This document describes the password reset link logic implemented in the Larafast API Boilerplate. The logic is primarily handled by the PasswordResetLinkController class. The first step in the password reset link process is validating the incoming request data. This is done using the PasswordResetLinkRequest class, which extends Laravel’s FormRequest class. Currently, there are no validation rules specified in this class. 
class PasswordResetLinkRequest extends FormRequest
{
    public function rules(): array
    {
        return [
            'email' => ['required', 'email'],
        ];
    }
}
The store method in the PasswordResetLinkController class handles the generation of the password reset link. It uses Laravel’s Password facade to send a password reset link to the email address provided in the request. If the password reset link cannot be sent, a ValidationException is thrown with a message indicating the reason. 
public function store(PasswordResetLinkRequest $request): JsonResponse
{
    $status = Password::sendResetLink(
        $request->only('email')
    );

    if ($status !== Password::RESET_LINK_SENT) {
        throw ValidationException::withMessages([
            'email' => [__($status)],
        ]);
    }

    return response()->success(['status' => __($status)]);
}

Routes

The route for password reset link generation is defined in the routes/auth.php file. The route uses the PasswordResetLinkController class and the store method. 
Route::post('/forgot-password', [PasswordResetLinkController::class, 'store'])
    ->middleware('guest')
    ->name('password.email');
This concludes the overview of the password reset link logic in the application.

New Password Logic

This document describes the new password logic implemented in the PHP Laravel application. The logic is primarily handled by the NewPasswordController class.

New Password Request Validation

The first step in the new password process is validating the incoming request data. This is done using the NewPasswordRequest class, which extends Laravel’s FormRequest class. The rules method of this class specifies that the token, email, and password fields are required. 
class NewPasswordRequest extends FormRequest
{
    public function rules(): array
    {
        return [
            'token' => ['required'],
            'email' => ['required', 'email'],
            'password' => ['required', Password::defaults()],
        ];
    }
}

Password Reset

The store method in the NewPasswordController class handles the password reset. It uses Laravel’s Password facade to reset the user’s password. If the password reset is successful, the user’s password is updated in the database and a PasswordReset event is dispatched. If the password reset is not successful, a ValidationException is thrown with a message indicating the reason. 
public function store(NewPasswordRequest $request): JsonResponse
{
    $status = Password::reset(
        $request->only('email', 'password', 'password_confirmation', 'token'),
        function ($user) use ($request) {
            $user->forceFill([
                'password' => Hash::make($request->password),
                'remember_token' => Str::random(60),
            ])->save();

            event(new PasswordReset($user));
        }
    );

    if ($status !== Password::PASSWORD_RESET) {
        throw ValidationException::withMessages([
            'email' => [__($status)],
        ]);
    }

    return response()->success(['status' => __($status)]);
}

Routes

The route for password reset is defined in the routes/auth.php file. The route uses the NewPasswordController class and the store method. 
Route::post('/reset-password', [NewPasswordController::class, 'store'])
    ->middleware('guest')
    ->name('password.store');
This concludes the overview of the new password logic in the application.