有很多关于如何允许用户更改密码的帖子,但其中许多都是针对Laravel的旧版本。Laravel v7.x在2020年的正确方式是什么?
首先,让我们为用户创建一个表单
这个表格上的几个注意事项:
- 我保持表单尽可能简单以使其可读-CSRF令牌由form::open自动创建
-
您应该仅使用"password"作为字段名称,密码管理器应该自动填充该字段名称。一些答案建议使用"password"作为新的密码字段名称,这会产生非常糟糕的UX
{{Form::open(array('url' => '/account/change-password'))}} <input type="hidden" name="_token" value="{{ csrf_token() }}"> <div class="form-group"> <div class="row"> <div class="col"> <label for="password" class="control-label">Current Password</label> </div> <div class="col"> {{Form::password('password', array('id' => 'password', 'class' => 'form-control', 'placeholder' => 'Password'))}} </div> </div> </div> <div class="form-group"> <div class="row"> <div class="col"> <label for="new-password" class="control-label">New Password</label> </div> <div class="col"> {{Form::password('new-password', array('id' => 'new-password', 'class' => 'form-control', 'placeholder' => 'New Password'))}} </div> </div> </div> <div class="form-group"> <div class="row"> <div class="col"> <label for="new-password-confirmation" class="control-label">Re-enter Password</label> </div> <div class="col"> {{Form::password('new-password-confirmation', array('id' => 'new-password-confirmation', 'class' => 'form-control', 'placeholder' => 'Confirm Password'))}} </div> </div> </div> <div class="form-group"> <button type="submit" class="btn btn-danger">Change Password</button> </div> {{Form::close()}}
现在在要处理请求的控制器中,让我们更改密码
关于这个的几个注意事项:
- 我们验证密码不是通用密码-这里使用的列表不是详尽的(全部小写(,我建议您使用等于或超过最小长度的通用密码进行更新
- 说到最小长度,8个字符应该是你这个时代的起点
- 最后,不要验证密码确认的长度——它只会给你两个错误(因为它已经在做了(
- 最后,这不会审核密码更改。使用类似Laravel审计的东西,甚至只是发送一封电子邮件
Account.php
use IlluminateSupportFacadesAuth;
use IlluminateSupportFacadesHash;
use IlluminateSupportFacadesValidator;
use IlluminateValidationRule;
/**
* Change users password
*
* @param IlluminateHttpRequest $request
* @return IlluminateHttpRedirectResponse
*/
public function changePassword(Request $request)
{
if(Auth::Check())
{
$requestData = $request->All();
$validator = $this->validatePasswords($requestData);
if($validator->fails())
{
return back()->withErrors($validator->getMessageBag());
}
else
{
$currentPassword = Auth::User()->password;
if(Hash::check($requestData['password'], $currentPassword))
{
$userId = Auth::User()->id;
$user = User::find($userId);
$user->password = Hash::make($requestData['new-password']);;
$user->save();
return back()->with('message', 'Your password has been updated successfully.');
}
else
{
return back()->withErrors(['Sorry, your current password was not recognised. Please try again.']);
}
}
}
else
{
// Auth check failed - redirect to domain root
return redirect()->to('/');
}
}
/**
* Validate password entry
*
* @param array $data
* @return IlluminateContractsValidationValidator
*/
public function validatePasswords(array $data)
{
$messages = [
'password.required' => 'Please enter your current password',
'new-password.required' => 'Please enter a new password',
'new-password-confirmation.not_in' => 'Sorry, common passwords are not allowed. Please try a different new password.'
];
$validator = Validator::make($data, [
'password' => 'required',
'new-password' => ['required', 'same:new-password', 'min:8', Rule::notIn($this->bannedPasswords())],
'new-password-confirmation' => 'required|same:new-password',
], $messages);
return $validator;
}
/**
* Get an array of all common passwords which we don't allow
*
* @return array
*/
public function bannedPasswords(){
return [
'password', '12345678', '123456789', 'baseball', 'football', 'jennifer', 'iloveyou', '11111111', '222222222', '33333333', 'qwerty123'
];
}