2FAuth/app/Http/Controllers/Auth/PasswordController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Http\Requests\UserPatchPwdRequest;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Log;

class PasswordController extends Controller
{
    /**
     * Update the user's password.
     *
     * @return \Illuminate\Http\JsonResponse
     */
    public function update(UserPatchPwdRequest $request)
    {
        $user      = $request->user();
        $validated = $request->validated();

        if (config('auth.defaults.guard') === 'reverse-proxy-guard' || $user->oauth_provider) {
            Log::notice('Password update rejected: reverse-proxy-guard enabled or account from external sso provider');

            return response()->json(['message' => __('errors.account_managed_by_external_provider')], 400);
        }

        if (! Hash::check($validated['currentPassword'], Auth::user()->password)) {
            Log::notice('Password update failed: wrong password provided');

            return response()->json(['message' => __('errors.wrong_current_password')], 400);
        }

        if (! config('2fauth.config.isDemoApp')) {
            $user->update([
                'password' => bcrypt($validated['password']),
            ]);
            Log::info(sprintf('Password of user ID #%s updated', $user->id));
        }

        return response()->json(['message' => __('auth.forms.password_successfully_changed')]);
    }
}
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00			`<?php`

Add WebAuthn authentication 2022-03-15 14:47:07 +01:00			`namespace App\Http\Controllers\Auth;`
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00
			`use App\Http\Controllers\Controller;`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`use App\Http\Requests\UserPatchPwdRequest;`
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00			`use Illuminate\Support\Facades\Auth;`
			`use Illuminate\Support\Facades\Hash;`
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`use Illuminate\Support\Facades\Log;`
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00
			`class PasswordController extends Controller`
			`{`
			`/**`
			`* Update the user's password.`
			`*`
Update controllers doc block 2021-11-26 11:18:58 +01:00			`* @return \Illuminate\Http\JsonResponse`
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00			`*/`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`public function update(UserPatchPwdRequest $request)`
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00			`{`
Complete SSO (user model, error cases, tests, views) & Add github provider 2023-12-09 17:22:24 +01:00			`$user = $request->user();`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`$validated = $request->validated();`
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00
Complete SSO (user model, error cases, tests, views) & Add github provider 2023-12-09 17:22:24 +01:00			`if (config('auth.defaults.guard') === 'reverse-proxy-guard' \|\| $user->oauth_provider) {`
			`Log::notice('Password update rejected: reverse-proxy-guard enabled or account from external sso provider');`

			`return response()->json(['message' => __('errors.account_managed_by_external_provider')], 400);`
			`}`

Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! Hash::check($validated['currentPassword'], Auth::user()->password)) {`
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`Log::notice('Password update failed: wrong password provided');`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00			`return response()->json(['message' => __('errors.wrong_current_password')], 400);`
			`}`

Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! config('2fauth.config.isDemoApp')) {`
Complete SSO (user model, error cases, tests, views) & Add github provider 2023-12-09 17:22:24 +01:00			`$user->update([`
Refactor Auth controllers : thicker, with Form requests & API resource 2021-10-01 13:40:37 +02:00			`'password' => bcrypt($validated['password']),`
Prevent account and password change while in demo mode 2020-03-18 22:59:45 +01:00			`]);`
Complete SSO (user model, error cases, tests, views) & Add github provider 2023-12-09 17:22:24 +01:00			`Log::info(sprintf('Password of user ID #%s updated', $user->id));`
Prevent account and password change while in demo mode 2020-03-18 22:59:45 +01:00			`}`
Refactore Profile controllers and routes 2020-03-03 22:09:06 +01:00
			`return response()->json(['message' => __('auth.forms.password_successfully_changed')]);`
			`}`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`}`