Laravel sometimes validation rule

Question

I am trying to validate a password field only if it is present. I want to allow someone to edit a user and they may or may not want to change the users password. So I thought I

Answer 1

I think it's generally safer to allow the user to change its password only if he can provided the old one.

Allowing the connected user to alter his password without providing the old one can be a security issue.

This is generally how I allow user password change with Laravel:

 $this->validate($request, [
            'user.old_password' => [],
            'user.password' => [
                'required_with:user.old_password',
                'min:6',
                'confirmed',
                'regex:/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*([-+_!@#$%^&*.,;?])).+$/',
                'different:user.old_password'
            ],
            'user.password_confirmation' => ['required_with:user.password'],
        ]);

This don't validate the old password as we don't care, the database will check it for us, but I validate the new password only if the old one is provided.