【发布时间】:2019-09-18 14:25:04
【问题描述】:
目前重置密码背后的逻辑是用户必须提供有效/注册的电子邮件才能接收密码恢复电子邮件。
就我而言,出于安全考虑,我不想验证电子邮件是否已注册,我只想在后端进行检查并告诉用户“如果他提供了已注册的电子-邮件,他应该很快就会收到恢复电子邮件”。
我为实现这一目标所做的工作是在 vendor\laravel\framework\src\Illuminate\Auth\Passwords\PasswordBroker.php sendResetLink() 方法中编辑的:
/**
* Send a password reset link to a user.
*
* @param array $credentials
* @return string
*/
public function sendResetLink(array $credentials)
{
// First we will check to see if we found a user at the given credentials and
// if we did not we will redirect back to this current URI with a piece of
// "flash" data in the session to indicate to the developers the errors.
$user = $this->getUser($credentials);
if (is_null($user)) {
return static::INVALID_USER;
}
// Once we have the reset token, we are ready to send the message out to this
// user with a link to reset their password. We will then redirect back to
// the current URI having nothing set in the session to indicate errors.
$user->sendPasswordResetNotification(
$this->tokens->create($user)
);
return static::RESET_LINK_SENT;
}
到这里:
/**
* Send a password reset link to a user.
*
* @param array $credentials
* @return string
*/
public function sendResetLink(array $credentials)
{
// First we will check to see if we found a user at the given credentials and
// if we did not we will redirect back to this current URI with a piece of
// "flash" data in the session to indicate to the developers the errors.
$user = $this->getUser($credentials);
// if (is_null($user)) {
// return static::INVALID_USER;
// }
// Once we have the reset token, we are ready to send the message out to this
// user with a link to reset their password. We will then redirect back to
// the current URI having nothing set in the session to indicate errors.
if(!is_null($user)) {
$user->sendPasswordResetNotification(
$this->tokens->create($user)
);
}
return static::RESET_LINK_SENT;
}
这个硬编码选项不是最好的解决方案,因为它会在更新后消失.. 所以 我想知道如何在 App 文件夹内的项目范围内扩展或实施此更改 始终保持这种变化?
附:我已经尝试过这里提到的解决方案:Laravel 5.3 Password Broker Customization 但它不起作用.. 目录树也不同,我不明白在哪里放置新的 PasswordBroker.php 文件。
提前致谢!
【问题讨论】:
标签: php laravel laravel-5 laravel-5.8