5

I am attempting to reset a user's password in Laravel, but the Password::reset method is looking for an email column in the password_tokens table, rather than an id column.

$credentials = ['password' => Input::get('password'),
    'id' => $currentUser->id,
    'token' => Input::get('token'),
    'password_confirmation' => Input::get('password_confirmation')];

return Password::reset($credentials, function($user, $password)
{
    $user->password = Hash::make($password);
    $user->save();

    return Redirect::to('public_site.admin')->with('flash', 'Your password has been reset');
});

This gives me the following error:

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'email' in 'where clause' (SQL: select * from password_tokens where email = peter@email.com and token = cVh08P70IfWrni2PCxP0KXGyihhc3d2u limit 1)

I haven't passed an email in $credentials, and am not sure where I can set this to use a user id instead (id being the primary key of the users table, and user_id being a foreign key in password_tokens).

I can successfully use Auth in other parts of my application, and lookup users using User::find($userId); as well, so I don't think there is an issue with the way my User model is set up.

Where does Password::reset look to find the conditions for the query? Is it a part of the user model, is it based on the input it receives, or is it in a config file somewhere?

Superfly
  • 571
  • 3
  • 13
  • Here's [the class](https://github.com/illuminate/auth/blob/master/Reminders/PasswordBroker.php) that implements `Password::reset`. –  Sep 29 '14 at 03:06
  • 1
    Editing core files isn't recommended – Ali Gajani Sep 29 '14 at 03:45
  • This is really too bad, because I am trying to adapt the password_reminders table for signups and the user changing their email address. Without a user id this can't be done. The Laravel maintainers missed an opportunity here unfortunately, which is disappointing. – Zack Morris Feb 20 '15 at 18:31

2 Answers2

0

This is because password reset requires an email anyways, how else are you gonna send the password? And since the email has to be just as unique as the ID they spared the effort to implement this with an ID check since an email comparison works just as well.

Why do you need it to be an ID?

barfurth
  • 641
  • 7
  • 15
  • All of my other tables refer to the user id as a foreign key. It seems counter-intuitive to break this convention here - I'm not sure that was the intention of the framework. I don't necessarily **need** it to be an ID, nor do I need to use the built in `Password::reset`. If the answer is that I can't make it use a user id, I can work around that. – Superfly Sep 29 '14 at 14:05
  • You can edit the function... just extend the class that has it and overwrite it. Even though I don't see a particular need for it, you can of course do that. The function is Illuminate\Auth\Reminders\PasswordBroker, if you wanna change it I might as well be useful and tell you the class. – barfurth Sep 29 '14 at 15:55
0

If you use Laravel's Password::reset it will automatically add the email field to the database query. It does not need to you to provide the email address because it fetches the user model from the database based on the $credentials array you provide.

It would not be advantageous for you to extend any of Laravel's core files to change the functionality. The best solution in this would be to create a migration that adds an email field to the password_tokens table. That will fix the issue you are having and you should not have to rewrite any of your existing code.

Inda5th
  • 111
  • 5