Validate/Authorize Current Password In Laravel 5.1

Question

I'm trying to add a password change feature for my logged in/authorized users. It's your plain ole generic set up:

Current Password
New Password
Confirm New Password

Obviously I can just use validate on the new password and password confirmation, but how do I authorize the current password submitted against their actual current password?

In the users model password is a hidden property so I can't just match them up.

I tried looking through Illiminate\Auth and Guard but I didn't see it anywhere. Perhaps I missed it, or maybe I'm going about this the wrong way?

Answer 1

Here's the answer in case anyone else is looking:

$validator = $this->validator($request->all());

$validator->after(function($validator) use ($request) {
    $check = auth()->validate([
        'email'    => $this->user->email,
        'password' => $request->current_password
    ]);

    if (!$check):
        $validator->errors()->add('current_password', 
            'Your current password is incorrect, please try again.');
    endif;
});

if ($validator->fails()):
    return redirect('account/password')
        ->withErrors($validator)
        ->withInput();
endif;

$this->user->password = bcrypt($request->password);
$this->user->save();

Answer 2

Get the current password and compare with the new password.

//use Auth, Hash, Input;

if (Hash::check(Input::get('new_password'), Auth::user()->password))
        echo "Matched";
else
        echo "Not matched";

Did you use the the laravel built in authentication package? If yes, the validation has been done for you. Check app/Http/Controller/Auth/AuthController.php, you can see this validation function. You can add more if you wish!:

protected function validator(array $data)
{
    return Validator::make($data, [
        'first_name' => 'required|max:255',
        'last_name' => 'required|max:255',
        'email' => 'required|email|max:255|unique:users',
        'password' => 'required|confirmed|min:6',
    ]);
}

If any error happens during the above validation, it will be sent to the $errors variable where your blade view can catch them. So, in your reset password view (view/auth/reset.blade.php), you can catch the validation errors as follow:

@if (count($errors) > 0)
                        <div class="alert alert-danger">
                            <strong>Whoops!</strong> There were some problems with your input.<br><br>
                            <ul>
                                @foreach ($errors->all() as $error)
                                    <li>{{ $error }}</li>
                                @endforeach
                            </ul>
                        </div>
@endif