Send Email After Changing Password in Laravel
By using Laravel’s authentication we can save a world of time by leveraging the code it provides. Out of the box it does send an email when you send a forgot password request, but what if you want to send an email to the user when the password has changed? This can be a security enhancement to help ensure the person who changed the password is in fact the correct person.
One thing that I always encourage developers on my team is to read the actual source code of the Laravel codebase. There are plenty of hidden tricks that we can leverage as to not reinvent the wheel.
Read the actual source code of the Laravel codebase.
When using Laravel’s Auth you will notice that it will create a bunch of controllers in an app/Http/Controllers/Auth folder. There is a ResetPasswordController class and it has a trait ResetsPasswords. In looking at this trait we can consider overriding some of these methods in our ResetPasswordController to add in the code to send an email. BUT wait, aren’t we just re-inventing the wheel?
This is where reading the Laravel source code really helps. Check out the ResetsPassword Trait. On line: 111 inside the method resetPassword() Laravel is firing an event! (note: they even call it out in the documentation)
event(new PasswordReset($user));We can listen to this event and upon firing send out emails. Now we don’t have to override any of the trait methods inside our controller. We can adhere to a Single Responsibility principle much easier with these events.
Now to listen to this event we need to edit EventServiceProvider.php and edit the $listen property with the following:
protected $listen = [
PasswordReset::class => [
SendPasswordResetEmail::class,
]
];PasswordReset is our event and SendPasswordResetEmail is our Listener. So let’s create it:
php artisan make:listener SendPasswordResetEmail
This will create a SendPasswordResetEmail file inside the app/Listeners folder.
Now, don’t forget to import our classes in the EventServiceProvider:
use App\Listeners\SendPasswordResetEmail;
use Illuminate\Auth\Events\PasswordReset;Let’s edit our SendPasswordResetEmail Listener that is listening for the PasswordReset event to fire.
<?php
namespace App\Listeners;
use App\Mail\PasswordResetEmail;
use Illuminate\Auth\Events\PasswordReset;
use Illuminate\Support\Facades\Mail;
class SendPasswordResetEmail
{
/**
* Handle the event.
*
* @param PasswordReset $event
*
* @return void
*/
public function handle(PasswordReset $event)
{
$user = $event->user;
Mail::to($user)
->send(new PasswordResetEmail($user));
}
}You will recall in the event that is fired event(new PasswordReset($user)); we are passing the $user object and it is available in our Listener as $event->user.
Now we can send our Mail using Mailables, So let’s create this Mailable file
php artisan make:mail PasswordResetEmailNow, I can do the work I need to build this email
<?php
namespace App\Mail;
use Illuminate\Mail\Mailable;
class PasswordResetEmail extends Mailable
{
/** @var $user */
private $user;
/**
* Create a new message instance.
*
* @param $user
*/
public function __construct($user)
{
$this->user = $user;
}
/**
* Build the message.
*
* @return $this
*/
public function build(): self
{
return $this
->subject('Password changed')
->text('emails.auth.password_changed_plain')
->view('emails.auth.password_changed', [
'user' => $this->user,
]);
}
}You will need to create the view files for your email which I will leave up to you. there are plenty of open source email templates that you can use as a guide with a simple google search.
Congrats, now you have successfully built some code that follows the Single Responsibility principle and uses Laravel's event system.
If you found this tip helpful, feel free to follow me on Twitter @smayzes and please consider sharing!
