Use filaments password broker for reset link token when creating subuser #1498
Conversation
Boy132
changed the title
There was a problem hiding this comment.
Pull Request Overview
This PR updates the subuser creation flow to use Filament’s configured password broker for reset token generation, addressing intermittent 403 invalid signature errors.
- Removed the injected
PasswordBrokerdependency - Added the Filament and Password facades to resolve the correct broker at runtime
- Changed token creation to use
Password::broker(Filament::getPanel('app')->getAuthPasswordBroker())
Comments suppressed due to low confidence (2)
app/Services/Users/UserCreationService.php:19
- Removing the PasswordBroker injection alters the constructor signature and could break any consumers relying on dependency injection. Consider updating the service binding or bumping the version to signal this breaking change.
private readonly Hasher $hasher,
app/Services/Users/UserCreationService.php:56
- The new branch using the Filament password broker should be covered by tests to verify correct token generation and avoid future regressions.
$broker = Password::broker(Filament::getPanel('app')->getAuthPasswordBroker());
There was a problem hiding this comment.
Filament::getPanel('app')->getAuthPasswordBroker() will always return null since we don't override it with https://filamentphp.com/docs/3.x/panels/users#setting-the-password-broker
So it will always default to laravel's broker 🤔
Like i said the only time i had encountered this issue was when APP_URL was wrong either no https while it was served over SSL or trailing slash
notAreYouScared
left a comment
notAreYouScared
left a comment
There was a problem hiding this comment.
I don't use the emails, but if this fixes it 👍
|
So, turns out the 403 errors are a problem with url encoding. While this PR does not fix that it's still a nice little refactor. |
Otherwise you sometimes getJust a small refactor.403 invalid signatureerrors.