How to block the sending of an email containing a password reset link for a blocked user?

L

Lucius Mooning2018-04-20 16:16:40

Laravel

Lucius Mooning, 2018-04-20 16:16:40

Good afternoon!
I use laravel standard authorization/authentication.
For users in the table added the field "banned". When trying to authenticate a blocked user through middleware, everything is processed successfully - access is blocked with subsequent logout.
In principle, the site visitor can enter his email address in the "Password recovery" form.
And how to block this action from sending an email containing a password reset link to a blocked user?
I see that you need to validate the email address and get the value of the "banned" field at the time of processing the "send password recovery link" button.
It is right ? And where do you need to make changes?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

iljaGolubev, 2018-04-23
@iljaGolubev

I prefer to use Soft Deleting to block users .
For such models, scope is used by default, which excludes remote (blocked) users from the selection.
Conversely, to send a password reset link to a remote user, you need to specify App\User:: withTrashed() ->('id', 100500) in your code.