Merge pull request 'added support for resetting a password while logged in' (#4) from account-page-password-reset into main

Reviewed-on: #4

app/Http/Controllers/AuthController.php

@@ -4,6 +4,7 @@ namespace App\Http\Controllers;
 
 use App\Http\Requests\LoginRequest;
 use App\Http\Requests\PasswordResetRequest;
+use App\Http\Requests\PasswordResetWithTokenRequest;
 use App\Http\Requests\RegisterRequest;
 use App\Models\Invitation;
 use App\Models\Role;
@@ -11,6 +12,7 @@ use App\Models\User;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Password;
 
 class AuthController extends Controller
@@ -54,6 +56,24 @@ class AuthController extends Controller
     }
 
     public function resetPassword(PasswordResetRequest $request)
+    {
+        $user = Auth::user();
+        $validatedData = $request->validated();
+
+        if (! Hash::check($request->current_password, $user->password)) {
+            return response()->json(['message' => 'Current password is incorrect.'], 422);
+        }
+
+        try {
+            $user->forceFill(['password' => $validatedData['password']])->save();
+        } catch (\Exception $e) {
+            return response()->json(['message' => 'Password reset failed.'], 400);
+        }
+
+        return response()->json(['message' => 'Password reset successful.']);
+    }
+
+    public function resetPasswordWithToken(PasswordResetWithTokenRequest $request)
     {
         $updatedUser = null;
 

app/Http/Requests/PasswordResetRequest.php

@@ -24,8 +24,7 @@ class PasswordResetRequest extends FormRequest
         return [
             'password' => 'required|string|min:8|confirmed',
             'password_confirmation' => 'string',
-            'token' => 'required|string',
-            'email' => 'required|email|exists:users,email',
+            'current_password' => 'required|string',
         ];
     }
 }

app/Http/Requests/PasswordResetWithTokenRequest.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class PasswordResetWithTokenRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            'password' => 'required|string|min:8|confirmed',
+            'password_confirmation' => 'string',
+            'token' => 'required|string',
+            'email' => 'required|email|exists:users,email',
+        ];
+    }
+}

routes/api.php

@@ -11,6 +11,7 @@ use Illuminate\Support\Facades\Route;
 Route::post('/register', [AuthController::class, 'register'])->name('auth.register');
 Route::post('/login', [AuthController::class, 'login'])->name('auth.login');
 Route::post('/forgot-password', [AuthController::class, 'forgotPassword'])->name('auth.forgot-password');
+Route::post('/reset-password-token', [AuthController::class, 'resetPasswordWithToken'])->name('auth.reset-password-with-token');
 Route::get('/invitations/{token}/accept', [InvitationController::class, 'accept'])->name('invitations.accept');
 Route::get('/invitations/{token}/decline', [InvitationController::class, 'decline'])->name('invitations.decline');