jev/opensem
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: implement password change for shop customers

Browse Source 
The password change form on the profile page (``Mes coordonnées``)
was scaffolded but never wired to any backend logic. The fields
``current-password``, ``new-password`` and ``new-password_confirmation``
were silently ignored by ``Customers::storeFull()``.

- Add ``handlePasswordChange()`` in ``CustomerController`` that
  validates current password, confirmation match, and 8-char minimum
  before hashing and saving.
- Remove ``required`` attribute from password fields so the form can
  submit for profile-only updates without filling password fields.
- Strip password fields from request data before passing to
  ``storeFull()`` to avoid Eloquent mass-assignment noise.
This commit is contained in:
Valentin Lab
2026-02-09 08:36:29 +01:00
parent 4fbbe991d9
commit ed3909782b
2 changed files with 47 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
app/Http/Controllers/Shop/CustomerController.php
View File

@@ -8,6 +8,7 @@ use App\Repositories\Shop\CustomerAddresses;
use App\Repositories\Shop\Customers;
use App\Repositories\Shop\Offers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Facades\Validator;
@@ -117,9 +118,52 @@ class CustomerController extends Controller
public function store(Request $request)
{
$data = $request->all();
$passwordError = $this->handlePasswordChange($request);
if ($passwordError) {
return redirect()->route('Shop.Customers.edit')
->with('growl', [$passwordError, 'danger']);
}
unset($data['current-password'], $data['new-password'], $data['new-password_confirmation']);
$customer = Customers::storeFull($data);
return redirect()->route('Shop.Customers.edit');
$growl = $request->filled('new-password')
? [__('Profil et mot de passe mis à jour.'), 'success']
: [__('Profil mis à jour.'), 'success'];
return redirect()->route('Shop.Customers.edit')->with('growl', $growl);
}
protected function handlePasswordChange(Request $request)
{
if (! $request->filled('new-password')) {
return null;
}
$customer = Customers::get(Customers::getId());
if (! $customer) {
return __('Impossible de modifier le mot de passe.');
}
if (! Hash::check($request->input('current-password'), $customer->password)) {
return __('Le mot de passe actuel est incorrect.');
}
if ($request->input('new-password') !== $request->input('new-password_confirmation')) {
return __('Les mots de passe ne correspondent pas.');
}
if (strlen($request->input('new-password')) < 8) {
return __('Le nouveau mot de passe doit contenir au moins 8 caractères.');
}
$customer->password = Hash::make($request->input('new-password'));
$customer->save();
return null;
}
public function storeAddress(Request $request)

4
resources/views/Shop/auth/passwords/password_confirmation.blade.php
View File

@@ -13,7 +13,7 @@
<label for="new-password" class="col-md-6 control-label text-right">Nouveau mot de passe</label>
<div class="col-md-6">
<input id="new-password" type="password" class="form-control" name="new-password" required>
<input id="new-password" type="password" class="form-control" name="new-password">
</div>
</div>
@@ -21,6 +21,6 @@
<label for="new-password-confirm" class="col-md-6 control-label text-right">Confirmez votre mot de passe</label>
<div class="col-md-6">
<input id="new-password-confirm" type="password" class="form-control" name="new-password_confirmation" required>
<input id="new-password-confirm" type="password" class="form-control" name="new-password_confirmation">
</div>
</div>