Laravel 5.4: Unable to customise reset password validation

Question

How can I override the default validation for resetting passwords in Laravel's auth scaffolding?

I've copied the following methods from the ResetsPasswords trait and into my ResetPasswordController:

public function reset(Request $request)
{
    $this->validate($request, $this->rules(), $this->validationErrorMessages());

    // Here we will attempt to reset the user's password. If it is successful we
    // will update the password on an actual user model and persist it to the
    // database. Otherwise we will parse the error and return the response.
    $response = $this->broker()->reset(
        $this->credentials($request), function ($user, $password) {
            $this->resetPassword($user, $password);
        }
    );

    // If the password was successfully reset, we will redirect the user back to
    // the application's home authenticated view. If there is an error we can
    // redirect them back to where they came from with their error message.
    return $response == Password::PASSWORD_RESET
                ? $this->sendResetResponse($response)
                : $this->sendResetFailedResponse($request, $response);
}

/**
 * Get the password reset validation rules.
 *
 * @return array
 */
protected function rules()
{
    return [
        'token' => 'required',
        'email' => 'required|email',
        'password' => 'required|confirmed|min:6',
    ];
}

If I remove a rule eg 'min:6' error messages are still returned when using a password which is less than 6 characters in length.

I've reffered to the relevant documentation,but I haven't been able to take it what I need from it.

Any help would be much appreciated, thanks in advance.

Answer 1

I believe the issue is coming from validation, since you are using $this->validate method you don't have full control of validation process.

Usually, overwriting validation rules in ResetPasswordController would have resolved the issue.

Here is another way, let's use Validator class directly so we can have full control in Auth\\ResetPasswordController

public function reset(Request $request)
{
    $validator = validator($request->all(), [
        'token' => 'required',
        'email' => 'required|email',
        'password' => 'required|confirmed|min:6',
    ], $this->validationErrorMessages());

    if($validator->fails())
    {
        //do stuffs here like
        return redirect()->back()->withErrors($validator);
    }

    //if we get here means validation passed :) so lets allow these to continue

    // Here we will attempt to reset the user's password. If it is successful we
    // will update the password on an actual user model and persist it to the
    // database. Otherwise we will parse the error and return the response.
    $response = $this->broker()->reset(
        $this->credentials($request), function ($user, $password) {
        $this->resetPassword($user, $password);
    }
    );

    // If the password was successfully reset, we will redirect the user back to
    // the application's home authenticated view. If there is an error we can
    // redirect them back to where they came from with their error message.
    if($response == Password::PASSWORD_RESET)
    {
        //means password reset was successful
        return redirect()->to('/dashboard');
    }else{
        //means reset failed
        return redirect()->back()
            ->withInput($request->only('email'))
            ->withErrors(['email' => trans($response)]);
    }
}

NB: Ensure you are using the right route You could use:

Route::post('/reset-password', [
    'uses'=>'Auth\ResetPasswordController@reset',
    'as' => 'reset'
]);