Level 102
Is UpdateUserPassword your own class? If so please post it
Oct 15, 2020
14
Level 1
Changing password always logs me out
Hi,
I hope somebody can help, I'm currently building an application using Laravel 8 and Jetstream. On the user profile page is an update password feature. I have this working but it logs me out each time the password changes.
I've attempted various methods of logging the user back in after the change, tried basic Laravel Auth instead of using Fortify. Each time, same thing - logged out!
Basic function is:
public function changePassword(Request $request)
{
$user = User::find(Auth::id());
$changePassword = new UpdateUserPassword;
$changePassword->update($user,$request->All());
}
and the request is:
request: Symfony\Component\HttpFoundation\ParameterBag {#44 #parameters: array:3 [ "current_password" => "{current password}" "password" => "testtest" "password_confirmation" => "testtest" ] }
Level 1
UpdateUserPassword is a Jetstream / Fortify class (https://jetstream.laravel.com/1.x/features/authentication.html)
namespace App\Actions\Fortify;
use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; use Laravel\Fortify\Contracts\UpdatesUserPasswords;
class UpdateUserPassword implements UpdatesUserPasswords { use PasswordValidationRules;
/**
* Validate and update the user's password.
*
* @param mixed $user
* @param array $input
* @return void
*/
public function update($user, array $input)
{
Validator::make($input, [
'current_password' => ['required', 'string'],
'password' => $this->passwordRules(),
])->after(function ($validator) use ($user, $input) {
if (! Hash::check($input['current_password'], $user->password)) {
$validator->errors()->add('current_password', __('The provided password does not match your current password.'));
}
})->validateWithBag('updatePassword');
$user->forceFill([
'password' => Hash::make($input['password']),
])->save();
}
}
Level 122
Please format your code by putting 3 backticks ``` on a line before and after each code block
Level 1
Thank you, will do in future, but any idea on the problem itself?
Level 102
Any chance that you have some middlware on the route changePassword ? Show the route definition
Level 1
Bingo! Thank you so much, I did have middleware on changePassword:
Route::middleware(['auth:sanctum', 'verified'])->post('change-password', 'Account@changePassword');
Removing this solved the issue, just devising an alternative to this now.
Level 122
I setup as per you and had the same error.
Resolved it by changing the function to
$changePassword = new UpdateUserPassword;
$changePassword->update(Auth::user(), $request->All());
So using the already validated user instance rather than reloading the user model. My guess is that this is the sanctum middleware that is not associated with the new user model
Level 1
Hmm, tried this but still seemed to get the logout issue. In the end I changed the middleware to:
Route::middleware(['auth'])->post('change-password', 'Account@changePassword');
Level 102
You still shouldn't load the user again. It already is loaded in memory so just use that. Otherwise you get the user from the database twice
$user = Auth::user();
Level 122
I can't get it to work with auth:sanctum as the middleware.
1 like
Level 1
auth:sanctum can be implemented add the below codes
// ================= remove the former password ===================
$request->session()->forget('password_hash_web');
// login the user back with his new updated credentials
Auth::guard('web')->login($user);
echo "Password updated successfully";
5 likes
Level 8
@threx-code this just saved me!
Level 1
@Snapey auth:sanctum will logout the user after changing password. correct?
Level 1
Update session when password updates
session()->put([
'password_hash_' . auth()->getDefaultDriver() => $this->user->password
]);
Please or to participate in this conversation.