boenadmin/BastionSSO
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(强制改密): 登录态用户仅放行改密并优化首次改密流程

Browse Source 
- 强制改密用户修改密码时无需 current_password

- 保持其余接口返回423以阻止未改密操作
This commit is contained in:
Boen_Shi 2026-04-30 15:13:46 +08:00
parent 777c682a4e
commit d8ad5bd3dd
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/Http/Controllers/Api/AuthController.php
View File

@ -122,10 +122,15 @@ class AuthController extends Controller
/** @var User $user */ /** @var User $user */
$user = Auth::guard('api')->user(); $user = Auth::guard('api')->user();
$validated = $request->validate([ $rules = [
'current_password' => ['required', 'current_password:api'],
'password' => ['required', 'confirmed', Password::min(6)], 'password' => ['required', 'confirmed', Password::min(6)],
]); ];
if (! $user->force_password_change) {
$rules['current_password'] = ['required', 'current_password:api'];
}
$validated = $request->validate($rules);
$user->password = $validated['password']; $user->password = $validated['password'];
$user->force_password_change = false; $user->force_password_change = false;