不必要的验证规则应用于密码重置 [英] Unwanted validation rule being applied on password reset

问题描述

我正在尝试使用Laravel身份验证的密码重置功能.在我的ResetPasswordController中运行 make:auth 命令之后，我将Illuminate \ Foundation \ Auth \ ResetsPasswords特征的规则功能覆盖如下:

I'm trying to use the password reset ability of Laravel's authentication. After running make:auth command, inside my ResetPasswordController, I have overridden rules function of Illuminate\Foundation\Auth\ResetsPasswords trait as the following:

protected function rules()
{
    return [
        'token' => 'required',
        'email' => 'required|email',
        'password' => 'required|confirmed|min:4',    
    ];
}

因此，我试图将最小长度值更改为4.但是，当我尝试重置密码时，仍将应用至少8个字符的规则，而不是4个字符.这是laravel在同一文件中的重置功能:

So, I am trying to change the minimum length value to 4. But when I try to reset my password, a rule of minimum of 8 characters is still being applied instead of 4. Here is the reset function of laravel in the same file:

public function reset(Request $request)
{
    $request->validate($this->rules(), $this->validationErrorMessages());

    // Here we will attempt to reset the user's password. If it is successful we
    // will update the password on an actual user model and persist it to the
    // database. Otherwise we will parse the error and return the response.
    $response = $this->broker()->reset(
        $this->credentials($request), function ($user, $password) {
            $this->resetPassword($user, $password);
        }
    );

    // If the password was successfully reset, we will redirect the user back to
    // the application's home authenticated view. If there is an error we can
    // redirect them back to where they came from with their error message.
    return $response == Password::PASSWORD_RESET
                ? $this->sendResetResponse($request, $response)
                : $this->sendResetFailedResponse($request, $response);
}

返回的 $ response 是Illuminate \ Support \ Facades \ Password :: INVALID_PASSWORD.我不明白这条规则是从哪里来的.实际上，验证行为是这样的:当我输入少于4个字符时，将应用我自己的规则(正确).但是，根据其他规则，输入4到少于8个字符也是错误的.

And the $response being returned is Illuminate\Support\Facades\Password::INVALID_PASSWORD. I don't understand where this rule is coming from. Actually the validation behavior is like this: When I enter less than 4 characters, my own rule is applied (correctly). However, entering 4 to less than 8 characters is also an error by some other rule.

推荐答案

返回错误的原因是因为 PasswordBroker 要求密码的最小长度为8个字符，因此即使尽管您的表单验证已通过，但 PasswordBroker 中的验证未通过.

The reason that you're getting the error back is because the PasswordBroker expects a password with a minimum length of 8 characters so even though your form validation is passing, the validation in the PasswordBroker isn't.

解决此问题的一种方法是在 ResetPasswordController 中重写 broker()方法，并将您自己的验证器传递给它:

One way to get around this would be to override the broker() method in your ResetPasswordController and pass your own validator to it:

public function broker()
{
    $broker = Password::broker();

    $broker->validator(function ($credentials) {
        return $credentials['password'] === $credentials['password_confirmation'];
    });

    return $broker;
}

以上内容与 PasswordBroker 本身的操作基本相同，只是也没有对字符串长度进行检查.

The above is essentially the same as what's going on in the PasswordBroker itself, just without the string length check as well.

别忘了将 Password 门面导入到您的控制器中:

Don't forget to import the Password facade into your controller:

use Illuminate\Support\Facades\Password;

---

这不是必需的，但出于良好的考虑，我建议您也更新 resources/lang/zh-cn/passwords.php 文件中的 password 错误消息

这篇关于不必要的验证规则应用于密码重置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！