Laravel 5: Multi-level authorization: coding explained – password retrieval

This page describes Student authentication layer. But since other (Associate, Tutor) are pretty much same, this serves as an explanation for them as well.



Here is the route that serves password retrieval requests.


Route namespaces and prefixes were explained in previous post, so I will not go into this here.

Code below is responsible for opening password reset request form:

{something} means that it will be replaced by some value in URI.

{something?} means that it may be replaced by some value in URI.

So in this case our route code is going to look like this:

Now, when you go to PasswordController, you will not see showResetForm method.
Please see previous two posts for explanations.
In short, it comes from one of objects used by PasswordController

So, now we have password reset form on the screen:


Code like:

… is explained in one of two last posts, so please refer there.


In here we have a code not used elsewhere.

I am talking about password broker:

This line of code refers to password broker setup in config/auth.php:

In our case, we’d be using broker ‘students’.

It gives us provider.
In a nutshell, it tells system, which table authentication data is stored in (via providers – explained just below) and where authenticated user data is available, e.g. in session.

Also tells us path to where email body sent to requesting user resides.

Then, we have a table name, where password request being reset is temporarily stored.

There is also expiration for password request.

Now, when user enters email, system uses this route:

This link gets us to:

… located in:

What happens above.

We check if email is valid:

Then we get proper password broker name:

And now, we send reset link and record that in database:

Email reset link is triggered.

This is the route used to handle incoming link:

This time it will have reset token attached to it.

We will show reset form for user:


When new credentials are entered, system uses this route code:

It takes us to this method:

… located in:

We validate request – previous 2 posts for details what happens.

Then we get new credentials, identify password broker and reset credentials.

And we are done.


Final Notes

So, without going any further into a full blown Laravel 5 tutorial, this is it  as far as login/logout is concerned.

You may consider reading about login and password reset.

Please go here and select proper link on the bottom.