Disable auto-login after password reset laravel

Question

I have a web application that uses Laravel's auth to handle the user's authentication, however a user cannot sign in without verifying his email, while testing the auth pages I realized that after reseting the password the user gets signed-in anyway, I tried to disable it however I was unable to figure out what method to override

I saw this post from stackoverflow , the only post on the internet based on my search for the better part of my day that still uses the default laravel ResetPasswordController and has auto-login disable however the solution did not match what I was looking for

If anyone can help me override the method I need or point me to the file in which I need to change I would hihgly appreciate it

I have already overridden the rules() method but cannot figure out what the other method is

    protected function rules()
{
    return [
        'token' => 'required',
        'email' => 'required|email',
        'password' => 'required|confirmed',
    ];
}

Right now this is my app\Http\Controllers\Auth\NewPasswordController.php

<?php
/*************************************************
Namespace 
*************************************************/
namespace App\Http\Controllers\Auth;

/*************************************************
Import laravel classes 
*************************************************/
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\ResetsPasswords;

/*************************************************
Class
*************************************************/
class ResetPasswordController extends Controller
{
    use ResetsPasswords;
    protected function rules()
    {
        return [
            'token' => 'required',
            'email' => 'required|email',
            'password' => 'required|confirmed',
        ];
    }
    protected $redirectTo = RouteServiceProvider::HOME;
}

After trying to change my controller to

<?php
/*************************************************
Namespace 
*************************************************/
namespace App\Http\Controllers\Auth;

/*************************************************
Import laravel classes 
*************************************************/
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Support\Str;
use Illuminate\Auth\Events\PasswordReset;

/*************************************************
Class
*************************************************/
class ResetPasswordController extends Controller
{
    //use ResetsPasswords;
    protected function rules()
    {
        return [
            'token' => 'required',
            'email' => 'required|email',
            'password' => 'required|confirmed',
        ];
    }
    protected function resetPassword($user, $password) {
    $this->setUserPassword($user, $password);

    $user->setRememberToken(Str::random(60));

    $user->save();

    event(new PasswordReset($user));

    // Comment or remove the line below.
    // $this->guard()->login($user);
    }
    protected $redirectTo = RouteServiceProvider::HOME;
}

trying to reset the password threw this error

BadMethodCallException
Method App\Http\Controllers\Auth\ResetPasswordController::showResetForm does not exist.

Highly appreciated Thank you

Answer 1

You are still using the ResetPasswords trait even though this is in a different file. Override the resetPassword method in your controller.

use ResetPasswords;

/**
 * Reset the given user's password.
 *
 * @param  \Illuminate\Contracts\Auth\CanResetPassword  $user
 * @param  string  $password
 * @return void
 */
protected function resetPassword($user, $password)
{
    $this->setUserPassword($user, $password);

    $user->setRememberToken(Str::random(60));

    $user->save();

    event(new PasswordReset($user));

    // Comment or remove the line below.
    // $this->guard()->login($user);
}

Note: You didn't change the class name of your NewPasswordController.php file.