我想实现的是,当我们创建一个用户时,他会收到一封登录邮件,其中包含一个链接,该链接仅在 6 小时左右有效。这还不够,在大多数情况下,我们必须手动为用户设置密码。
用户应有 3 天的时间创建其第一个密码。
但是,当用户单击忘记密码时,6 小时限制就足够了(因为这是他有意识地做的事情(。
这是我到目前为止所拥有的!
我们在用户控制器中的存储函数如下所示:
public function store(StoreUser $request)
{
...
DB::transaction(function () use ($request, $data) {
$roles = $request->input('roles');
$isInternal = $request->input('is_internal');
$customers = $request->input('customers', []);
/** @var User $user */
$user = $this->userRepository->create($data);
$user->assignRole($roles);
if ($isInternal == false && !empty($customers)) {
$user->customers()->sync($customers);
}
$token = app(PasswordBroker::class)->createToken($user);
$user->notify(new AccountActivationNotification($token));
});
return $this->respond()->success([], "User successfully created.");
}
我们的重置和遗忘功能:
public function reset(Request $request)
{
$request->validate([
'token' => 'required',
'email' => 'required|email',
'password' => 'required|confirmed|min:6',
]);
$credentials = $request->only('email', 'password', 'password_confirmation', 'token');
// Here we will attempt to reset the user's password. If it is successful we
// will update the password on an actual user model and persist it to the
// database. Otherwise we will parse the error and return the response.
$response = $this->passwordBroker->reset(
$credentials,
function ($user, $password) {
$user->password = $password;
$user->status = StatusesService::STATUS_ACTIVE;
$user->email_verified_at = now();
$user->save();
event(new PasswordReset($user));
}
);
return $response == $this->passwordBroker::PASSWORD_RESET
? $this->respond()->success()
: $this->respond()->validationFailed(trans($response));
}
public function forgot(Request $request)
{
$request->validate([
'email' => 'required|email',
]);
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$response = $this->passwordBroker->sendResetLink(
$request->only('email')
);
return $response == $this->passwordBroker::RESET_LINK_SENT
? $this->respond()->success([], "Your password has been reset, please check your inbox.")
: $this->respond()->validationFailed(trans($response));
}
我们已经在 config/auth.php 中设置了两种不同的配置:
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 4320, //3 days
],
'users_fpassword' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 1440, //6 hours
],
],
我们可以做些什么来根据帖子开头描述的情况在config/auth.php中的配置之间动态更改?
我认为您正在寻找的是如何在 Laravel 中动态设置配置值,您可以使用 Laravel 辅助功能轻松完成此操作。
config(['auth.passwords.users.expire' => 120]);
因此,在配置文件中将其设置为默认的6小时到期时间。
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 1440, //6 hrs
],
],
在控制器功能中只需添加一行
public function store(StoreUser $request)
{
...
DB::transaction(function () use ($request, $data) {
$roles = $request->input('roles');
$isInternal = $request->input('is_internal');
$customers = $request->input('customers', []);
/** @var User $user */
$user = $this->userRepository->create($data);
$user->assignRole($roles);
if ($isInternal == false && !empty($customers)) {
$user->customers()->sync($customers);
}
config(['auth.passwords.users.expire' => 4320]);
$token = app(PasswordBroker::class)->createToken($user);
$user->notify(new AccountActivationNotification($token));
});
return $this->respond()->success([], "User successfully created.");
}
我认为,对您来说更好的解决方案是:
- 通过添加
expire_at等字段来更改password_resets表的方案,该字段存储令牌的到期时间。 - 创建自己的
TokenRepository(实现IlluminateAuthPasswordsTokenRepositoryInterface(。在它内部实现所有逻辑:在令牌创建填充expire_at字段时,在令牌检查时 - 验证它的到期时间是否晚于现在。 - 通过添加自己的方法扩展
PasswordBroker,该方法允许您将新的令牌生存期传递给令牌存储库。
您可以在config/auth 中添加另一个密码重置配置.php例如:
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
'invites' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 1440,
],
],
稍后可以在控制器中使用,例如:
if (!app('auth.password')->broker('invites')->tokenExists($user, $request->input('token'))) {
return redirect()->back()->withInput();
}
好吧,根据您的需要进行调整。我在 laravel 6.x 上对此进行了测试,它工作正常。