Resetting Passwords

Most web applications provide a way for users to reset their forgotten passwords. Rather than forcing you to re-implement this on each application, Laravel provides convenient methods for sending password reminders and performing password resets.

Database Considerations

To get started, verify that your App\User model implements the Illuminate\Contracts\Auth\CanResetPassword contract. The App\User model included with the framework already implements this interface, and uses the Illuminate\Auth\Passwords\CanResetPassword trait to include the methods needed to implement the interface.

Generating The Reset Token Table Migration

Laravel includes Auth\ForgotPasswordController and Auth\ResetPasswordController classes that contains the logic necessary to e-mail password reset links and reset user passwords. All of the routes needed to perform password resets may be generated using the laravel/ui Composer package:

  1. composer require laravel/ui --dev
  3. php artisan ui vue --auth

Views

To generate all of the necessary view for resetting passwords, you may use the Composer package:

These views are placed in resources/views/auth/passwords. You are free to customize them as needed for your application.

Once you have defined the routes and views to reset your user's passwords, you may access the route in your browser at /password/reset. The ForgotPasswordController included with the framework already includes the logic to send the password reset link e-mails, while the ResetPasswordController includes the logic to reset user passwords.

After a password is reset, the user will automatically be logged into the application and redirected to /home. You can customize the post password reset redirect location by defining a redirectTo property on the ResetPasswordController:

    Customization

    Authentication Guard Customization

    In your auth.php configuration file, you may configure multiple "guards", which may be used to define authentication behavior for multiple user tables. You can customize the included ResetPasswordController to use the guard of your choice by overriding the guard method on the controller. This method should return a guard instance:

    Password Broker Customization

    1. use Illuminate\Support\Facades\Password;
    3. /**
    4.  * Get the broker to be used during password reset.
    5.  *
    6.  * @return PasswordBroker
    7.  */
    8. public function broker()
    9. {
    10. }

    Reset Email Customization

    You may easily modify the notification class used to send the password reset link to the user. To get started, override the sendPasswordResetNotification method on your model. Within this method, you may send the notification using any notification class you choose. The password reset $token is the first argument received by the method: