Validate password on reset according to rules (#158)

* move password rules to Models\User::PASSWORD_RULES * validate new password according to rules on password reset * add password requirements info to auth.passwords.reset view
2024-11-22 17:12:30 +01:00 · 2016-10-30 21:02:39 +01:00 · 2016-10-30 21:02:39 +01:00 · e65dc5708d
commit e65dc5708d
parent 9d69f47ade
4 changed files with 17 additions and 1 deletions
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@ -31,4 +31,12 @@ class ResetPasswordController extends Controller
    {
        $this->middleware('guest');
    }
+
+
+    protected function rules() {
+        return [
+            'token' => 'required', 'email' => 'required|email',
+            'password' => 'required|confirmed|' . User::PASSWORD_RULES,
+        ];
+    }
 }
--- a/app/Http/Controllers/Base/AccountController.php
+++ b/app/Http/Controllers/Base/AccountController.php
@ -84,7 +84,7 @@ class AccountController extends Controller

        $this->validate($request, [
            'current_password' => 'required',
-            'new_password' => 'required|confirmed|different:current_password|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
+            'new_password' => 'required|confirmed|different:current_password|' . Models\User::PASSWORD_RULES,
            'new_password_confirmation' => 'required'
        ]);

--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -76,6 +76,13 @@ class User extends Model implements AuthenticatableContract,
     */
    protected $hidden = ['password', 'remember_token', 'totp_secret'];

+    /**
+    * The rules for user passwords
+    * 
+    * @var string
+    */
+    const PASSWORD_RULES = 'min:8|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})';
+
    public function permissions()
    {
        return $this->hasMany(Permission::class);
--- a/resources/views/auth/passwords/reset.blade.php
+++ b/resources/views/auth/passwords/reset.blade.php
@ -55,6 +55,7 @@
                            <strong>{{ $errors->first('password') }}</strong>
                        </span>
                    @endif
+                    <p class="text-muted"><small>{{ trans('base.password_req') }}</small></p>
                </div>
            </div>
            <div class="form-group">