Categories
Laravel

Laravel/UI: Register Without Password, Send Password Via Email

October 10, 2023 by Vincent Schmalbach

You can modify the registration process in a Laravel application that uses laravel/ui (link) to generate a random password and send it via email instead of having the user create their own during registration. Here are the general steps on how you might implement this:

1. Update Validation

In the RegisterController, you may need to update the validator method to remove the validation rule for the password (if it’s not needed in the form).

protected function validator(array $data)
{
    return Validator::make($data, [
        'name' => ['required', 'string', 'max:255'],
        'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
        // 'password' => ['required', 'string', 'min:8', 'confirmed'], // remove or comment this line
    ]);
}

2. Create Password

In the create method within the same RegisterController, automatically generate a password when creating a new user instance. PHP’s Str class can be used for this purpose.

use Illuminate\Support\Str; // Ensure this is imported at the top of your controller

// ...

protected function create(array $data)
{
    $password = Str::random(10); // Generate a random 10 character password

    $user = User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'password' => bcrypt($password), // Use the generated password
    ]);

    // Optionally, store the plain password temporarily, so it can be sent via email
    $user->plain_password = $password;

    return $user;
}

3. Send Email

After the user is created, send an email with the randomly generated password. You may utilize Laravel’s built-in mailing functionality to achieve this. First, you might create a mailable class:

php artisan make:mail WelcomeMail

In your WelcomeMail class (located in app/Mail/WelcomeMail.php), set up the email, ensuring you pass through the plain password.

namespace App\Mail;

use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels;

class WelcomeMail extends Mailable
{
    use Queueable, SerializesModels;

    public $password;

    public function __construct($password)
    {
        $this->password = $password;
    }

    public function build()
    {
        return $this->view('emails.welcome');
    }
}

Create a view for your email (resources/views/emails/welcome.blade.php), where you can display the password to the user:

<!DOCTYPE html>
<html>
<body>
    <h1>Welcome to our platform</h1>
    <p>Your automatically generated password is: {{ $password }}</p>
    <p>Please log in and change your password immediately for security reasons.</p>
</body>
</html>

Now, send the email after the user is registered. Add the following code after the user is created in your create method within RegisterController:

\Mail::to($user->email)->send(new \App\Mail\WelcomeMail($user->plain_password));

4. Update Views

Lastly, don’t forget to remove the password fields from the registration form view, typically found in resources/views/auth/register.blade.php.

Important Note

Sending plain passwords via email is not a recommended practice from a security standpoint. It would be more secure to generate a unique token and send a password reset link to the user to set their own password. Alternatively, employ email verification and upon verification, redirect users to set their own password. This way, no passwords are sent in plain text over email, providing a more secure user experience.

Leave a Reply

Your email address will not be published. Required fields are marked *