[11.x] add optional prefix for cache key (#53448)

browner12 · web-flow · commit f405bf0a56e9 · 2024-11-09T10:08:05.000+10:00
* add optional prefix for cache key

if a user does not decide to use a dedicated cache store for their password resets, there's a risk of collision/overwriting of the cache keys in the default cache store, since we are just using the user's email.  this allows the user to set an optional config value to use a prefix on the cache key.

* minor formatting
diff --git a/src/Illuminate/Auth/Passwords/CacheTokenRepository.php b/src/Illuminate/Auth/Passwords/CacheTokenRepository.php
@@ -23,7 +23,8 @@ public function __construct(
         protected HasherContract $hasher,
         protected string $hashKey,
         protected int $expires = 3600,
-        protected int $throttle = 60
+        protected int $throttle = 60,
+        protected string $prefix = '',
     ) {
     }
 
@@ -35,13 +36,15 @@ public function __construct(
      */
     public function create(CanResetPasswordContract $user)
     {
-        $email = $user->getEmailForPasswordReset();
-
         $this->delete($user);
 
         $token = hash_hmac('sha256', Str::random(40), $this->hashKey);
 
-        $this->cache->put($email, [$token, Carbon::now()->format($this->format)], $this->expires);
+        $this->cache->put(
+            $this->prefix.$user->getEmailForPasswordReset(),
+            [$token, Carbon::now()->format($this->format)],
+            $this->expires,
+        );
 
         return $token;
     }
@@ -55,7 +58,7 @@ public function create(CanResetPasswordContract $user)
      */
     public function exists(CanResetPasswordContract $user, #[\SensitiveParameter] $token)
     {
-        [$record, $createdAt] = $this->cache->get($user->getEmailForPasswordReset());
+        [$record, $createdAt] = $this->cache->get($this->prefix.$user->getEmailForPasswordReset());
 
         return $record
             && ! $this->tokenExpired($createdAt)
@@ -81,7 +84,7 @@ protected function tokenExpired($createdAt)
      */
     public function recentlyCreatedToken(CanResetPasswordContract $user)
     {
-        [$record, $createdAt] = $this->cache->get($user->getEmailForPasswordReset());
+        [$record, $createdAt] = $this->cache->get($this->prefix.$user->getEmailForPasswordReset());
 
         return $record && $this->tokenRecentlyCreated($createdAt);
     }
@@ -111,7 +114,7 @@ protected function tokenRecentlyCreated($createdAt)
      */
     public function delete(CanResetPasswordContract $user)
     {
-        $this->cache->forget($user->getEmailForPasswordReset());
+        $this->cache->forget($this->prefix.$user->getEmailForPasswordReset());
     }
 
     /**
diff --git a/src/Illuminate/Auth/Passwords/PasswordBrokerManager.php b/src/Illuminate/Auth/Passwords/PasswordBrokerManager.php
@@ -94,7 +94,8 @@ protected function createTokenRepository(array $config)
                 $this->app['hash'],
                 $key,
                 ($config['expire'] ?? 60) * 60,
-                $config['throttle'] ?? 0
+                $config['throttle'] ?? 0,
+                $config['prefix'] ?? '',
             );
         }
 

Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,8 @@ protected function createTokenRepository(array $config)`
`94`	`94`	`$this->app['hash'],`
`95`	`95`	`$key,`
`96`	`96`	`($config['expire'] ?? 60) * 60,`
`97`		`- $config['throttle'] ?? 0`
	`97`	`+ $config['throttle'] ?? 0,`
	`98`	`+ $config['prefix'] ?? '',`
`98`	`99`	`);`
`99`	`100`	`}`
`100`	`101`