I'm developing a web app using Laravel 5, I used Laravel's make:auth scaffolding. I was able to send a password reset link with a token, which works well on my end. I have this kind of url after clicking on the reset link: http://example.com/password/reset/{reset_token}. Now, on my auth.reset blade file, I want to check first if the {reset_token} has already expired because it seems in the 60 minutes expiration time at config.auth.php, it doesn't seem to automatically remove expired tokens. So, I'm trying to make a manual function to check if reset token is still valid with this:
function validateReminderToken($token)
{
// I want to add some filter here like
// if (tokenExpired($token)) return false;
$res = DB::table('password_resets')->where('token', $token)->get();
if (empty($res) || $res === null) {
return false;
}
$res = $res[0];
return $res->email;
}
How can I do it? Is there some built-in way of checking if the token has expired? Thanks.
Use the created_at to check if a certain duration has passed from the time of insertion. For example you can do like so :
$token = DB::table('password_resets')
->where('token','=',$token)
->where('created_at','>',Carbon::now()->subHours(2))
->first();
Then check if the token exists.
Alternative way - is to call artisan command auth:clear-resets
On >= Laravel 5.4
$reminder = Reminder::where('email', $user->email)->first();
if (! $reminder or ! Hash::check($resetToken, $reminder->token)) {
// Return 404, as Reminder was not found
return $this->respondNotFound();
}
Where Reminder is password_resets Eloquent Model ( by default in laravel: password_resets )
To verify if the reset token has expired, simply check the Laravel function tokenExpired ($created_at, $token)
This function only executes the following:
return Carbon::parse($createdAt)->addSeconds($this->expires)->isPast();
e.g.
$created_at = DB::table('password_resets')->first()['created_at'];
// => 2018-01-08 09:59:26
// Carbon::now();
// => 2018-01-08 11:03:05
Carbon::parse($created_at)->addSeconds(config('auth.passwords.users.expire'*60))->isPast()
// => true (with an expiration setting of 1 hour)