Laravel 8+ Password Reset For Multiple Models/Tables
Laravel provides its default auth scaffolding for login, register and for reset password. But with default laravel auth, you can only reset the password of the User model. If you have multiple user models like admin, seller, customer etc. then you might need some customization in the default auth system of laravel.
In this tutorial, I am going to take an example of a user and a customer model/table. I am creating separate auth directories for both User and Customer model and similarly I have different auth routes for both types of user with prefix /user and another has /customer. So, you can relate your scenario with this example.
The one more thing which I don’t recommend is using the same auth directory for both types of users. In that case you can pass the user type to the ForgetPasswordController and ResetPasswordController via your auth routes to identify the user types. Rest process will be almost the same as described below.
Step 1. Adding the new auth guard
Go to config/auth.php to add extra guards and providers to your application, if you have already done this part, you can skip this step.
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'client' => [
'driver' => 'session',
'provider' => 'customers',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'customers' => [
'driver' => 'eloquent',
'model' => App\Models\Customer::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
'customers' => [
'provider' => 'customers',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
],
/*
|--------------------------------------------------------------------------
| Password Confirmation Timeout
|--------------------------------------------------------------------------
|
| Here you may define the amount of seconds before a password confirmation
| times out and the user is prompted to re-enter their password via the
| confirmation screen. By default, the timeout lasts for three hours.
|
*/
'password_timeout' => 10800,
];
Step 2. Override the reset password link and notification
On the frontend side, when the user clicks on the forgot password, he/she redirects to a form in which he/she can fill the email, then hit the submit button. On the backend side in the ForgetPasswordController, the system needs to check the account with the given email address then send the reset password link on that email.
You can override the reset password link and notification by using the below method on the authenticable model (in our case it is the customer).
Customer.php
/**
* Send the password reset notification.
*
* @param string $token
* @return void
*/
public function sendPasswordResetNotification($token)
{
ResetPassword::$createUrlCallback = function ($user, $token) {
return url("customer/password/reset/$token");
};
$this->notify(new ResetPassword($token));
}
Step 3. Override the Password Broker
So, now we have two controllers, ForgotPasswordController which is responsible to show the forgotten password form and send the reset password link to the user. ResetPasswordController which is responsible to verify the token and redirect the user to the reset password form where he/she can actually reset the password.
At this point, according to the default auth system it uses the User model as authenticable model. Now check the config/auth.php for another user i.e. customer in our case. So, we need to pick the provider of the customers and use it as a password broker in both controllers ForgetPasswordController and ResetPasswordController.
/**
* Get the broker to be used during password reset.
*
* @return \Illuminate\Contracts\Auth\PasswordBroker
*/
public function broker()
{
return Password::broker('customers');
}
Conclusion
That’s it, using the same reset password table and default auth system of the laravel we can use for multiple authenticable models and tables.
I hope it will help you. If you have any query related to this article feel free to comment below.
Hi,
Can you please share the complete code for the same functionality? It will be very helpful.
Thanks,
It works, thanks