[11.x] add optional prefix for cache key (#53448)

* add optional prefix for cache key if a user does not decide to use a dedicated cache store for their password resets, there's a risk of collision/overwriting of the cache keys in the default cache store, since we are just using the user's email. this allows the user to set an optional config value to use a prefix on the cache key. * minor formatting
laravel · Nov 9, 2024 · f405bf0 · f405bf0
1 parent 37f96f1
commit f405bf0
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/src/Illuminate/Auth/Passwords/CacheTokenRepository.php b/src/Illuminate/Auth/Passwords/CacheTokenRepository.php
@@ -23,7 +23,8 @@ public function __construct(
         protected HasherContract $hasher,
         protected string $hashKey,
         protected int $expires = 3600,
-        protected int $throttle = 60
+        protected int $throttle = 60,
+        protected string $prefix = '',
     ) {
     }
 
@@ -35,13 +36,15 @@ public function __construct(
      */
     public function create(CanResetPasswordContract $user)
     {
-        $email = $user->getEmailForPasswordReset();
-
         $this->delete($user);
 
         $token = hash_hmac('sha256', Str::random(40), $this->hashKey);
 
-        $this->cache->put($email, [$token, Carbon::now()->format($this->format)], $this->expires);
+        $this->cache->put(
+            $this->prefix.$user->getEmailForPasswordReset(),
+            [$token, Carbon::now()->format($this->format)],
+            $this->expires,
+        );
 
         return $token;
     }
@@ -55,7 +58,7 @@ public function create(CanResetPasswordContract $user)
      */
     public function exists(CanResetPasswordContract $user, #[\SensitiveParameter] $token)
     {
-        [$record, $createdAt] = $this->cache->get($user->getEmailForPasswordReset());
+        [$record, $createdAt] = $this->cache->get($this->prefix.$user->getEmailForPasswordReset());
 
         return $record
             && ! $this->tokenExpired($createdAt)
@@ -81,7 +84,7 @@ protected function tokenExpired($createdAt)
      */
     public function recentlyCreatedToken(CanResetPasswordContract $user)
     {
-        [$record, $createdAt] = $this->cache->get($user->getEmailForPasswordReset());
+        [$record, $createdAt] = $this->cache->get($this->prefix.$user->getEmailForPasswordReset());
 
         return $record && $this->tokenRecentlyCreated($createdAt);
     }
@@ -111,7 +114,7 @@ protected function tokenRecentlyCreated($createdAt)
      */
     public function delete(CanResetPasswordContract $user)
     {
-        $this->cache->forget($user->getEmailForPasswordReset());
+        $this->cache->forget($this->prefix.$user->getEmailForPasswordReset());
     }
 
     /**

diff --git a/src/Illuminate/Auth/Passwords/PasswordBrokerManager.php b/src/Illuminate/Auth/Passwords/PasswordBrokerManager.php
@@ -94,7 +94,8 @@ protected function createTokenRepository(array $config)
                 $this->app['hash'],
                 $key,
                 ($config['expire'] ?? 60) * 60,
-                $config['throttle'] ?? 0
+                $config['throttle'] ?? 0,
+                $config['prefix'] ?? '',
             );
         }