Update DatabaseTokenRepository.php

laravel · Dec 18, 2016 · c454c87 · c454c87
1 parent cd0396f
commit c454c87
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php b/src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php
@@ -5,6 +5,7 @@
 use Carbon\Carbon;
 use Illuminate\Support\Str;
 use Illuminate\Database\ConnectionInterface;
+use Illuminate\Contracts\Hashing\Hasher as HasherContract;
 use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
 
 class DatabaseTokenRepository implements TokenRepositoryInterface
@@ -36,7 +37,14 @@ class DatabaseTokenRepository implements TokenRepositoryInterface
      * @var int
      */
     protected $expires;
-
+
+    /**
+     * The hasher implementation.
+     *
+     * @var \Illuminate\Contracts\Hashing\Hasher
+     */
+    protected $hasher;
+
     /**
      * Create a new token repository instance.
      *
@@ -46,12 +54,13 @@ class DatabaseTokenRepository implements TokenRepositoryInterface
      * @param  int  $expires
      * @return void
      */
-    public function __construct(ConnectionInterface $connection, $table, $hashKey, $expires = 60)
+    public function __construct(ConnectionInterface $connection, HasherContract $hasher, $table, $hashKey, $expires = 60)
     {
         $this->table = $table;
         $this->hashKey = $hashKey;
         $this->expires = $expires * 60;
         $this->connection = $connection;
+        $this->hasher = $hasher;
     }
 
     /**
@@ -96,7 +105,7 @@ protected function deleteExisting(CanResetPasswordContract $user)
      */
     protected function getPayload($email, $token)
     {
-        return ['email' => $email, 'token' => $token, 'created_at' => new Carbon];
+        return ['email' => $email, 'token' => $this->hasher->make($token), 'created_at' => new Carbon];
     }
 
     /**
@@ -106,13 +115,13 @@ protected function getPayload($email, $token)
      * @param  string  $token
      * @return bool
      */
-    public function exists(CanResetPasswordContract $user, $token)
+    public function exists(CanResetPasswordContract $user, $userToken)
     {
         $email = $user->getEmailForPasswordReset();
 
-        $token = (array) $this->getTable()->where('email', $email)->where('token', $token)->first();
+        $token = (array) $this->getTable()->where('email', $email)->first();
 
-        return $token && ! $this->tokenExpired($token);
+        return $token && ! $this->tokenExpired($token) && $this->hasher->check($userToken, $token['token']);
     }
 
     /**