coolify/app/Actions/Fortify/UpdateUserPassword.php
Heyang Gong 058ec42699 fix(auth): enforce global oauth_only and return validation errors instead of exceptions
- Add global instanceSettings()->oauth_only check in FortifyServiceProvider
- ResetUserPassword: Use ValidationException instead of Exception, add global check
- UpdateUserPassword: Use ValidationException instead of Exception, add global check
2026-03-10 08:42:36 +08:00

40 lines
1.3 KiB
PHP

<?php
namespace App\Actions\Fortify;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rules\Password;
use Illuminate\Validation\ValidationException;
use Laravel\Fortify\Contracts\UpdatesUserPasswords;
class UpdateUserPassword implements UpdatesUserPasswords
{
/**
* Validate and update the user's password.
*
* @param array<string, string> $input
*/
public function update(User $user, array $input): void
{
$settings = instanceSettings();
// Prevent OAuth-only users from updating passwords
if ($settings->oauth_only || $user->oauth_only) {
throw ValidationException::withMessages([
'current_password' => __('Password update is disabled for OAuth-only accounts.'),
]);
}
Validator::make($input, [
'current_password' => ['required', 'string', 'current_password:web'],
'password' => ['required', Password::defaults(), 'confirmed'],
], [
'current_password.current_password' => __('The provided password does not match your current password.'),
])->validateWithBag('updatePassword');
$user->forceFill([
'password' => Hash::make($input['password']),
])->save();
}
}