From 6c098160dfa3e3874915105f72fcfcb845e626a5 Mon Sep 17 00:00:00 2001 From: = Date: Fri, 1 Jan 2021 20:11:21 +1100 Subject: [PATCH] Allow a user to change only their own password --- app/Http/Requests/User/UpdateUserRequest.php | 5 ++++- app/Repositories/UserRepository.php | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/app/Http/Requests/User/UpdateUserRequest.php b/app/Http/Requests/User/UpdateUserRequest.php index 474145e11f52..5c6b131f89f5 100644 --- a/app/Http/Requests/User/UpdateUserRequest.php +++ b/app/Http/Requests/User/UpdateUserRequest.php @@ -29,7 +29,10 @@ class UpdateUserRequest extends Request public function rules() { $input = $this->all(); - $rules = []; + + $rules = [ + 'password' => 'nullable|string|min:6', + ]; if (isset($input['email'])) { $rules['email'] = ['email:rfc,dns', 'sometimes', new UniqueUserRule($this->user, $input['email'])]; diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php index 668cf0769d40..25f27e4561bb 100644 --- a/app/Repositories/UserRepository.php +++ b/app/Repositories/UserRepository.php @@ -18,6 +18,7 @@ use App\Models\User; use App\Utils\Ninja; use App\Utils\Traits\MakesHash; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Hash; /** * UserRepository. @@ -61,6 +62,12 @@ class UserRepository extends BaseRepository $user->fill($details); + //allow users to change only their passwords - not others! + if(auth()->user()->id == $user->id && array_key_exists('password', $data) && isset($data['password'])) + { + $user->password = Hash::make($data['password']); + } + if (!$user->confirmation_code) { $user->confirmation_code = $this->createDbHash(config('database.default')); }