Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Decrypt Laravel Password Reset Token

Tags:

php

unit-testing

laravel

laravel-5.4

laravel-5.3

I am writing a test that ensures that the password reset functionality of my application works. The password reset system was created using the php artisan make:auth command. In order to make the test pass I need to automate a GET request to /password/reset/{$token} where $token is the value stored in the password_resets table. Laravel stores the token like this:

$2y$10$9grKb3c6.Toiv0kjUWbCUeT8Q8D.Fg2gZ/xDLGQUAkmdyHigmRkNW

but when Laravel sends the password reset email to the user, the reset token looks like this in the email:

382aa64567ecd05a774c2e4ebb199d3340a1424300707053354c749c10487594.

My GET request to /password/reset/$2y$10$9grKb3c6.Toiv0kjUWbCUeT8Q8D.Fg2gZ/xDLGQUAkmdyHigmRkNW fails due to the forward slash in the reset token. (Right after the 'g2gZ')

I tried using the helper function decrypt() but had no luck.

How can I convert the password reset token I pull from the password_resets table to match what Laravel sends to the user?

Not sure if this is relevant but I did upgrade my application from 5.3 to 5.4.

like image 237
Denis Priebe Avatar asked Jan 25 '17 21:01

Denis Priebe

People also ask

Can you decrypt hash password in Laravel?

@ershakti Passwords are hashed, not encrypted. That means they can't be reversed into their plain text form. This is for security reasons.

2 Answers

You can get token from closure used for additional checks passed to Notification's assertSentTo method because $token is a public property of standard ResetPassword notification.

In your test:

Notification::fake();

$this->postJson('api/user/reset', ['email' => $user->email])
    ->assertStatus(200);

$token = '';

Notification::assertSentTo(
    $this->user,
    \Illuminate\Auth\Notifications\ResetPassword::class,
    function ($notification, $channels) use (&$token) {
        $token = $notification->token;

        return true;
    });

$this->postJson('api/user/resetting', [
    'email' => $user->email,
    'token' => $token,
    'password' => '87538753',
    'password_confirmation' => '87538753'
])
    ->assertStatus(200);
like image 81
pinguinjkeke Avatar answered Sep 30 '22 19:09

pinguinjkeke

The token stored in the password_resets table is hashed just like a normal password, so you can't reverse it to get the original token.

I suggest that you use the log mail driver when running tests. Then the password reset email will be printed in plain text in the laravel log and you can grab the token from that.

like image 21
BrokenBinary Avatar answered Sep 30 '22 20:09

BrokenBinary
Sign in to Comment

Related questions

Laravel Eloquent HasOne::$id Undefined Property
How to send multiple attachment in single mail in php
How to replace MySQL functions with PDO?
Retry a try/catch when it fails
cURL Download Zip File - " argument is not a valid File-Handle resource"
In a Laravel 5 Collection how do you return an array of objects instead of an array of arrays?
Send a JSON Object from Android to PHP server with POST method and HttpURLConnection
Split string at change of character
How do I install PDO drivers for PHP on Windows?
mysql server has gone away error during installing migration (laravel)
Cakephp with PHP7
Laravel custom command not working
Laravel Eloquent ORM - Nested with statements
composer create-project not installing Laravel 5.3
Laravel - Eloquent - Dynamically defined relationship
Flatten Array Result of Symfony Doctrine Array Result
PHP - Check if more than one condition is true in a given number of conditions
Notice: Only variables should be passed by reference [duplicate]
How to return array with true/false values comparing 2 arrays?
How to replace last comma in string with "and" using php?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!