Changing a User’s Password with Sentinel and Laravel

Today I was throwing together a change password page (NOT a forgot password page, I’ll write that tutorial up shortly…) in an application using Sentinel and Laravel and thought I might as well post another tutorial on Sentinel as examples are rather hard to come by currently.

Two new routes are added to routes.php for the feature. The /resetpassword route will render our form and we will post our new password information to route /resetpasswordcomplete. These routes should only be available to users that are currently logged into the system. You can achieve this with either route filters in Laravel 4 or middleware in Laravel 5.


Route::get('resetpassword', array('as' => 'reset.password', 'uses' => 'PasswordController@edit'));
Route::post('resetpasswordcomplete', array('as' => 'reset.password.complete', 'uses' => 'PasswordController@update'));

We’ll start creating a view. This example looks for a view at views/passwords/reset.blade.php. I’m using Blade templates so it looked something like this:


@if (Session::get('error'))
  <div class="alert alert-error">
    {{ Session::get('error') }}
  </div>
@endif

{{ Form::open(array('route' => array('reset.password.complete'))) }}
  {{ Form::password('old_password', array('placeholder'=>'current password', 'required'=>'required')) }}
  {{ Form::password('password', array('placeholder'=>'new password', 'required'=>'required')) }}
  {{ Form::password('password_confirmation', array('placeholder'=>'new password confirmation', 'required'=>'required')) }}
  {{ Form::submit('Reset Password', array('class' => 'btn')) }}
{{ Form::close() }}

There’s a form field for the user’s current password, the user’s requested new password, and a confirmation for the new password.

Below is a snipped of what our PasswordController would look like, with its edit and update actions as necessary. The Sentinel facade provides the method Sentinel::getHasher() to retrieve the application’s current hashing strategy. Sentinel provides several hashing strategies documented here. The edit action just provides the form needed to reset the password and the update action checks the received info and makes sure the user entered their current password correctly as well as entered the same password in form fields password and password_confirmation.


    public function edit() {
        return View::make('passwords/reset');
    }

    public function update() {
        $hasher = Sentinel::getHasher();

        $oldPassword = Input::get('old_password');
        $password = Input::get('password');
        $passwordConf = Input::get('password_confirmation');

        $user = Sentinel::getUser();

        if (!$hasher->check($oldPassword, $user->password) || $password != $passwordConf) {
            Session::flash('error', 'Check input is correct.');
            return View::make('passwords/reset');
        }

        Sentinel::update($user, array('password' => $password));

        return Redirect::to('/');
    }

That’s all for letting a user change their password while they are logged in and can remember their password. Next up I’ll write a short tutorial on how to use Sentinel’s Reminder capability for users who have forgotten their passwords.

Advertisements
Changing a User’s Password with Sentinel and Laravel