Dorokhov.codes logo
terminal Contact
arrow_back
Back

Laravel password reset: forgot password flow and tokens

Andrew Dorokhov Andrew Dorokhov schedule 2 min read
menu_book Table of Contents

Password reset driver

There are two places where we can store password reset tokens:

  • database - password reset data is stored in a relational database.
  • cache - password reset data is stored in one of your cache-based stores.

When using the default database driver, a table must be created to store your application’s password reset tokens.

Typically, this is included in default’s migrations:

Schema::create('password_reset_tokens', function (Blueprint $table) {
    $table->string('email')->primary();
    $table->string('token');
    $table->timestamp('created_at')->nullable();
});

Model Preparation

Password reset notifications are sent using the notify() method, so our modal should use the Illuminate\Notifications\Notifiable trait.

The model should implement the Illuminate\Contracts\Auth\CanResetPassword contract.

namespace Illuminate\Contracts\Auth;

interface CanResetPassword
{
    /**
     * Get the e-mail address where password reset links are sent.
     *
     * @return string
     */
    public function getEmailForPasswordReset();

    /**
     * Send the password reset notification.
     *
     * @param  string  $token
     * @return void
     */
    public function sendPasswordResetNotification($token);
}

The App\Models\User model included with the framework already implements this interface (inherited from the parent Illuminate\Foundation\Auth\User class), and uses the Illuminate\Auth\Passwords\CanResetPassword trait to include the methods needed to implement the interface.

So everything we need to do is to add the ...implements CanResetPassword string to the model class.

Setting up routes

Route::get('/forgot-password', function () {
    return view('auth.forgot-password');
})->middleware('guest')->name('password.request');

Handling the Form Submission

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;

Route::post('/forgot-password', function (Request $request) {
    $request->validate(['email' => 'required|email']);

    $status = Password::sendResetLink(
        $request->only('email')
    );

    return $status === Password::ResetLinkSent
        ? back()->with(['status' => __($status)])
        : back()->withErrors(['email' => __($status)]);
})->middleware('guest')->name('password.email');

The Password Reset Form

This route will receive a token parameter that we will use later to verify the password reset request:

Route::get('/reset-password/{token}', function (string $token) {
    return view('auth.reset-password', ['token' => $token]);
})->middleware('guest')->name('password.reset');
code

Need Help with Development?

Happy to help — reach out via the contacts or go straight to my Upwork profile.

work View Upwork Profile arrow_forward