From cb7675845f89a6eca8011c5920e0bd3c62dcd016 Mon Sep 17 00:00:00 2001
From: Sadika Sumanapala <sadikahs@gmail.com>
Date: Fri, 22 Apr 2016 18:27:05 +0530
Subject: [PATCH] Decode app key if it is encoded with base64

app key can be encoded in base64 in that case it should be decoded
before using it as hash key to create password reset token.

Fix #13269
---
 src/Illuminate/Auth/Passwords/PasswordBrokerManager.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Illuminate/Auth/Passwords/PasswordBrokerManager.php b/src/Illuminate/Auth/Passwords/PasswordBrokerManager.php
index cd83b59eb69f..66118c93d39b 100644
--- a/src/Illuminate/Auth/Passwords/PasswordBrokerManager.php
+++ b/src/Illuminate/Auth/Passwords/PasswordBrokerManager.php
@@ -4,6 +4,7 @@
 
 use InvalidArgumentException;
 use Illuminate\Contracts\Auth\PasswordBrokerFactory as FactoryContract;
+use Illuminate\Support\Str;
 
 class PasswordBrokerManager implements FactoryContract
 {
@@ -82,10 +83,15 @@ protected function resolve($name)
      */
     protected function createTokenRepository(array $config)
     {
+        $hashKey = $this->app['config']['app.key'];
+        if (Str::startsWith($hashKey, 'base64:')) {
+            $hashKey = base64_decode(substr($hashKey, 7));
+        }
+
         return new DatabaseTokenRepository(
             $this->app['db']->connection(),
             $config['table'],
-            $this->app['config']['app.key'],
+            $hashKey,
             $config['expire']
         );
     }