public function reset(Request $request) { $this->validate($request, ['email' => 'required|email', 'token' => "required|exists:password_resets,token,email,{$request->email}", 'password' => 'required|min:8|confirmed']); $user = User::whereEmail($request->email)->firstOrFail(); $user->password = bcrypt($request->password); $user->save(); //delete pending resets PasswordReset::whereEmail($request->email)->delete(); return response()->success(true); }