filament-breezy icon indicating copy to clipboard operation
filament-breezy copied to clipboard

Published 20 hours ago verified publisher icon jeffgreco13

[feature request] Require current password when changing password

Open telkins opened this issue 3 years ago • 3 comments

(I tried to request a feature but got a 404, so I apologize for submitting this in this manner.)

Wouldn't it be more secure to require a user to submit their current password when changing their password?

That's my feature request: that the user must supply their current password when changing their password.

Hope that makes sense. 🤓

telkins avatar Aug 25 '22 14:08 telkins

I was thinking that this should be added as well. Both because it prevents a password from being changed (say if you stay logged in while you leave your desk), but it also prevents against accidental changing.

emmadesilva avatar Aug 29 '22 18:08 emmadesilva

Hey @telkins @caendesilva there was actually a bit of conversation about this in the breezy channel. At the time we deemed it not necessary, but I think this would make sense as a config option. I am going to review this in my next release!

jeffgreco13 avatar Aug 29 '22 18:08 jeffgreco13

Hey @telkins @caendesilva there was actually a bit of conversation about this in the breezy channel. At the time we deemed it not necessary, but I think this would make sense as a config option. I am going to review this in my next release!

Thx, @jeffgreco13 . Let me know if there's anything I can do to help. 🤓

telkins avatar Aug 30 '22 08:08 telkins

My solution for this problem:

Custom ProfilePage

[...]
use JeffGreco13\FilamentBreezy\Pages\MyProfile as BaseProfile;

class UserProfile extends BaseProfile
[...]

[...]
protected function getUpdatePasswordFormSchema(): array
{
    return [
        Forms\Components\TextInput::make('current_password')
            ->label(__('Current Password'))
            ->password()
            ->currentPassword()
            ->required(),
        Forms\Components\TextInput::make('new_password')
            ->label(__('filament-breezy::default.fields.new_password'))
            ->password()
            ->rules([Password::defaults()])
            ->different('current_password')
            ->required(),
        Forms\Components\TextInput::make('new_password_confirmation')
            ->label(__('filament-breezy::default.fields.new_password_confirmation'))
            ->password()
            ->same('new_password')
            ->required(),
    ];
}

public function updatePassword()
{
    parent::updatePassword();

    $this->reset(['current_password']);
}
[...]

21p-sk avatar Dec 13 '22 14:12 21p-sk

My solution for this problem:

I think this looks really nice, and since it's so simple and lightweight it shouldn't add much footprint to the package by offering it as a config option in the base class.

emmadesilva avatar Dec 13 '22 17:12 emmadesilva

Any follow up on this one?

StanMenten-bp avatar Mar 31 '23 11:03 StanMenten-bp

Available in Breezy v2

jeffgreco13 avatar Aug 09 '23 21:08 jeffgreco13