Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Laravel 6.x change password (Routes, Controller, Request & View)
<!-- resources/views/layouts/app.blade.php -->
<!-- Add this to the nav, so that the user can navigate to the change password screen from a contextual location -->
...
<div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdown">
<!-- Add from this bit ... -->
<a class="dropdown-item" href="{{ route('password.edit') }}">
{{ __('Change Password') }}
</a>
<!-- ... to here. -->
<a class="dropdown-item" href="{{ route('logout') }}"
...
<!-- resources/views/auth/passwords/change.blade.php -->
<!-- This view is in the same format and style as the login.blade.php and other Laravel views of the same nature -->
@extends('layouts.app')
@section('content')
<div class="container">
<div class="row justify-content-center">
<div class="col-md-8">
<div class="card shadow-sm">
<div class="card-header">{{ __('Change Password') }}</div>
<div class="card-body">
<form method="POST" action="{{ route('password.update') }}">
@csrf
<div class="form-group row">
<label for="current_password" class="col-md-4 col-form-label text-md-right">{{ __('Current Password') }}</label>
<div class="col-md-6">
<input id="current_password" type="password" class="form-control @error('current_password') is-invalid @enderror" name="current_password" required autocomplete="current-password">
@error('current_password')
<span class="invalid-feedback" role="alert">
<strong>{{ $message }}</strong>
</span>
@enderror
</div>
</div>
<div class="form-group row">
<label for="new_password" class="col-md-4 col-form-label text-md-right">{{ __('New Password') }}</label>
<div class="col-md-6">
<input id="new_password" type="password" class="form-control @error('new_password') is-invalid @enderror" name="new_password" required autocomplete="new-password">
@error('new_password')
<span class="invalid-feedback" role="alert">
<strong>{{ $message }}</strong>
</span>
@enderror
</div>
</div>
<div class="form-group row">
<label for="new_password_confirmation" class="col-md-4 col-form-label text-md-right">{{ __('Confirm New Password') }}</label>
<div class="col-md-6">
<input id="new_password_confirmation" type="password" class="form-control" name="new_password_confirmation" required autocomplete="new-password">
</div>
</div>
<div class="form-group row mb-0">
<div class="col-md-6 offset-md-4">
<button type="submit" class="btn btn-primary">
{{ __('Change Password') }}
</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
@endsection
<?php
/*
* app/Http/Controllers/Auth/ChangePasswordController.php
*
* Made via the command:
* $ php artisan make:controller Auth/ChangePasswordController -r
*
* This is the custom controller that will do all the heavy lifting for
* changing the users password.
*/
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Http\Requests\ChangePasswordRequest;
use App\Providers\RouteServiceProvider;
use Illuminate\Contracts\Support\Renderable;
use Illuminate\Http\RedirectResponse;
use Illuminate\Support\Facades\Hash;
class ChangePasswordController extends Controller
{
/**
* Show the form for editing the specified resource.
*
* @return \Illuminate\Contracts\Support\Renderable
*/
public function edit(): Renderable
{
return view('auth.passwords.change');
}
/**
* Update the specified resource in storage.
*
* @param \App\Http\Requests\ChangePasswordRequest $request
*
* @return \Illuminate\Routing\Redirector|\Illuminate\Http\RedirectResponse
*/
public function update(ChangePasswordRequest $request): RedirectResponse
{
$user = request()->user();
// The hash function must be the same as in RegisterController::create()
$user->password = Hash::make($request->new_password);
$user->save();
// Update the same session variable that the Laravel Auth scaffold uses
$request->session()->put('status', 'Your password has been updated successfully.');
// Redirect in the same manner the Laravel Auth scaffold does
return redirect(RouteServiceProvider::HOME);
}
}
<?php
/*
* app/Http/Requests/ChangePasswordRequest.php
*
* Made via the command:
* $ php artisan make:request ChangePasswordRequest
*
* This is a custom request object for handling the password change request.
* It keeps the validation and authorisation nice and tidy.
*/
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class ChangePasswordRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize(): bool
{
return null != request()->user();
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules(): array
{
// The validation rules must be the same as in RegisterController::validator()
return [
'current_password' => [
'required',
'string',
'min:8',
'password:web',
],
'new_password' => [
'required',
'string',
'min:8',
'confirmed',
'different:current_password',
],
// new_password_confirmation is validated by confirmed on new_password
];
}
}
<?php
/*
* routes/web.php
*
* These routes register the password change endpoints.
* Make sure they go in your web routes, not your api routes.
* These routes adhere to the resource naming convention.
*/
Route::group([
'prefix' => 'user',
'middleware' => [
'web',
'auth',
],
], function () {
// Password Change - View
// Resolves to: GET /user/password
Route::get('password', 'Auth\ChangePasswordController@edit')
->name('password.edit');
// Password Change - Submit
// Resolves to: POST /user/password
Route::post('password', 'Auth\ChangePasswordController@update')
->name('password.update');
});
@othyn

This comment has been minimized.

Copy link
Owner Author

@othyn othyn commented Feb 26, 2020

... I should really just make this into a Laravel package!

@othyn

This comment has been minimized.

Copy link
Owner Author

@othyn othyn commented Mar 3, 2020

... or submit this as a PR against laravel/ui

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment