No more password_resets table with signed url
Draft Disclaimer: Please note that this article is currently in draft form and may undergo revisions before final publication. The content, including information, opinions, and recommendations, is subject to change and may not represent the final version. We appreciate your understanding and patience as we work to refine and improve the quality of this article. Your feedback is valuable in shaping the final release.
https://github.com/babacarcissedia/bcd.dev/commit/bd95e10
/password/1/reset?expires=1707941075&signature=88884f4c9dcfa557d1c5a4927b634b3cb11dbf1fae17923a4600762a72566f29
url has logic for expiration and not tampering
// TODO: use temporary signed url
public function verify(Request $request, User $user)
{
$this->validate($request, [
'code' => 'required',
]);
$verification = DB::table('phone_verifications')
->where('phone_number', $user->phone_number)
->where('code', $request->query('code'))
->first();
$verified = $verification?->code == $request->query('code');
if (! $verified) {
return back()->with('error', 'Wrong verification code');
}
$$user->update(['id' => $user->id], ['verified_at' => now()]);
$verified->delete(['phone_number' => $user->phone_number]);
return redirect()->back()
->with('success', 'Phone number verified');
}