Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mhoreen's avatar

Laravel API: Can't reset password ("Trying to get property 'password' of non-object")

I already have an API in where when the user forgets their password, they're gonna enter their email and it's gonna return a token in the URL in the email and right now, I want to create an API where it asks for the current password of the user, new password and new password confirmation.

This is my controller 'AuthController':

<?php

namespace App\Http\Controllers\Api;

use Spatie\Permission\Models\Role;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Models\User;
use App\Models\Device;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Auth;

use Illuminate\Support\Facades\Http;

use Teckwei1993\Otp\OtpFacade as Otp;


class AuthController extends Controller
{

    public function register(Request $request)
    {

        $rules = [
            'fname' => 'required',
            'mname' => 'required',
            'lname' => 'required',
            'birthdate' => 'required',
            'email' => 'required|unique:users',
            'password' => 'required|confirmed',
        ];

        $validator = Validator::make($request->all(), $rules);
        if ($validator->fails()) {
            return response()->json($validator->errors(), 400);
        }

        $validatedData = $request->validate([
            'fname' => 'required|max:55',
            'mname' => 'required|max:55',
            'lname' => 'required|max:55',
            'birthdate' => 'required',
            'email' => 'email|required',
            'password' => 'required|confirmed',
        ]);

        $validatedData['password'] = bcrypt($request->password);

        $user = User::create($validatedData);

        $id = $user->id;

        $user->driversInformation()->create(['user_id' => $id, 'driver_fname' => $request->input('fname'), 'driver_mname' => $request->input('mname'), 'driver_lname' => $request->input('lname'), 'driver_birthday' => $request->input('birthdate')]);
        $accessToken = $user->createToken('authToken')->accessToken;


        return response(['message' => "Successfully Registered", 'user' => $user, 'accessToken' => $accessToken]);
    }

    public function login(Request $request)
    {

        $rules = [
            'email' => 'required',
            'password' => 'required',
        ];

        $validator = Validator::make($request->all(), $rules);
        if ($validator->fails()) {
            return response()->json($validator->errors(), 400);
        }
        $loginData = $request->validate([
            'email' => 'email|required',
            'password' => 'required',
        ]);

        if (!auth()->attempt($loginData)) {
           
            return response(['message'=>"Email or Password is Incorrect",
            'error'=>true,
            'error_code'=>400,
            'line'=>"line".__LINE__."".basename(__LINE__),
            'users'=>[]],400);
        }

        if(is_null($loginData)){
            return response(['message'=>"Record Not Found!",
            'error'=>true,
            'error_code'=>404,
            'line'=>"line".__LINE__."".basename(__LINE__),
            'users'=>[]],400);
        }



        $accessToken = auth()->user()->createToken('authToken')->accessToken;
        $roles = auth()->user()->hasRole('roles'); // this will get the roles that is assigned to user
        return response(['message' => "Successfully Logged In", 'user' => auth()->user(), 'accessToken' => $accessToken]);
    }

This is my changePassword controller:

public function changePassword(Request $request)
    {
        $rules = [
            'old_password' => 'required',
            'password' => 'required',
            'confirm_password' => 'required',
        ];

        $validator = Validator::make($request->all(), $rules);
        if ($validator->fails()) {
            return response()->json($validator->errors(), 400);
        }


        $user=$request->user();
        if (Hash::check($request->old_password,$user->password)) {
            $user->update([
                'password'=>Hash::make($request->password)
            ]);
            return response()->json([
                'message'=>'Password successfully updated',
            ],200);
        } else {
            return response(['message'=>"Old password does not match"],400);
        }
    }

But I'm getting this error in my postman:

"message": "Trying to get property 'password' of non-object",
"exception": "ErrorException",
"file": "C:\xampp\htdocs\drv-api\app\Http\Controllers\Api\NewPasswordController.php",
"line": 86,
0 likes
3 replies
tykus's avatar
tykus
4 years ago
Best Answer
Level 104

I suppose this is the offending code?

$user=$request->user();
if (Hash::check($request->old_password,$user->password)) {

It would seem that $request->user() is null - how are you authenticating the User, and is this route not protected by the auth:api middleware?

1 like
mhoreen's avatar

@tykus I get it now, I tried putting the route inside the auth api middleware and it worked. sorry im still a bit confused

1 like

Please or to participate in this conversation.