Laravel sometimes validation rule

后端 未结 7 2201
孤街浪徒
孤街浪徒 2021-02-08 07:38

I am trying to validate a password field only if it is present. I want to allow someone to edit a user and they may or may not want to change the users password. So I thought I

7条回答
  •  遇见更好的自我
    2021-02-08 08:42

    I think it's generally safer to allow the user to change its password only if he can provided the old one.

    Allowing the connected user to alter his password without providing the old one can be a security issue.

    This is generally how I allow user password change with Laravel:

     $this->validate($request, [
                'user.old_password' => [],
                'user.password' => [
                    'required_with:user.old_password',
                    'min:6',
                    'confirmed',
                    'regex:/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*([-+_!@#$%^&*.,;?])).+$/',
                    'different:user.old_password'
                ],
                'user.password_confirmation' => ['required_with:user.password'],
            ]);
    

    This don't validate the old password as we don't care, the database will check it for us, but I validate the new password only if the old one is provided.

提交回复
热议问题