Laravel 5.4:密码重置令牌自定义长度? [英] Laravel 5.4: Password reset token custom length?

问题描述

我正在使用laravel 5.4构建API，在该API中，如果用户验证了密码重置，我会通过电子邮件向用户发送令牌，该密码在重置密码之前由用户提供.当前发送的令牌有64个字符，太大了，用户无法抓取，我不确定laravel是否已配置为令牌赋予自定义长度?

I am using laravel 5.4 building an API where I email the user a token on password reset if user verified, which user provides before resetting password. Currently the sent token has 64 characters and too large for user to grab, and I'm not sure if laravel has configuration to give a custom length to token?

推荐答案

解决方案有些棘手，请尝试尽可能清楚地解释该过程:

The solution is a little bit tricky, ill try to explain the procedure as clearly as possible:

步骤1-扩展标准的DatabaseTokenRepository

创建一个扩展Illuminate\Auth\Passwords\DatabaseTokenRepository的类，以定义新的令牌创建策略.

Create a class that extends Illuminate\Auth\Passwords\DatabaseTokenRepository in order to define a new token creation policy.

<?php

namespace App\Auth\Passwords;

use Illuminate\Auth\Passwords\DatabaseTokenRepository;

class CustomDatabaseTokenRepository extends DatabaseTokenRepository
{

    // Overrides the standard token creation function
    public function createNewToken()
    {
        retrun substr(parent::createNewToken(), 0, 30);
    }

}

我刚刚将Laravel生成的令牌缩减为30个字符，随时可以实现自己的令牌生成例程.

I've just trimmed the token generated by Laravel down to 30 chars, feel free to implement your own token generation routine.

第2步-扩展标准的PasswordBrokerManager

现在，您必须告诉PasswordBrokerManager使用令牌存储库而不是标准存储库.为此，您必须扩展类Illuminate\Auth\Passwords\PasswordBrokerManager.

Now you have to tell the PasswordBrokerManager to use your token repository instead of the standard one. In order to do so you have to extend the class Illuminate\Auth\Passwords\PasswordBrokerManager.

<?php

namespace App\Auth\Passwords;

use Illuminate\Auth\Passwords\PasswordBrokerManager;

class CustomPasswordBrokerManager extends PasswordBrokerManager
{

    // Override the createTokenRepository function to return your
    // custom token repository instead of the standard one
    protected function createTokenRepository(array $config)
    {
        $key = $this->app['config']['app.key'];

        if (Str::startsWith($key, 'base64:')) {
            $key = base64_decode(substr($key, 7));
        }

        $connection = isset($config['connection']) ? $config['connection'] : null;

        return new CustomDatabaseTokenRepository(
            $this->app['db']->connection($connection),
            $this->app['hash'],
            $config['table'],
            $key,
            $config['expire']
        );
    }

}

步骤3-扩展标准PasswordResetServiceProvider

STEP 3 - Extend the standard PasswordResetServiceProvider

现在，您必须扩展标准的Illuminate\Auth\Passwords\PasswordResetServiceProvider，以告诉Laravel实例化您的CustomPasswordBrokerManager.

Now you have to extend the standard Illuminate\Auth\Passwords\PasswordResetServiceProvider in order to tell Laravel to instantiate your CustomPasswordBrokerManager.

<?php

namespace App\Auth\Passwords;

use Illuminate\Auth\Passwords\PasswordResetServiceProvider;

class CustomPasswordResetServiceProvider extends PasswordResetServiceProvider
{

    // Override the method registerPasswordBroker
    // in order to specify your customized manager
    protected function registerPasswordBroker()
    {
        $this->app->singleton('auth.password', function ($app) {
            return new CustomPasswordBrokerManager($app);
        });

        $this->app->bind('auth.password.broker', function ($app) {
            return $app->make('auth.password')->broker();
        });
    }
}

步骤4-最后一步，替换config/app.php

STEP 4 - Final step, replace the provider in config/app.php

在providers键下，在config/app.php文件中注释以下行:

Comment out the following line in your config/app.php files under the providers key:

// Illuminate\Auth\Password\PasswordResetServiceProvider::class,

并在下面添加以下行:

App\Auth\Passwords\CustomPasswordResetServiceProvider::class,

注意事项

进行此类操作时要小心，令牌定义为hash_hmac('sha256', Str::random(40), $this->hashKey)，其中$this->hasKey是env('APP_KEY).这用于确保在生成密码重置令牌时不会发生冲突.建议您研究一种安全的方法来安全地减少令牌长度.

Be careful when doing such things, the token is defined as hash_hmac('sha256', Str::random(40), $this->hashKey) where $this->hasKey is env('APP_KEY). This is used to ensure that no collision will occur when generating password reset tokens. I suggest you to investigate a secure method to reduce your token length securely.

这篇关于Laravel 5.4:密码重置令牌自定义长度?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！