0
0
Laravelframework~20 mins

Password reset in Laravel - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Password Reset Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
1:30remaining
What happens after submitting a valid password reset request in Laravel?

In Laravel's built-in password reset system, when a user submits their email to request a password reset link, what is the expected behavior?

ALaravel sends an email with a reset link and shows a success message on the same page.
BLaravel redirects the user to the login page without sending any email.
CLaravel immediately resets the password to a default value and logs the user in.
DLaravel deletes the user account and shows an error message.
Attempts:
2 left
💡 Hint

Think about what a password reset link is for.

📝 Syntax
intermediate
1:30remaining
Which code snippet correctly defines the password reset route in Laravel?

Laravel uses routes to handle password reset requests. Which of the following route definitions correctly sets up the password reset POST route?

ARoute::post('/reset-password', 'PasswordResetController@reset')->name('password.update');
BRoute::put('/reset-password', [PasswordResetController::class, 'reset'])->name('password.update');
CRoute::get('/reset-password', [PasswordResetController::class, 'reset'])->name('password.update');
DRoute::post('/reset-password', [PasswordResetController::class, 'reset'])->name('password.update');
Attempts:
2 left
💡 Hint

Consider the HTTP method used for submitting form data securely.

🔧 Debug
advanced
2:00remaining
Why does the password reset token expire immediately after generation?

Consider this Laravel password reset token generation snippet:

$token = Password::createToken($user);

But when trying to use the token, it is always expired. What is the most likely cause?

AThe token is generated with the wrong user ID.
BThe token is generated but never saved to the database.
CThe token expiration time is set to zero or a past time in the config/auth.php file.
DThe user model does not implement the MustVerifyEmail interface.
Attempts:
2 left
💡 Hint

Check the configuration that controls token lifetime.

state_output
advanced
1:30remaining
What is the value of $status after a successful password reset?

Given this Laravel code snippet:

$status = Password::reset($credentials, function ($user, $password) {
    $user->forceFill(['password' => Hash::make($password)])->save();
    $user->setRememberToken(Str::random(60));
});

What will be the value of $status if the reset succeeds?

Atrue
BPassword::PASSWORD_RESET
Cnull
DPassword::RESET_SUCCESS
Attempts:
2 left
💡 Hint

Look for constants defined in the Password facade.

🧠 Conceptual
expert
2:30remaining
Why should password reset tokens be single-use and time-limited?

In Laravel's password reset system, tokens are designed to be used only once and expire after a short time. Why is this important?

ATo prevent attackers from reusing stolen tokens and to limit the window for attacks.
BTo reduce database storage by deleting tokens quickly.
CTo force users to reset passwords frequently for better security.
DTo allow multiple users to share the same reset link safely.
Attempts:
2 left
💡 Hint

Think about security risks of token reuse and long validity.