search

laravel / fortify

Backend controllers and scaffolding for Laravel authentication.
https://laravel.com/docs/fortify
MIT License
1.62k stars 294 forks source link

Send request to "reset-password" route without password will cause "Undefined index" error #244

Closed kurorido closed 3 years ago

kurorido commented 3 years ago

Description:

The payload sent to "reset-password" route

{
    "token": "f46be4baf70e56946d8b17e066afeab45f028afe8dd734b39b2d7442043b5a2f",
    "email": "test@test.com",
}

will cause the error in laravel/framework

{
    "message": "Undefined index: password",
    "exception": "ErrorException",
    "file": "/vendor/laravel/framework/src/Illuminate/Auth/Passwords/PasswordBroker.php",
    "line": 95,
    "trace": [
        {
            "file": "/vendor/laravel/framework/src/Illuminate/Auth/Passwords/PasswordBroker.php",
            "line": 95,
            "function": "handleError",
            "class": "Illuminate\\Foundation\\Bootstrap\\HandleExceptions",
            "type": "->"
        },
   .....

Steps To Reproduce:

Sent the payload above.

Suggest Solution:

Solution 1:

Modify the Fortify Package in NewPasswordController.php to validate password before pass to laravel/framework

Solution 2:

Modify the laravel/framework in PasswordBroker.php to prevent undefined index

change the line $password = $credentials['password']; to $password = $credentials['password'] ?? null;

driesvints commented 3 years ago

Thanks. A fix has been merged and will be tagged tomorrow.