I am working on a Laravel project. I was not the original developer, so if I make a mistake, forgive me and explain what it was please.
In this project, we have a module to request a new password. when the form is submited, the user is redirected to route('password.request')
which is, I believe, somewhere hidden in the framework.
The problem is that when the user gets it's new password, he is automaticaly logged in and can access the pages. But he is not supposed to because he does not have admin rights.
So I tried to logout and redirect the user to the main page, without any luck.
Can someone explain why is laravel (or "me", as they are some parts of the project I have not explored yet) doing that and how to fix this?
reset.blade.php (form to request new password)
form class="form-horizontal" role="form" method="POST" action="{{ route('password.request') }}">
{{ csrf_field() }}
<input type="hidden" name="token" value="{{ $token }}">
....
my custom logout route:
Route::get('/customLogout', 'Auth\LoginController@customLogout');
resetPasswordController.php
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
class ResetPasswordController extends Controller
{
/*
|--------------------------------------------------------------------------
| Password Reset Controller
|--------------------------------------------------------------------------
|
| This controller is responsible for handling password reset requests
| and uses a simple trait to include this behavior. You're free to
| explore this trait and override any methods you wish to tweak.
|
*/
use ResetsPasswords;
/**
* Where to redirect users after resetting their password.
*
* @var string
*/
protected $redirectTo = '/customLogout';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest');
}
}
method in LoginController.php
public function customLogout(){
//Session::flush();
return redirect()->route('/');
}
Ok, I (finnaly) found a way.
I overrided the function called "resetPassword" and deleted the login piece of code.
This function comes from the framework (can't remember the file, if someone could help on that :S ) I overrided the function in my ResetPasswordController.php
protected function resetPassword($user, $password)
{
$user->forceFill([
'password' => bcrypt($password),
'remember_token' => Str::random(60),
])->save();
//$this->guard()->login($user);
}
This make my password changing and redirect automaticaly to the main page.
Edit: Oh, and don't forget to add this in your includes:
use Illuminate\Support\Str;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With