search

langleyfoxall / laravel-nist-password-rules

🔒 Laravel validation rules that follow the password related recommendations found in NIST Special Publication 800-63B section 5.
GNU Lesser General Public License v3.0
208 stars 49 forks source link

Can this package be used inside FormRequests? #26

Closed blorange2 closed 4 years ago

blorange2 commented 4 years ago

In my application I have an area where user's can update their password by providing:

I have a method that looks like this:

/**
 * Change the password for the current logged in user
 *
 * @param  Request $request
 * @return void
 */
public function changePassword(UpdatePassword $request)
{
    $data = $request->validated();

    auth()->user()->update(['password' => $data['new-password']]);

    event(new PasswordChanged(auth()->user()));

    return redirect()->back()->with('success', 'Your password has been updated successfully');
}

This uses a Form Request called UpdatePassword.

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;
use LangleyFoxall\LaravelNISTPasswordRules\PasswordRules;

class UpdatePassword extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'current-password' => 'required|string',
            'new-password' => array_merge(
                [
                    'regex:/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{6,}$/',
                ],
                PasswordRules::changePassword($this->email, $this->current_password),
            ),
        ];
    }

    /**
     * Get the error messages for the defined validation rules.
     *
     * @return array
     */
    public function messages()
    {
        return [
            'current-password.required' => 'Please enter your current password',
            'new-password.regex' => 'The password provided does not match the minimum strength requirement',
            'new-password.different' => 'Please ensure your new password is different to your old password',
            'new-password.confirmed' => 'Please ensure your new passwords match',
        ];
    }
}

I've tried to simply pass in the email and pass, but they're not real properties.

Is there any way to do what I'm attempting in this way?

DivineOmega commented 4 years ago

Try something similar to this:

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'current-password' => 'required|string',
            'new-password' => array_merge(
                [
                    'regex:/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{6,}$/',
                ],
                PasswordRules::changePassword(auth()->user()->email, $this->get('current-password')),
            ),
        ];
    }
blorange2 commented 4 years ago

I never considered using auth()->user(), I'll try now.

blorange2 commented 4 years ago

That works (y)