Issue with updating user password

chris · November 25, 2022, 12:39pm

on the frontend side, I have an account page offering the possibility to change password.
There is a field to capture the current password and a field to capture the new password.

in my component, but I cant figure out how to:

check the current password
update with the new password

so far, I have this check that works but I cant control the flash error message returned

if ($user = \Auth::authenticate($credentials, true)) {
}

then I try to update the user password like this

if ($user = \Auth::authenticate($credentials, true)) {
  DB::transaction(function () use ($user, $data) {
       $new_password = array_get($data['user'], 'new_password');
       $user->password = $new_password;
       $user->password_confirmation = $new_password;
        $user->save();
        // $credentials = [
                            //     'login'    => $user->email,
                            //     'password' => $new_password
                            // ];
                            // \Auth::authenticate($credentials, true);
                        });
                    }

but it simply logs out the current user.

What is the proper way to handle this?

daft · November 25, 2022, 11:03pm

When you change the password it invalidates the session, so you need to log the user in again.

chris · November 26, 2022, 1:27am

got it, thanks @daft , here is the piece of code working

$credentials = [
                        'login'    => $this->user->email,
                        'password' => array_get($data['user'], 'password')
                    ];

                    try {
                        // check the provided current password before attempting to update it
                        $user = \Auth::authenticate($credentials, true);
                    } catch (AuthException $ex) {
                        throw new AuthException(Lang::get('inherent.coachcamp::frontend.fields.account.invalid_user_password'));
                    }

                    DB::transaction(function () use ($data, &$password_changed) {
                        // update the user with new password
                        $new_password = array_get($data['user'], 'new_password');
                        $this->user->password = $new_password;
                        $this->user->password_confirmation = $new_password;
                        $this->user->save();
                        $credentials = [
                            'login'    => $this->user->email,
                            'password' => $new_password
                        ];
                        // re-authenticate the user with the new password after changing his password
                        $this->user = \Auth::authenticate($credentials, true);
                        $password_changed = true;
                    });