. */ namespace App\Http\Controllers\Api\Account; use Illuminate\Http\Request; use Illuminate\Support\Facades\Log; use App\Http\Controllers\Controller; use App\Rules\PasswordAlgorithm; class PasswordController extends Controller { public function update(Request $request) { $request->validate([ 'algorithm' => ['required', new PasswordAlgorithm], 'password' => 'required', ]); $account = $request->user(); $account->activated = true; $account->save(); $algorithm = $request->get('algorithm'); if ($account->passwords()->count() > 0) { $request->validate(['old_password' => 'required']); foreach ($account->passwords as $password) { if (hash_equals( $password->password, bchash($account->username, $account->resolvedRealm, $request->get('old_password'), $password->algorithm) )) { $account->updatePassword($request->get('password'), $algorithm); Log::channel('events')->info('API: Account password updated', ['id' => $account->identifier]); return response()->json(); } } return response()->json(['errors' => ['old_password' => 'Incorrect old password']], 422); } $account->updatePassword($request->get('password'), $algorithm); } }