diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php index a4f4912..a156799 100644 --- a/app/Http/Controllers/UsersController.php +++ b/app/Http/Controllers/UsersController.php @@ -4,6 +4,8 @@ namespace App\Http\Controllers; use App\Models\User; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Hash; +use App\Http\Requests\Auth\UpdatePasswordRequest; class UsersController extends Controller { @@ -70,4 +72,28 @@ class UsersController extends Controller 'username' => $user->username, ]); } + + /** + * @requestMediaType multipart/form-data + */ + + public function updatePassword(UpdatePasswordRequest $request) + { + $data = $request->validated(); + $user = $request->user(); + + if (!Hash::check($data['old_password'], $user->password)) { + return response()->json([ + 'message' => 'The provided password does not match your current password.', + ], 422); + } + + $user->update([ + 'password' => $data['new_password'], + ]); + + return response()->json([ + 'message' => 'Password updated successfully', + ]); + } } diff --git a/app/Http/Requests/Auth/RegisterRequest.php b/app/Http/Requests/Auth/RegisterRequest.php index b050cbc..b7b81e4 100644 --- a/app/Http/Requests/Auth/RegisterRequest.php +++ b/app/Http/Requests/Auth/RegisterRequest.php @@ -26,7 +26,16 @@ class RegisterRequest extends FormRequest return [ 'username' => ['required', 'string', 'max:120', 'unique:users,username'], 'email' => ['required', 'string', 'email', 'max:255', 'unique:users,email'], - 'password' => ['required', 'string', Password::defaults(), 'confirmed'], + 'password' => [ + 'required', + 'string', + Password::min(8) + ->letters() + ->mixedCase() + ->numbers() + ->symbols(), + 'confirmed', + ], 'device_name' => ['nullable', 'string', 'max:255'], 'avatar' => ['nullable', 'image', 'max:10240'], ]; diff --git a/app/Http/Requests/Auth/UpdatePasswordRequest.php b/app/Http/Requests/Auth/UpdatePasswordRequest.php new file mode 100644 index 0000000..4c619fe --- /dev/null +++ b/app/Http/Requests/Auth/UpdatePasswordRequest.php @@ -0,0 +1,40 @@ +> + */ + public function rules(): array + { + return [ + 'old_password' => ['required', 'string', 'min:8'], + 'new_password' => [ + 'required', + 'string', + Password::min(8) + ->letters() + ->mixedCase() + ->numbers() + ->symbols(), + 'confirmed', + ], + ]; + } +} diff --git a/routes/api.php b/routes/api.php index f93b788..a59be22 100644 --- a/routes/api.php +++ b/routes/api.php @@ -36,6 +36,7 @@ Route::middleware('auth:sanctum')->group(function (): void { // User Route::get('users/leaderboard', [UsersController::class, 'leaderboard']); Route::put('users/update/username', [UsersController::class, 'updateUsername']); + Route::put('users/update/password', [UsersController::class, 'updatePassword']); Route::get('users/{user}', [UsersController::class, 'show']); Route::post('users/{user}/avatar', [UsersController::class, 'updateAvatar']); Route::post('hunts/{hunt}/participate', [HuntsController::class, 'participate']);