[5.7] Database-less Password Reset

src/Illuminate/Auth/Console/stubs/make/views/auth/passwords/reset.stub

@@ -8,16 +8,14 @@
                 <div class="card-header">{{ __('Reset Password') }}</div>
 
                 <div class="card-body">
-                    <form method="POST" action="{{ route('password.request') }}">
+                    <form method="POST" action="{{ URL::full() }}">
                         @csrf
 
-                        <input type="hidden" name="token" value="{{ $token }}">
-
                         <div class="form-group row">
                             <label for="email" class="col-md-4 col-form-label text-md-right">{{ __('E-Mail Address') }}</label>
 
                             <div class="col-md-6">
-                                <input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" name="email" value="{{ $email or old('email') }}" required autofocus>
+                                <input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" name="email" value="{{ $email ?? old('email') }}" required autofocus>
 
                                 @if ($errors->has('email'))
                                     <span class="invalid-feedback">

src/Illuminate/Auth/Notifications/ResetPassword.php

@@ -2,34 +2,36 @@
 
 namespace Illuminate\Auth\Notifications;
 
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\URL;
 use Illuminate\Notifications\Notification;
 use Illuminate\Notifications\Messages\MailMessage;
 
 class ResetPassword extends Notification
 {
     /**
-     * The password reset token.
+     * The callback that should be used to build the mail message.
      *
-     * @var string
+     * @var \Closure|null
      */
-    public $token;
+    public static $toMailCallback;
 
     /**
-     * The callback that should be used to build the mail message.
+     * The number minutes for which the reset link should be considered valid.
      *
-     * @var \Closure|null
+     * @var int
      */
-    public static $toMailCallback;
+    protected $expiration;
 
     /**
      * Create a notification instance.
      *
-     * @param  string  $token
+     * @param  int  $expiration
      * @return void
      */
-    public function __construct($token)
+    public function __construct($expiration = 60)
     {
-        $this->token = $token;
+        $this->expiration = $expiration;
     }
 
     /**
@@ -57,7 +59,9 @@ public function toMail($notifiable)
 
         return (new MailMessage)
             ->line('You are receiving this email because we received a password reset request for your account.')
-            ->action('Reset Password', url(config('app.url').route('password.reset', $this->token, false)))
+            ->action('Reset Password', URL::signedRoute('password.reset', [
+                'email' => $notifiable->getEmailForPasswordReset(),
+            ], Carbon::now()->addMinutes($this->expiration)))
             ->line('If you did not request a password reset, no further action is required.');
     }
 

src/Illuminate/Auth/Passwords/CanResetPassword.php

@@ -19,11 +19,11 @@ public function getEmailForPasswordReset()
     /**
      * Send the password reset notification.
      *
-     * @param  string  $token
+     * @param  int  $expiration
      * @return void
      */
-    public function sendPasswordResetNotification($token)
+    public function sendPasswordResetNotification($expiration = 60)
     {
-        $this->notify(new ResetPasswordNotification($token));
+        $this->notify(new ResetPasswordNotification($expiration));
     }
 }