'Laravel - The token field is required while reset password
I update laravel 5.2.4 to 5.6. While fixing some bugs I got error while password reset - "The token field is required."
I use parameter in forms - @csrf
<form class="form-horizontal" role="form" method="POST" action="{{ url('/password/email') }}">
@csrf
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<label class="col-md-4 control-label">E-Mail Address</label>
<div class="col-md-6">
<input type="email" class="form-control" name="email" value="{{ old('email') }}">
@if ($errors->has('email'))
<span class="help-block">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
</div>
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<button type="submit" class="btn btn-primary">
<i class="fa fa-btn fa-envelope"></i>Send Password Reset Link
</button>
</div>
</div>
</form>
In routes
Route::get('password/reset/{token?}', 'Auth\PasswordController@showResetForm');
Route::post('password/email', 'Auth\PasswordController@sendResetLinkEmail');
Route::post('password/reset', 'Auth\PasswordController@reset');
PasswordController:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Http\Request;
/**
* @property string linkRequestView
* @property string resetView
*/
class PasswordController extends Controller
{
/*
|--------------------------------------------------------------------------
| Password Reset Controller
|--------------------------------------------------------------------------
|
| This controller is responsible for handling password reset requests
| and uses a simple trait to include this behavior. You're free to
| explore this trait and override any methods you wish to tweak.
|
*/
use ResetsPasswords;
/**
* Create a new password controller instance.
*
* @param Request $request
*/
public function __construct(Request $request)
{
$this->middleware('guest');
$this->linkRequestView = 'auth.passwords.email';
$this->resetView = 'auth.passwords.reset';
if (strpos($request->path(), 'ex') === 0) {
$this->linkRequestView = 'ex.auth.passwords.email';
$this->resetView = 'ex.auth.passwords.reset';
}
}
}
What I must change to solve this problem? When I see html code on page - token field exist "_token" but when I submit - token required.
Solution 1:[1]
You need the csrf token by having this inside your form element :
<input type="hidden" name="token" value="{{ csrf_token() }}">
If avobe method fail then give the token value as :
<input type="hidden" name="token" value="{{ $token }}">
Solution 2:[2]
In my case (Laravel 7.x) i was missing the csrf token and the password reset token so when i put both it work correctly:
<form action="{{ route('password.update') }}" method="post">
@csrf
<input type="hidden" name="token" value="{{ $token }}">
...
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | doulos |