Clarification for password reset while user is not confirmed

bestmomo / laravel-email-confirmation

Add email confimation to Laravel project

89 stars 28 forks source link

Clarification for password reset while user is not confirmed #28

Closed Doomkyn closed 6 years ago

Doomkyn commented 6 years ago

Hello,

what happens if a user request a password reset link while not being confirmed? I would like to limit the ability to request a password reset link only to confirmed users (same for actually resetting the password through ForgotPasswordController)

Is this possible?

Thanks

bestmomo commented 6 years ago

Hello,

I dont see how annoying it is to change password for a no confirmed user.

But if you want to do so you can override ResetsPasswords trait functions (showResetForm and reset for example) in ResetPasswordController to add this functionnality.

Doomkyn commented 6 years ago

I managed to do this the way you suggested, thanks. To be honest tho, I don't see a reason why a user that don't have the rights to login should be able to reset his password. Anyway, this is just a philosophical thought, good work and thanks for this package.