

form class="form-horizontal" role="form" method="POST" action="{{ route('password.request') }}">
    {{ csrf_field() }}

    <input type="hidden" name="token" value="{{ $token }}">
....

我的自定义登出路线:

Route::get('/customLogout', 'Auth\LoginController@customLogout');

resetPasswordController.php

resetPasswordController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;

class ResetPasswordController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Password Reset Controller
    |--------------------------------------------------------------------------
    |
    | This controller is responsible for handling password reset requests
    | and uses a simple trait to include this behavior. You're free to
    | explore this trait and override any methods you wish to tweak.
    |
    */

    use ResetsPasswords;

    /**
     * Where to redirect users after resetting their password.
     *
     * @var string
     */
    protected $redirectTo = '/customLogout';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
    }
}

LoginController.php中的方法

method in LoginController.php

public function customLogout(){
        //Session::flush();       
        return redirect()->route('/');
            }

推荐答案

好，我(终于)找到了一种方法.

Ok, I (finnaly) found a way.

我重写了名为"resetPassword"的功能，并删除了登录代码.

I overrided the function called "resetPassword" and deleted the login piece of code.

此函数来自框架(如果有人可以帮助该文件，则不记得该文件了:S)我在ResetPasswordController.php中覆盖了该函数

This function comes from the framework (can't remember the file, if someone could help on that :S ) I overrided the function in my ResetPasswordController.php

protected function resetPassword($user, $password)
    {
        $user->forceFill([
            'password' => bcrypt($password),
            'remember_token' => Str::random(60),
        ])->save();

        //$this->guard()->login($user);
    }

这使我的密码更改并自动重定向到主页.

This make my password changing and redirect automaticaly to the main page.

哦，别忘了将其添加到您的包含文件中:

Oh, and don't forget to add this in your includes:

use Illuminate\Support\Str;

这篇关于避免“自动登录"重置密码时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！