Comments (5)
I have fixed this in my L4.2 site by overriding DatabaseReminderRepository::create()
. From L5.0 that is renamed to DatabaseTokenRepository::create() but is largely the same.
Instead of blindly deleting and recreating the token:
$this->deleteExisting($user);
We delete it only if expired:
// Delete any current token if it has expired.
$expired = Carbon::now()->subSeconds($this->expires);
// Maybe expand deleteExpired() to take an optional user like deleteExisting()
$this->getTable()
->where('email', $user->getReminderEmail())
->where('created_at', '<', $expired)
->delete();
Then see if there is an existing token still there, and if there is, use it:
$existing_token = $this
->getTable()
->where('email', $user->getReminderEmail())
->first();
if ($existing_token) {
return $existing_token->token;
}
Otherwise just carry on as normal to create a brand new token.
Does that seem on the face of it a reasonable approach?
from ideas.
First questions are:
- Is there a security issue with sending non-expired password reset tokens again? I don't think so.
- Is the edge case when someone requests a password reset just moments before the current token is about to expire going to just move the problem? Again, I don't think so, but it needs to be considered.
- Are we the only people having this problem? We do have a large number of password resets going on, as everyone must do that at least once. However, I do suspect others are having this issue too, but don't realise it. No evidence for that I'm afraid.
from ideas.
We have this monitored on a site that went live with this fix yesterday. Counting the number of times the passwords.token error happens now compared to before, will give us a better idea of the number of potential support calls it avoids.
We have had ~1300 logged failures to reset a password last year due to an invalid token (NOT expired, but deleted). 182 failures so far this year. Some users resolve the problem themselves, but many can't - they just say, "it doesn't work".
from ideas.
Not sure if this is the right repo to be raising this for discussion? I can move it if not.
from ideas.
Closing this for lack of activity, the proposal doesn't seem to be found interesting by members of the community.
from ideas.
Related Issues (20)
- [Proposal] Easy way to cancel notifications at time of sending
- Rendering Blade Components Outside of Views HOT 1
- Assert that a component has rendered on a page
- Service Container | Contextual Binding of the Methods
- [REQUEST] Enable flush method from dynamoDB cache HOT 3
- [Feature] Enable flush method from dynamoDB
- [Proposal] Support AOP with php8 Attribute
- laravel join select max of joined column
- Ability to get event name which fires in Eloquent booted method HOT 1
- Make `php artisan migrate:reset` work with *-schema.dump
- Size File Validation only deals with Kilobytes
- Suggesting that ".env.testing" file be added to .gitignore HOT 2
- add native support for dev containers HOT 3
- [9.x] Rename firstOrNew() to firstOrMake()
- Set property to a config value via an Attribute HOT 1
- Add support to get more information on the job class
- Allow pausing batches
- afterCommit on Queueable Anonymous Event Listeners
- Upsert for related models
- Command option to run scheduler in a particular timezone
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ideas.