othyn/ChangePasswordController.php

## app.blade.php
<!-- resources/views/layouts/app.blade.php -->
<!-- Add this to the nav, so that the user can navigate to the change password screen from a contextual location -->

...
<div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdown">
    <!-- Add from this bit ... -->
    <a class="dropdown-item" href="{{ route('password.edit') }}">
        {{ __('Change Password') }}
    </a>
    <!-- ... to here. -->

    <a class="dropdown-item" href="{{ route('logout') }}"
       ...

## change.blade.php
<!-- resources/views/auth/passwords/change.blade.php -->
<!-- This view is in the same format and style as the login.blade.php and other Laravel views of the same nature -->

@extends('layouts.app')

@section('content')
<div class="container">
    <div class="row justify-content-center">
        <div class="col-md-8">
            <div class="card shadow-sm">
                <div class="card-header">{{ __('Change Password') }}</div>

                <div class="card-body">
                    <form method="POST" action="{{ route('password.update') }}">
                        @csrf

                        <div class="form-group row">
                            <label for="current_password" class="col-md-4 col-form-label text-md-right">{{ __('Current Password') }}</label>

                            <div class="col-md-6">
                                <input id="current_password" type="password" class="form-control @error('current_password') is-invalid @enderror" name="current_password" required autocomplete="current-password">

                                @error('current_password')
                                    <span class="invalid-feedback" role="alert">
                                        <strong>{{ $message }}</strong>
                                    </span>
                                @enderror
                            </div>
                        </div>

                        <div class="form-group row">
                            <label for="new_password" class="col-md-4 col-form-label text-md-right">{{ __('New Password') }}</label>

                            <div class="col-md-6">
                                <input id="new_password" type="password" class="form-control @error('new_password') is-invalid @enderror" name="new_password" required autocomplete="new-password">

                                @error('new_password')
                                    <span class="invalid-feedback" role="alert">
                                        <strong>{{ $message }}</strong>
                                    </span>
                                @enderror
                            </div>
                        </div>

                        <div class="form-group row">
                            <label for="new_password_confirmation" class="col-md-4 col-form-label text-md-right">{{ __('Confirm New Password') }}</label>

                            <div class="col-md-6">
                                <input id="new_password_confirmation" type="password" class="form-control" name="new_password_confirmation" required autocomplete="new-password">
                            </div>
                        </div>

                        <div class="form-group row mb-0">
                            <div class="col-md-6 offset-md-4">
                                <button type="submit" class="btn btn-primary">
                                    {{ __('Change Password') }}
                                </button>
                            </div>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
@endsection

## ChangePasswordController.php
<?php

/*
 * app/Http/Controllers/Auth/ChangePasswordController.php
 *
 * Made via the command:
 * $ php artisan make:controller Auth/ChangePasswordController -r
 *
 * This is the custom controller that will do all the heavy lifting for
 * changing the users password.
 */

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Http\Requests\ChangePasswordRequest;
use App\Providers\RouteServiceProvider;
use Illuminate\Contracts\Support\Renderable;
use Illuminate\Http\RedirectResponse;
use Illuminate\Support\Facades\Hash;

class ChangePasswordController extends Controller
{
    /**
     * Show the form for editing the specified resource.
     *
     * @return \Illuminate\Contracts\Support\Renderable
     */
    public function edit(): Renderable
    {
        return view('auth.passwords.change');
    }

    /**
     * Update the specified resource in storage.
     *
     * @param \App\Http\Requests\ChangePasswordRequest $request
     *
     * @return \Illuminate\Routing\Redirector|\Illuminate\Http\RedirectResponse
     */
    public function update(ChangePasswordRequest $request): RedirectResponse
    {
        $user = request()->user();

        // The hash function must be the same as in RegisterController::create()
        $user->password = Hash::make($request->new_password);

        $user->save();

        // Update the same session variable that the Laravel Auth scaffold uses
        $request->session()->put('status', 'Your password has been updated successfully.');

        // Redirect in the same manner the Laravel Auth scaffold does
        return redirect(RouteServiceProvider::HOME);
    }
}

## ChangePasswordRequest.php
<?php

/*
 * app/Http/Requests/ChangePasswordRequest.php
 *
 * Made via the command:
 * $ php artisan make:request ChangePasswordRequest
 *
 * This is a custom request object for handling the password change request.
 * It keeps the validation and authorisation nice and tidy.
 */

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;

class ChangePasswordRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize(): bool
    {
        return null != request()->user();
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules(): array
    {
        // The validation rules must be the same as in RegisterController::validator()
        return [
            'current_password' => [
                'required',
                'string',
                'min:8',
                'password:web',
            ],
            'new_password' => [
                'required',
                'string',
                'min:8',
                'confirmed',
                'different:current_password',
            ],
            // new_password_confirmation is validated by confirmed on new_password
        ];
    }
}

## web.php
<?php

/*
 * routes/web.php
 *
 * These routes register the password change endpoints.
 * Make sure they go in your web routes, not your api routes.
 * These routes adhere to the resource naming convention.
 */

Route::group([
    'prefix' => 'user',
    'middleware' => [
        'web',
        'auth',
    ],
], function () {
    // Password Change - View
    // Resolves to: GET /user/password
    Route::get('password', 'Auth\ChangePasswordController@edit')
        ->name('password.edit');

    // Password Change - Submit
    // Resolves to: POST /user/password
    Route::post('password', 'Auth\ChangePasswordController@update')
        ->name('password.update');
});
	<!-- resources/views/layouts/app.blade.php -->
	<!-- Add this to the nav, so that the user can navigate to the change password screen from a contextual location -->

	...
	<div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdown">
	<!-- Add from this bit ... -->
	<a class="dropdown-item" href="{{ route('password.edit') }}">
	{{ __('Change Password') }}
	</a>
	<!-- ... to here. -->

	<a class="dropdown-item" href="{{ route('logout') }}"
	...
	<!-- resources/views/auth/passwords/change.blade.php -->
	<!-- This view is in the same format and style as the login.blade.php and other Laravel views of the same nature -->

	@extends('layouts.app')

	@section('content')
	<div class="container">
	<div class="row justify-content-center">
	<div class="col-md-8">
	<div class="card shadow-sm">
	<div class="card-header">{{ __('Change Password') }}</div>

	<div class="card-body">
	<form method="POST" action="{{ route('password.update') }}">
	@csrf

	<div class="form-group row">
	<label for="current_password" class="col-md-4 col-form-label text-md-right">{{ __('Current Password') }}</label>

	<div class="col-md-6">
	<input id="current_password" type="password" class="form-control @error('current_password') is-invalid @enderror" name="current_password" required autocomplete="current-password">

	@error('current_password')
	<span class="invalid-feedback" role="alert">
	<strong>{{ $message }}</strong>
	</span>
	@enderror
	</div>
	</div>

	<div class="form-group row">
	<label for="new_password" class="col-md-4 col-form-label text-md-right">{{ __('New Password') }}</label>

	<div class="col-md-6">
	<input id="new_password" type="password" class="form-control @error('new_password') is-invalid @enderror" name="new_password" required autocomplete="new-password">

	@error('new_password')
	<span class="invalid-feedback" role="alert">
	<strong>{{ $message }}</strong>
	</span>
	@enderror
	</div>
	</div>

	<div class="form-group row">
	<label for="new_password_confirmation" class="col-md-4 col-form-label text-md-right">{{ __('Confirm New Password') }}</label>

	<div class="col-md-6">
	<input id="new_password_confirmation" type="password" class="form-control" name="new_password_confirmation" required autocomplete="new-password">
	</div>
	</div>

	<div class="form-group row mb-0">
	<div class="col-md-6 offset-md-4">
	<button type="submit" class="btn btn-primary">
	{{ __('Change Password') }}
	</button>
	</div>
	</div>
	</form>
	</div>
	</div>
	</div>
	</div>
	</div>
	@endsection
	<?php

	/*
	* app/Http/Controllers/Auth/ChangePasswordController.php
	*
	* Made via the command:
	* $ php artisan make:controller Auth/ChangePasswordController -r
	*
	* This is the custom controller that will do all the heavy lifting for
	* changing the users password.
	*/

	namespace App\Http\Controllers\Auth;

	use App\Http\Controllers\Controller;
	use App\Http\Requests\ChangePasswordRequest;
	use App\Providers\RouteServiceProvider;
	use Illuminate\Contracts\Support\Renderable;
	use Illuminate\Http\RedirectResponse;
	use Illuminate\Support\Facades\Hash;

	class ChangePasswordController extends Controller
	{
	/**
	* Show the form for editing the specified resource.
	*
	* @return \Illuminate\Contracts\Support\Renderable
	*/
	public function edit(): Renderable
	{
	return view('auth.passwords.change');
	}

	/**
	* Update the specified resource in storage.
	*
	* @param \App\Http\Requests\ChangePasswordRequest $request
	*
	* @return \Illuminate\Routing\Redirector\|\Illuminate\Http\RedirectResponse
	*/
	public function update(ChangePasswordRequest $request): RedirectResponse
	{
	$user = request()->user();

	// The hash function must be the same as in RegisterController::create()
	$user->password = Hash::make($request->new_password);

	$user->save();

	// Update the same session variable that the Laravel Auth scaffold uses
	$request->session()->put('status', 'Your password has been updated successfully.');

	// Redirect in the same manner the Laravel Auth scaffold does
	return redirect(RouteServiceProvider::HOME);
	}
	}
	<?php

	/*
	* app/Http/Requests/ChangePasswordRequest.php
	*
	* Made via the command:
	* $ php artisan make:request ChangePasswordRequest
	*
	* This is a custom request object for handling the password change request.
	* It keeps the validation and authorisation nice and tidy.
	*/

	namespace App\Http\Requests;

	use Illuminate\Foundation\Http\FormRequest;

	class ChangePasswordRequest extends FormRequest
	{
	/**
	* Determine if the user is authorized to make this request.
	*
	* @return bool
	*/
	public function authorize(): bool
	{
	return null != request()->user();
	}

	/**
	* Get the validation rules that apply to the request.
	*
	* @return array
	*/
	public function rules(): array
	{
	// The validation rules must be the same as in RegisterController::validator()
	return [
	'current_password' => [
	'required',
	'string',
	'min:8',
	'password:web',
	],
	'new_password' => [
	'required',
	'string',
	'min:8',
	'confirmed',
	'different:current_password',
	],
	// new_password_confirmation is validated by confirmed on new_password
	];
	}
	}
	<?php

	/*
	* routes/web.php
	*
	* These routes register the password change endpoints.
	* Make sure they go in your web routes, not your api routes.
	* These routes adhere to the resource naming convention.
	*/

	Route::group([
	'prefix' => 'user',
	'middleware' => [
	'web',
	'auth',
	],
	], function () {
	// Password Change - View
	// Resolves to: GET /user/password
	Route::get('password', 'Auth\ChangePasswordController@edit')
	->name('password.edit');

	// Password Change - Submit
	// Resolves to: POST /user/password
	Route::post('password', 'Auth\ChangePasswordController@update')
	->name('password.update');
	});