Issue with updating user password

on the frontend side, I have an account page offering the possibility to change password.
There is a field to capture the current password and a field to capture the new password.

in my component, but I cant figure out how to:

  • check the current password
  • update with the new password

so far, I have this check that works but I cant control the flash error message returned

if ($user = \Auth::authenticate($credentials, true)) {
}

then I try to update the user password like this

if ($user = \Auth::authenticate($credentials, true)) {
  DB::transaction(function () use ($user, $data) {
       $new_password = array_get($data['user'], 'new_password');
       $user->password = $new_password;
       $user->password_confirmation = $new_password;
        $user->save();
        // $credentials = [
                            //     'login'    => $user->email,
                            //     'password' => $new_password
                            // ];
                            // \Auth::authenticate($credentials, true);
                        });
                    }

but it simply logs out the current user.

What is the proper way to handle this?

When you change the password it invalidates the session, so you need to log the user in again.

got it, thanks @daftspunky , here is the piece of code working

$credentials = [
                        'login'    => $this->user->email,
                        'password' => array_get($data['user'], 'password')
                    ];

                    try {
                        // check the provided current password before attempting to update it
                        $user = \Auth::authenticate($credentials, true);
                    } catch (AuthException $ex) {
                        throw new AuthException(Lang::get('inherent.coachcamp::frontend.fields.account.invalid_user_password'));
                    }

                    DB::transaction(function () use ($data, &$password_changed) {
                        // update the user with new password
                        $new_password = array_get($data['user'], 'new_password');
                        $this->user->password = $new_password;
                        $this->user->password_confirmation = $new_password;
                        $this->user->save();
                        $credentials = [
                            'login'    => $this->user->email,
                            'password' => $new_password
                        ];
                        // re-authenticate the user with the new password after changing his password
                        $this->user = \Auth::authenticate($credentials, true);
                        $password_changed = true;
                    });
1 Like