在Laravel 4.2中重置没有令牌的密码 [英] Reset password without token in Laravel 4.2

问题描述

我是Laravel 4的新手.

I'm new to Laravel 4.

想知道以管理员身份登录后是否可以重置用户密码.在那种情况下，我不需要令牌来允许更改密码，就像当用户收到一封电子邮件来更改她的密码时一样.我在ReminderController类的postReset方法中鼓舞了自己:

Want to know if I can reset the password of users, when logged as administrator. In that case I don't need a token to allow to change password as when the user receives an email to change her password. I'am inspiring myself in ReminderController class postReset method:

/**
 * Handle a POST request to reset a user's password.
 *
 * @return Response
 */
public function postReset()
{
    $credentials = Input::only(
        'email', 'password', 'password_confirmation', 'token'
    );

    $response = Password::reset($credentials, function ($user, $password) {
        $user->password = Hash::make($password);

        $user->save();

        Auth::login($user);
    });

    switch ($response) {
        case Password::INVALID_TOKEN:
            return Redirect::to('/login')->with('error', Lang::get($response));
        case Password::INVALID_PASSWORD:
        case Password::INVALID_USER:
            return Redirect::back()->with('error', Lang::get($response));

        case Password::PASSWORD_RESET:
            return Redirect::to('/')->with('message', Lang::get($response));
    }
}

但是在调用Password::reset时，此方法处理$credetials变量中的token string.波纹管是更新用户数据的方法.

But this method deal with token string in $credetials variable when calling Password::reset. Bellow is the method that updates the user data.

public function update($colaborador)
{
      $credentials = Input::only(
        'nome_completo', 'email', 'password', 'password_confirmation', 'token'
    );
    $emailGestor = Input::get('email-gestor');
    $enviarEmail = Input::get('enviar-email');
    $user        = $colaborador->user;

    if (User::where('email', $email)->where('id', '!=', $user->id)->count() > 0) {
        $mensagem = 'O endereço de e-mail ' . $email . ' já está sendo utilizado.';
    } else  {
        $response = Password::reset($credentials, function ($credentials, $user, $password, $enviarEmail) {
            $user->nome_completo = $credentials['nome_completo'];
            $user->email = $credentials['email'];
            $user->password = Hash::make($password);

            $user->save();
            $mensagem = 'Colaborador alterado.';

            if ($enviarEmail == 1) {
                PrimeiroAcesso::remind(['email' => $email], function ($msg) {
                    $msg->subject('Assessment – Mapeamento de Competências Funcionais Natura');
                });
                $mensagem .= ' E-mail de primeiro acesso enviado.';
            }
        });

        switch ($response) {
            case Password::INVALID_TOKEN:
                $mensagem = 'Token inválido.'; break;
            case Password::INVALID_PASSWORD:
                $mensagem = 'Senha inválida.'; break;
            case Password::INVALID_USER:
                $mensagem = 'Nome de usuário inválido'; break;
            default: break;
        }
    }

    if ($emailGestor == '' && $colaborador->gestor) {
        $colaborador->gestor()->dissociate();
        $colaborador->save();
        $mensagem .= ' Gestor removido.';
    } else {
        $gestor = User::with('colaborador')->where('email', $emailGestor)->first();

        if ($gestor) {
            $colaborador->gestor()->associate($gestor->colaborador);
            $colaborador->save();
            $mensagem .= ' Gestor alterado para ' . $emailGestor . '.';
        }
    }

    return Redirect::route('admin.colaborador.index')->with('flash_message', $mensagem);
}

在

$credentials = Input::only(
            'nome_completo', 'email', 'password', 'password_confirmation', 'token'
        );

我从视图中的表单中获得token.

I get token from the form in the view.

推荐答案

在Illuminate\Auth\Reminders\PasswordBroker中找到的reset方法需要额外的token参数作为凭据数组的一部分，因为它需要删除如果重置成功，则password_reminders表中的相应条目.因此，如果该表中没有匹配的token条目，则将无法使用该方法，因为您将得到INVALID_TOKEN响应.

The reset method which is found in Illuminate\Auth\Reminders\PasswordBroker requires the extra token parameter to be part of the credentials array, because it needs to delete the corresponding entry from the password_reminders table if the reset is successful. So without a matching token entry within that table, you would not be able to use that method because you'd be getting a INVALID_TOKEN response.

话虽这么说，这里有2种选择:

That being said, there are 2 options here:

1. 在使用Password::reset
之前，您需要创建一个新令牌.
2. 手动更新给定用户的密码

1. You create a new token before you use Password::reset
2. Update the password for the given user manually

我个人只使用第二个，因为它更容易，并且跳过了将令牌保存到数据库的额外步骤，只是在密码重置后将其删除，所有这些都在同一请求之内.

I'd personally just use the second because it's easier and it skips the extra step of saving a token to the database, just to delete it after the password is reset, all within the same request.

这应该做的事情很简单(当然，您可以扩展它以满足您的个人需求):

Something as simple as this should do (of course you can extend this to fit your indiviual needs):

// Get the request parameters
list($name, $email, $password, $passwordConfirmation) = Input::only('nome_completo', 'email', 'password', 'password_confirmation');

// Search for a user matching the email address
$user = User::where('email', $email)->first();

// Go ahead if a user matching that email was found
if ( ! is_null($user))
{
    // Check if the password and password confirmation match
    // NOTE: you can do additional validations here if needed
    if ($password == $passwordConfirmation)
    {
        $user->nome_completo = $name;
        $user->password = Hash::make($password);
        $user->save();
    }
}

这篇关于在Laravel 4.2中重置没有令牌的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！