Laravel 5 如何检查密码重置令牌是否已过期
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32968862/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel 5 How to check password reset token if it has expired or not
提问by Dexter Bengil
I'm developing a web app using Laravel 5, I used Laravel's make:authscaffolding. I was able to send a password reset link with a token, which works well on my end. I have this kind of url after clicking on the reset link: http://example.com/password/reset/{reset_token}.
Now, on my auth.resetblade file, I want to check first if the {reset_token}has already expired because it seems in the 60 minutes expiration time at config.auth.php, it doesn't seem to automatically remove expired tokens. So, I'm trying to make a manual function to check if reset token is still valid with this:
我正在使用 Laravel 5 开发 Web 应用程序,我使用了 Laravel 的make:auth脚手架。我能够使用令牌发送密码重置链接,这对我来说效果很好。单击重置链接后,我有这种网址:http://example.com/password/reset/{reset_token}。现在,在我的auth.reset刀片文件中,我想首先检查 是否{reset_token}已经过期,因为它似乎在 60 分钟的过期时间内config.auth.php,它似乎不会自动删除过期的令牌。所以,我正在尝试制作一个手动功能来检查重置令牌是否仍然有效:
function validateReminderToken($token)
{
// I want to add some filter here like
// if (tokenExpired($token)) return false;
$res = DB::table('password_resets')->where('token', $token)->get();
if (empty($res) || $res === null) {
return false;
}
$res = $res[0];
return $res->email;
}
How can I do it? Is there some built-in way of checking if the token has expired? Thanks.
我该怎么做?是否有一些内置的方法来检查令牌是否已过期?谢谢。
回答by Mithredate
Use the created_atto check if a certain duration has passed from the time of insertion. For example you can do like so :
使用created_at来检查从插入时起是否已经过了特定的持续时间。例如你可以这样做:
$token = DB::table('password_resets')
->where('token','=',$token)
->where('created_at','>',Carbon::now()->subHours(2))
->first();
Then check if the token exists.
然后检查令牌是否存在。
回答by Eleazar Resendez
To verify if the reset token has expired, simply check the Laravel function tokenExpired ($created_at, $token)
要验证重置令牌是否已过期,只需检查 Laravel 函数 tokenExpired ($created_at, $token)
This function only executes the following:
该函数仅执行以下操作:
return Carbon::parse($createdAt)->addSeconds($this->expires)->isPast();
return Carbon::parse($createdAt)->addSeconds($this->expires)->isPast();
e.g.
例如
$created_at = DB::table('password_resets')->first()['created_at'];
// => 2018-01-08 09:59:26
// Carbon::now();
// => 2018-01-08 11:03:05
Carbon::parse($created_at)->addSeconds(config('auth.passwords.users.expire'*60))->isPast()
// => true (with an expiration setting of 1 hour)
回答by user991
On >= Laravel 5.4
在 >= Laravel 5.4
$reminder = Reminder::where('email', $user->email)->first();
if (! $reminder or ! Hash::check($resetToken, $reminder->token)) {
// Return 404, as Reminder was not found
return $this->respondNotFound();
}
Where Reminderis password_resetsEloquent Model ( by default in laravel: password_resets)
哪里Reminder是password_resets雄辩模型(默认情况下laravel: password_resets)
回答by alex.dev
Alternative way - is to call artisan command auth:clear-resets
另一种方法 - 是调用工匠命令 auth:clear-resets
