Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Allow a user to change only their own password

Browse Source
This commit is contained in:
= 2021-01-01 20:11:21 +11:00
parent 2e2b815371
commit 6c098160df
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Requests/User/UpdateUserRequest.php
View File

@ -29,7 +29,10 @@ class UpdateUserRequest extends Request
public function rules() public function rules()
{ {
$input = $this->all(); $input = $this->all();
$rules = [];
$rules = [
'password' => 'nullable|string|min:6',
];
if (isset($input['email'])) { if (isset($input['email'])) {
$rules['email'] = ['email:rfc,dns', 'sometimes', new UniqueUserRule($this->user, $input['email'])]; $rules['email'] = ['email:rfc,dns', 'sometimes', new UniqueUserRule($this->user, $input['email'])];

7
app/Repositories/UserRepository.php
View File

@ -18,6 +18,7 @@ use App\Models\User;
use App\Utils\Ninja; use App\Utils\Ninja;
use App\Utils\Traits\MakesHash; use App\Utils\Traits\MakesHash;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
/** /**
* UserRepository. * UserRepository.
@ -61,6 +62,12 @@ class UserRepository extends BaseRepository
$user->fill($details); $user->fill($details);
//allow users to change only their passwords - not others!
if(auth()->user()->id == $user->id && array_key_exists('password', $data) && isset($data['password']))
{
$user->password = Hash::make($data['password']);
}
if (!$user->confirmation_code) { if (!$user->confirmation_code) {
$user->confirmation_code = $this->createDbHash(config('database.default')); $user->confirmation_code = $this->createDbHash(config('database.default'));
} }