fix: implement password change for shop customers
The password change form on the profile page (``Mes coordonnées``) was scaffolded but never wired to any backend logic. The fields ``current-password``, ``new-password`` and ``new-password_confirmation`` were silently ignored by ``Customers::storeFull()``. - Add ``handlePasswordChange()`` in ``CustomerController`` that validates current password, confirmation match, and 8-char minimum before hashing and saving. - Remove ``required`` attribute from password fields so the form can submit for profile-only updates without filling password fields. - Strip password fields from request data before passing to ``storeFull()`` to avoid Eloquent mass-assignment noise.
This commit is contained in:
Valentin Lab
@@ -8,6 +8,7 @@ use App\Repositories\Shop\CustomerAddresses;
|
||||
use App\Repositories\Shop\Customers;
|
||||
use App\Repositories\Shop\Offers;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
|
||||
@@ -117,9 +118,52 @@ class CustomerController extends Controller
|
||||
public function store(Request $request)
|
||||
{
|
||||
$data = $request->all();
|
||||
|
||||
$passwordError = $this->handlePasswordChange($request);
|
||||
if ($passwordError) {
|
||||
return redirect()->route('Shop.Customers.edit')
|
||||
->with('growl', [$passwordError, 'danger']);
|
||||
}
|
||||
|
||||
unset($data['current-password'], $data['new-password'], $data['new-password_confirmation']);
|
||||
|
||||
$customer = Customers::storeFull($data);
|
||||
|
||||
return redirect()->route('Shop.Customers.edit');
|
||||
$growl = $request->filled('new-password')
|
||||
? [__('Profil et mot de passe mis à jour.'), 'success']
|
||||
: [__('Profil mis à jour.'), 'success'];
|
||||
|
||||
return redirect()->route('Shop.Customers.edit')->with('growl', $growl);
|
||||
}
|
||||
|
||||
protected function handlePasswordChange(Request $request)
|
||||
{
|
||||
if (! $request->filled('new-password')) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$customer = Customers::get(Customers::getId());
|
||||
|
||||
if (! $customer) {
|
||||
return __('Impossible de modifier le mot de passe.');
|
||||
}
|
||||
|
||||
if (! Hash::check($request->input('current-password'), $customer->password)) {
|
||||
return __('Le mot de passe actuel est incorrect.');
|
||||
}
|
||||
|
||||
if ($request->input('new-password') !== $request->input('new-password_confirmation')) {
|
||||
return __('Les mots de passe ne correspondent pas.');
|
||||
}
|
||||
|
||||
if (strlen($request->input('new-password')) < 8) {
|
||||
return __('Le nouveau mot de passe doit contenir au moins 8 caractères.');
|
||||
}
|
||||
|
||||
$customer->password = Hash::make($request->input('new-password'));
|
||||
$customer->save();
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public function storeAddress(Request $request)
|
||||
|
||||
Reference in New Issue
Block a user