Recovery Password

Setting

This procedure uses the forgot method to define the database table (you can use a string with a table name or the Model name). The columns method the form's email field. In the values method, the e-mail that will be sent the recovery link is informed in the first parameter, and in the second parameter the URL that will be contained in the e-mail to change the password. The register method will check and send the email.

Solital uses the default Model AuthModel. However, you can create a model and use it in the forgot() method.

use Solital\Core\Kernel\Model\AuthModel;

public function forgotPost(): void
{
    $email = input()->post('email')->getValue();

    $res = Auth::forgot(AuthModel::class)
            ->columns('username')
            ->values($email, url('change'))
            ->register();

    if ($res == true) {
        message('forgot', 'Link sent to your email!');
        response()->redirect(url('forgot'));
    }
}

Setting expiration time

By default, the link sent is valid for 1 hour. You can change this behavior using the timeHash() method.

Auth::forgot(AuthModel::class)
    ->columns('username')
    ->values($email, url('change'))
    # Here the code
    ->timeHash('+2 hours')
    ->register();

Changing email fields

By default, "User" is sent as the name of the sender and recipient. "Reset Password" as the title of the email.

To change these fields, use the customMailSender() and/or customMailFields() method.

// Custom mail sender
->customMailSender('mail_sender@gmail.com');

// Custom sender, recipient and subject
->customMailFields('name_sender', 'name_recipient', 'subject');

The full code is:

Auth::forgot(AuthModel::class)
    ->columns('username')
    ->values($email, url('change'))
    ->customMailSender('mail_sender@gmail.com')
    ->customMailFields('name_sender', 'name_recipient', 'subject')
    ->register();

Changing recovery template email

To change the default email template, you can use Wolf to generate a new template.

You will need to generate a link that will be used to validate the user's password change. To do this, use the $this->generateRecoveryLink method, informing as parameters the user's email, the url in which they will change their password and the time that this link will be valid.

$wolf = new Wolf;
$wolf->setArgs([
    'link' => $this->generateRecoveryLink('user_email@gmail.com', url('change'), '+2 hours')
]);
$wolf->setView('auth.template-recovery-password');
$template = $wolf->render();

Then add this template to the last parameter of the customMailFields method.

Auth::forgot(AuthModel::class)
    ->columns('username')
    ->values($email, url('change'))
    # Here the code
    ->customMailFields('name_sender', 'name_recipient', 'subject', $template)
    ->register();

To validate the information by clicking on the email link, you can use the structure below:

/**
 * @param string $hash
 * 
 * @return void
 */
public function change($hash): void
{
    $res = Hash::decrypt($hash)->isValid();

    if ($res == true) {
        $email = Hash::decrypt($hash)->value();

        return view('auth.change-pass-form', [
            'title' => 'Change Password',
            'email' => $email,
            'hash' => $hash
        ]);
    }

    message('login', 'The informed link has already expired!');
    response()->redirect(url('auth'));
}

Changing the password

This procedure uses the change method to define the database table. The columns method defines the database user and password fields. The values method defines the user's email in the first parameter, and the new password in the second parameter. The register method will check and change the email.

Auth::change(AuthModel::class)
    ->columns('username', 'password')
    ->values($email, $pass)
    ->register();

Password recovery structure

You can create a predefined password recovery framework. To do so, use the php vinci auth:skeleton --forgot command.

This command creates a controller with the name ForgotController. With it you will have all the basis to create a password recovery system.

If you want to remove this structure, use php vinci auth:skeleton --forgot --remove.


What to see next?


Built with MkDocs.