Laravel Password Reset Implementation Guide

Introduction

Running php artisan make:auth in a new Laravel application and visiting the registration URL (e.g., http://your-app.dev/register ) scaffolds a complete authentication system, including password reset functionality.

Most web applications provide a password reset feature. Instead of re‑implementing it for each project, Laravel offers convenient methods to send password reset reminders and perform the reset.

{note} Before using Laravel's password reset, your user model must use the Illuminate\Notifications\Notifiable trait.

Database Considerations

First, verify that your App\User model implements the Illuminate\Contracts\Auth\CanResetPassword contract. The default App\User model already implements this interface and uses the Illuminate\Auth\Passwords\CanResetPassword trait to provide the required methods.

Migration for Reset Tokens

The migration that creates the table for storing password reset tokens is already present in the database/migrations directory. Simply run the migration command:

php artisan migrate

Routes

Laravel includes the necessary logic for sending password reset links and resetting passwords in the Auth\ForgotPasswordController and Auth\ResetPasswordController classes. All routes required for password resetting can be generated with the Artisan command php artisan make:auth :

php artisan make:auth

Views

When you execute make:auth , Laravel generates all the views needed for password resetting and places them in resources/views/auth/passwords . You may modify these views as needed.

After Resetting the Password

Once the reset routes and views are defined, you can visit /password/reset to reset a password. The framework's ForgotPasswordController handles sending the reset link email, while ResetPasswordController processes the actual password change.

After a successful reset, the user is automatically logged in and redirected to /home . You can customize this post‑reset redirect by defining a protected $redirectTo = '/dashboard'; property in ResetPasswordController .

{note} By default, password reset tokens expire after one hour. You can modify the expire option in config/auth.php to change this duration.

Customization

Custom Authentication Guard

In the auth.php configuration file you can define multiple "guards" to authenticate against different user tables. Override the guard method in ResetPasswordController to specify which guard to use:

use Illuminate\Support\Facades\Auth;

protected function guard()
{
    return Auth::guard('guard-name');
}

Custom Password Broker

Similarly, you can configure multiple password "brokers" in auth.php . Override the broker method in the relevant controllers to select a broker:

use Illuminate\Support\Facades\Password;

/**
 * Get the password broker to be used during reset.
 *
 * @return PasswordBroker
 */
protected function broker()
{
    return Password::broker('name');
}

Custom Password Reset Email

To customize the notification sent to users, override the sendPasswordResetNotification method in your User model. This method receives the reset token and can dispatch any notification class you prefer:

/**
 * Send the password reset notification.
 *
 * @param  string  $token
 * @return void
 */
public function sendPasswordResetNotification($token)
{
    $this->notify(new ResetPasswordNotification($token));
}