From ed3909782bec47ae752c75bf351f1662685f9f5d Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Mon, 9 Feb 2026 08:36:29 +0100 Subject: [PATCH] fix: implement password change for shop customers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The password change form on the profile page (``Mes coordonnées``) was scaffolded but never wired to any backend logic. The fields ``current-password``, ``new-password`` and ``new-password_confirmation`` were silently ignored by ``Customers::storeFull()``. - Add ``handlePasswordChange()`` in ``CustomerController`` that validates current password, confirmation match, and 8-char minimum before hashing and saving. - Remove ``required`` attribute from password fields so the form can submit for profile-only updates without filling password fields. - Strip password fields from request data before passing to ``storeFull()`` to avoid Eloquent mass-assignment noise. --- .../Controllers/Shop/CustomerController.php | 46 ++++++++++++++++++- .../passwords/password_confirmation.blade.php | 4 +- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/Shop/CustomerController.php b/app/Http/Controllers/Shop/CustomerController.php index 1c0ac6b7..fc14f0a5 100644 --- a/app/Http/Controllers/Shop/CustomerController.php +++ b/app/Http/Controllers/Shop/CustomerController.php @@ -8,6 +8,7 @@ use App\Repositories\Shop\CustomerAddresses; use App\Repositories\Shop\Customers; use App\Repositories\Shop\Offers; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Schema; use Illuminate\Support\Facades\Validator; @@ -117,9 +118,52 @@ class CustomerController extends Controller public function store(Request $request) { $data = $request->all(); + + $passwordError = $this->handlePasswordChange($request); + if ($passwordError) { + return redirect()->route('Shop.Customers.edit') + ->with('growl', [$passwordError, 'danger']); + } + + unset($data['current-password'], $data['new-password'], $data['new-password_confirmation']); + $customer = Customers::storeFull($data); - return redirect()->route('Shop.Customers.edit'); + $growl = $request->filled('new-password') + ? [__('Profil et mot de passe mis à jour.'), 'success'] + : [__('Profil mis à jour.'), 'success']; + + return redirect()->route('Shop.Customers.edit')->with('growl', $growl); + } + + protected function handlePasswordChange(Request $request) + { + if (! $request->filled('new-password')) { + return null; + } + + $customer = Customers::get(Customers::getId()); + + if (! $customer) { + return __('Impossible de modifier le mot de passe.'); + } + + if (! Hash::check($request->input('current-password'), $customer->password)) { + return __('Le mot de passe actuel est incorrect.'); + } + + if ($request->input('new-password') !== $request->input('new-password_confirmation')) { + return __('Les mots de passe ne correspondent pas.'); + } + + if (strlen($request->input('new-password')) < 8) { + return __('Le nouveau mot de passe doit contenir au moins 8 caractères.'); + } + + $customer->password = Hash::make($request->input('new-password')); + $customer->save(); + + return null; } public function storeAddress(Request $request) diff --git a/resources/views/Shop/auth/passwords/password_confirmation.blade.php b/resources/views/Shop/auth/passwords/password_confirmation.blade.php index 73c002e3..cfdd58ec 100644 --- a/resources/views/Shop/auth/passwords/password_confirmation.blade.php +++ b/resources/views/Shop/auth/passwords/password_confirmation.blade.php @@ -13,7 +13,7 @@
- +
@@ -21,6 +21,6 @@
- +