Laravel 5: Diagnose password reset token is invalid error

3995 views laravel
5

I use the Laravel auth system to send out a welcome email to all new users. Mostly it works fine but I have had a few isolated incidents where I get the "password reset token is invalid" error.

In order to diagnose this I would like to be able to manually compare the strings that are provided in the user's URL (i.e. the token that I emailed them) against the value stored in the password_resets.token field. How can I do that?

The token in the URL seems to be 64 hex characters. The token in the database starts with $2y$10$, so I presume it is the output of the password_hash function. How can I translate from one to another?

answered question

1 Answer

11

First of all I want to say the token in the URL is not the output of the password_hash function.

To compare the token in the URL and what is generate or stored, you can check from your database. Check the password_resets table, check the email of the user, search for the token that corresponds to that email address.

The token in the URL, should be the same as what is in the database for the email address.

posted this

Have an answer?

JD

Please login first before posting an answer.