I am writing a test that ensures that the password reset functionality of my application works. The password reset system was created using the php artisan make:auth
command. In order to make the test pass I need to automate a GET request to /password/reset/{$token}
where $token
is the value stored in the password_resets
table. Laravel stores the token like this:
$2y$10$9grKb3c6.Toiv0kjUWbCUeT8Q8D.Fg2gZ/xDLGQUAkmdyHigmRkNW
but when Laravel sends the password reset email to the user, the reset token looks like this in the email:
382aa64567ecd05a774c2e4ebb199d3340a1424300707053354c749c10487594
.
My GET request to /password/reset/$2y$10$9grKb3c6.Toiv0kjUWbCUeT8Q8D.Fg2gZ/xDLGQUAkmdyHigmRkNW
fails due to the forward slash in the reset token. (Right after the 'g2gZ')
I tried using the helper function decrypt()
but had no luck.
How can I convert the password reset token I pull from the password_resets
table to match what Laravel sends to the user?
Not sure if this is relevant but I did upgrade my application from 5.3 to 5.4.
@ershakti Passwords are hashed, not encrypted. That means they can't be reversed into their plain text form. This is for security reasons.
You can get token from closure used for additional checks passed to Notification's assertSentTo method because $token
is a public property of standard ResetPassword
notification.
In your test:
Notification::fake();
$this->postJson('api/user/reset', ['email' => $user->email])
->assertStatus(200);
$token = '';
Notification::assertSentTo(
$this->user,
\Illuminate\Auth\Notifications\ResetPassword::class,
function ($notification, $channels) use (&$token) {
$token = $notification->token;
return true;
});
$this->postJson('api/user/resetting', [
'email' => $user->email,
'token' => $token,
'password' => '87538753',
'password_confirmation' => '87538753'
])
->assertStatus(200);
The token stored in the password_resets
table is hashed just like a normal password, so you can't reverse it to get the original token.
I suggest that you use the log
mail driver when running tests. Then the password reset email will be printed in plain text in the laravel log and you can grab the token from that.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With