Projects that are generated with the built-in authentication don't include a handler/page highlighting how to update the password of the currently logged-in user. In this light, let's ensure that the generated auth application includes one.
This new handler (Auth::PasswordUpdateHandler) should be accessible from the "profile" page that is already generated for the auth application. Special care should be taken to ensure that the MartenAuth#update_session_auth_hash method is called upon a successful password change to refresh the session auth hash for the current user session.
Finally, the schema leveraged by this new handler should also ensure that the password can only be changed if the old password is correctly inputted by the currently logged-in user.
Description
Projects that are generated with the built-in authentication don't include a handler/page highlighting how to update the password of the currently logged-in user. In this light, let's ensure that the generated
authapplication includes one.This new handler (
Auth::PasswordUpdateHandler) should be accessible from the "profile" page that is already generated for theauthapplication. Special care should be taken to ensure that theMartenAuth#update_session_auth_hashmethod is called upon a successful password change to refresh the session auth hash for the current user session.Finally, the schema leveraged by this new handler should also ensure that the password can only be changed if the old password is correctly inputted by the currently logged-in user.