CODEWITHSUNDEEP
laravellaravel-8
Nitin Johnson
Nitin Johnson

Reputation: 340

Laravel 8 prevent logout after user password change?

I have an admin panel and I am currently working on the change password module. I have done the code for change password but for some reason the session is destroyed and user is logged out after changing the password. How to prevent the auto logout from happening. Please help me.

HTML

<form id="changepasswordform">
    <input type="hidden" name='_token' value="{{ csrf_token() }}">
    <div class="form-group">
        <div class="row">
            <div class="col-md-2">
                <label>Password</label>
            </div>
        <div class="col-md-10">
            <div class="custom_error_msg password_error"></div>
            <input type="password" name="password" class="form-control password">
        </div>
        </div>
    </div>
    <div class="form-group">
        <div class="row">
            <div class="col-md-2">
                <label>Confirm Password</label>
            </div>
            <div class="col-md-10">
                <div class="custom_error_msg confirm_password_error"></div>
                <input type="password" name="confirm_password" class="form-control confirm_password">
            </div>
        </div>
    </div>
    <div class="form-group">
        <div class="row">
            <div class="col-md-12">
                <button class="btn btn-success float-right"><i class="far fa-save"></i> Save</button>
            </div>
        </div>
    </div>
</form>

Controller

public function ChangePasswordProcess(Request $request){
    /*User::find(auth()->user()->id)
    ->update([
        'password'=> Hash::make($request->password)
    ]);*/
    $userId = Auth::User()->id;
    $user = User::find($userId);
    $user->password = Hash::make($request->password);
    $user->save();
    
    return response()->json(['status' => 'success']);
}

Javascript

<script>
    $(document).ready(function(){
        $(".dropify").dropify();
        $("#changepasswordform").submit(function(e){
            e.preventDefault();
            var status=false;

            if($(".password").val()==""){
                $(".password_error").html("Field is mandatory");
                $(".password_error").show();
                status=false;
            } else {
                $(".password_error").hide();
                status=true;
            }

            if($(".confirm_password").val()==""){
                $(".confirm_password_error").html("Field is mandatory");
                $(".confirm_password_error").show();
                status=false;
            } else {
                $(".confirm_password_error").hide();
                status=true;
            }

            if($(".password").val()!=="" && $(".confirm_password").val()!==""){
                if($(".password").val() !== $(".confirm_password").val()){
                    $(".confirm_password_error").html("Passwords don't match");
                    $(".confirm_password_error").show();
                    status=false;
                } else {
                    $(".confirm_password_error").hide();
                    status=true;
                }
            }

            if(status==true){
                var formdata = new FormData(document.getElementById('changepasswordform'));
                $.ajax({
                    url: "{{ route('admin.change_password_process') }}",
                    type: "post",
                    async: false,
                    cache: false,
                    contentType: false,
                    processData: false,
                    data: formdata,
                    success: function (res) {
                        if (res.status == 'success') {
                            Swal.fire({
                                icon: 'success',
                                title: 'Success',
                                text: 'Password updated successfully',
                                confirmButtonClass: 'btn btn-primary',
                                buttonsStyling: false,
                            }).then(function (result) {
                                window.location.reload();
                            });
                        }
                    }
                });
            }               
        });
    });
</script>

Upvotes: 1

Views: 1897

Answers (2)

Eduardo Ramos
Eduardo Ramos

Reputation: 534

When the password_hash of the session is different from the current auth()->user() the laravel will automatically logout the user. This is done on this middleware:

vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php

If you update the password_hash on the session with the new hash password the user will be not logout.

session()->put([
   'password_hash_' . auth()->getDefaultDriver() => $user->getAuthPassword()
]);

Example:

session()->put([
   'password_hash_web' => "$2y$10$...hashpasswordstoredondatabase"
]);

Upvotes: 0

Quantumass
Quantumass

Reputation: 836

On the method ChangePasswordProcess in the controller, you have to re-authenticate the user which his password changed

public function ChangePasswordProcess(Request $request){
    /*User::find(auth()->user()->id)
    ->update([
        'password'=> Hash::make($request->password)
    ]);*/
    $userId = Auth::User()->id;
    $user = User::find($userId);
    $user->password = Hash::make($request->password);
    $user->save();

    Auth::login($user);
    
    return response()->json(['status' => 'success']);
}

Upvotes: 3

Related Questions