From d8ad5bd3dd5a811203d8fde2569d0147cdef9d81 Mon Sep 17 00:00:00 2001
From: Boen_Shi <boen.shi@qq.com>
Date: Thu, 30 Apr 2026 15:13:46 +0800
Subject: [PATCH] =?UTF-8?q?fix(=E5=BC=BA=E5=88=B6=E6=94=B9=E5=AF=86):=20?=
 =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=80=81=E7=94=A8=E6=88=B7=E4=BB=85=E6=94=BE?=
 =?UTF-8?q?=E8=A1=8C=E6=94=B9=E5=AF=86=E5=B9=B6=E4=BC=98=E5=8C=96=E9=A6=96?=
 =?UTF-8?q?=E6=AC=A1=E6=94=B9=E5=AF=86=E6=B5=81=E7=A8=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 强制改密用户修改密码时无需 current_password

- 保持其余接口返回423以阻止未改密操作
---
 app/Http/Controllers/Api/AuthController.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Api/AuthController.php b/app/Http/Controllers/Api/AuthController.php
index c52bdf8..dcd12ef 100644
--- a/app/Http/Controllers/Api/AuthController.php
+++ b/app/Http/Controllers/Api/AuthController.php
@@ -122,10 +122,15 @@ class AuthController extends Controller
         /** @var User $user */
         $user = Auth::guard('api')->user();
 
-        $validated = $request->validate([
-            'current_password' => ['required', 'current_password:api'],
+        $rules = [
             'password' => ['required', 'confirmed', Password::min(6)],
-        ]);
+        ];
+
+        if (! $user->force_password_change) {
+            $rules['current_password'] = ['required', 'current_password:api'];
+        }
+
+        $validated = $request->validate($rules);
 
         $user->password = $validated['password'];
         $user->force_password_change = false;