Resetting Passwords

Most web applications provide a way for users to reset their forgotten passwords. Rather than forcing you to re-implement this on each application, Laravel provides convenient methods for sending password reminders and performing password resets.

Database Considerations

To get started, verify that your App\User model implements the Illuminate\Contracts\Auth\CanResetPassword contract. Of course, the App\User model included with the framework already implements this interface, and uses the Illuminate\Auth\Passwords\CanResetPassword trait to include the methods needed to implement the interface.

Generating The Reset Token Table Migration

Laravel includes Auth\ForgotPasswordController and Auth\ResetPasswordController classes that contains the logic necessary to e-mail password reset links and reset user passwords. All of the routes needed to perform password resets may be generated using the make:auth Artisan command:

  1. php artisan make:auth

Views

Again, Laravel will generate all of the necessary views for password reset when the make:auth command is executed. These views are placed in resources/views/auth/passwords. You are free to customize them as needed for your application.

After a password is reset, the user will automatically be logged into the application and redirected to /home. You can customize the post password reset redirect location by defining a redirectTo property on the ResetPasswordController:

Customization

Authentication Guard Customization

In your auth.php configuration file, you may configure multiple "guards", which may be used to define authentication behavior for multiple user tables. You can customize the included ResetPasswordController to use the guard of your choice by overriding the guard method on the controller. This method should return a guard instance:

  1. use Illuminate\Support\Facades\Auth;
  3. protected function guard()
  4. {
  5. }

Password Broker Customization

In your auth.php configuration file, you may configure multiple password "brokers", which may be used to reset passwords on multiple user tables. You can customize the included and ResetPasswordController to use the broker of your choice by overriding the broker method:

Reset Email Customization

  1. /**
  2.  * Send the password reset notification.
  3.  *
  4.  * @param  string  $token
  5.  * @return void
  6.  */
  7. public function sendPasswordResetNotification($token)
  8. {
  9.     $this->notify(new ResetPasswordNotification($token));