Laravel 8+ Password Reset For Multiple Models/Tables
Laravel provides its default auth scaffolding for login, register and for reset password. But with default laravel auth, you can only reset the password of the User model. If you have multiple user models like admin, seller, customer etc. then you might need some customization in the default auth system of laravel.
In this tutorial, I am going to take an example of a user and a customer model/table. I am creating separate auth directories for both User and Customer model and similarly I have different auth routes for both types of user with prefix /user
and another has /customer
. So, you can relate your scenario with this example.
The one more thing which I don’t recommend is using the same auth directory for both types of users. In that case you can pass the user type to the ForgetPasswordController
and ResetPasswordController
via your auth routes to identify the user types. Rest process will be almost the same as described below.
Step 1. Adding the new auth guard
Go to config/auth.php
to add extra guards and providers to your application, if you have already done this part, you can skip this step.
return [ 'defaults' => [ 'guard' => 'web', 'passwords' => 'users', ], 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'client' => [ 'driver' => 'session', 'provider' => 'customers', ], 'api' => [ 'driver' => 'token', 'provider' => 'users', 'hash' => false, ], ], 'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\Models\User::class, ], 'customers' => [ 'driver' => 'eloquent', 'model' => App\Models\Customer::class, ], ], 'passwords' => [ 'users' => [ 'provider' => 'users', 'table' => 'password_resets', 'expire' => 60, 'throttle' => 60, ], 'customers' => [ 'provider' => 'customers', 'table' => 'password_resets', 'expire' => 60, 'throttle' => 60, ], ], 'password_timeout' => 10800, ];
Step 2. Override the reset password link and notification
On the frontend side, when the user clicks on the forgot password, he/she redirects to a form in which he/she can fill the email, then hit the submit button. On the backend side in the ForgetPasswordController
, the system needs to check the account with the given email address then send the reset password link on that email.
You can override the reset password link and notification by using the below method on the authenticable model (in our case it is the customer).
Customer.php
public function sendPasswordResetNotification($token) { ResetPassword::$createUrlCallback = function ($user, $token) { return url("customer/password/reset/$token"); }; $this->notify(new ResetPassword($token)); }
Step 3. Override the Password Broker
So, now we have two controllers, ForgotPasswordController
which is responsible to show the forgotten password form and send the reset password link to the user. ResetPasswordController
which is responsible to verify the token and redirect the user to the reset password form where he/she can actually reset the password.
At this point, according to the default auth system it uses the User model as authenticable model. Now check the config/auth.php
for another user i.e. customer in our case. So, we need to pick the provider of the customers and use it as a password broker in both controllers ForgetPasswordController
and ResetPasswordController
.
public function broker() { return Password::broker('customers'); }
Conclusion
That’s it, using the same reset password table and default auth system of the laravel we can use for multiple authenticable models and tables.
I hope it will help you. If you have any query related to this article feel free to comment below.
Hi,
Can you please share the complete code for the same functionality? It will be very helpful.
Thanks,
It works, thanks