No more password_resets table with signed url

Draft Disclaimer: Please note that this article is currently in draft form and may undergo revisions before final publication. The content, including information, opinions, and recommendations, is subject to change and may not represent the final version. We appreciate your understanding and patience as we work to refine and improve the quality of this article. Your feedback is valuable in shaping the final release.

url has logic for expiration and not tampering

    // TODO: use temporary signed url
    public function verify(Request $request, User $user, UserRepository $User, PhoneVerificationRepository $PhoneVerification)
        $this->validate($request, [
            'code' => 'required',
        $verification = $PhoneVerification->find([
            'phone_number' => $user->phone_number,
            'code' => $request->query('code'),
        $verified = optional($verification)->code == $request->query('code');

        if (! $verified) {
            return back()->with('error', 'Wrong verification code');
        $User->update(['id' => $user->id], ['phone_is_verified' => true]);
        $PhoneVerification->delete(['phone_number' => $user->phone_number]);

        return redirect()->route('', $user)
            ->with('success', 'Phone number verified');