Social Authentication with Laravel
This episode is for members only

Sign up to access "Social Authentication with Laravel" right now.

Get started
Already a member? Sign in to continue
Playing
10. Allowing a user to set a password

Episodes

0%
Your progress
  • Total: 1h 4m
  • Played: 0m
  • Remaining: 1h 4m
Join or sign in to track your progress

Transcript

00:00
OK, so we have one problem here. Depending on the starter kit you're using, or if you're using a starter kit at all,
00:06
you're eventually going to want users to change their password. Now, because we're using social authentication here just to log the user in and create an account, that means that they now have an account on your app,
00:18
but they also have the ability to set a password. So of course, you can change around the flow here to just disable passwords altogether if you're not allowing users to register with an e-mail address
00:29
and a password, but in our case, we have this update password bit here. So personally, I'd like users to be able to set a password and log in with their username
00:40
and password if they wanted to. OK, so we've got this update password here. When I try and set this, the problem that we have is over in the database, we don't have a password column.
00:50
So I could try and set a new password in here if I wanted to, but it's not going to work. My current password is null, so even if I fill this in with something that's just
01:00
completely irrelevant, it's just not going to work. In fact, we get an error here. So we'll fix this up. So if you do want to allow passwords, this will work,
01:08
and the user can set a new password. OK, so the first thing that we need to do, if a user does not have a password, if they have just signed it up with either X or GitHub,
01:19
they don't have a current password. So we kind of want to hide this from the form. So what we're going to do is head over to the user model, and I'm going to add in a really simple helper method
01:30
on here called HasPassword. So that will just allow us to really easily use that anywhere we need. So all this is going to do is just check
01:39
if the password is not null. So we're just going to pass in the user's password here, check it's not null, and we now have a nice helper for this, so we don't have to do this in our templates.
01:49
So we're going to head over to where in Laravel Breeze specifically all of this stuff is. So if we just come over to Resources, Views, and Auth, we have the, oh no, it might be on a profile, yes.
02:03
So we've got this update password form. So let's open this up and let's look for current password, and that's just here. So we can pretty much just wrap that in an if statement.
02:14
So we'll say if user has password, then of course we want to show the current password, otherwise we don't. So let's end the if statement here,
02:24
pull this in, and there we go. So now we don't have a password, but we have the ability to set a new password if we want to. Now this still isn't going to work.
02:33
We saw an error with this earlier, so if I try and set a new password here and save that, nothing's going to work. We haven't actually set a password here.
02:42
If we just check this out, nothing's been done. So to update this, we're going to come over to the Password Controller under Controllers and Auth, and we're going to look at where this is validating.
02:51
So it's validating just here when we update this, and we are requiring a current password in here. This is required, and it needs to match the current password of the user.
03:02
Now the user doesn't have a password, and we have gotten rid of that field, so obviously we need to change this around. So there are a bunch of clever things that we could do
03:10
in here to try and sort of make these required rules go away if the user doesn't have a password, but to be honest, I'm just going to do a really simple ternary in here
03:20
and just return an empty array for the current password if we don't have a password. So we're just going to say if not auth user has password, so we'll use that helper.
03:33
If they don't have a password, we'll just give an empty array here for this current password rule. Otherwise, we'll give the standard rules
03:41
that we would expect. So that's pretty much it, to be honest. If we come over now, what we should see is when I type in a new password and hit save,
03:50
and we go over, that has now set a password. So what that means is as well as logging in with these two, I can just normally come over to login, I can enter my email address,
04:04
enter that password I just set, and I can sign in as well. So that's how easy it is to just swap that over if you wanted to allow passwords to be set
04:13
when the user has authenticated with some sort of social service. And to be honest, that is pretty much it. We are now allowing users to change their password,
04:23
and of course, we're getting rid of that current password if the user does not really have a password. So if I wanted to change my password now that I've set one, of course, that is going to work as normal.

Episode summary

In this episode, we look at how to let users set a password in your app, especially if they've signed up using social authentication (like GitHub or Twitter). By default, the user account created through social login won't have a password set, but you might still want to give users the option to set one, so they can log in the traditional way too.

We walk through the gotchas you might hit if your user table doesn't include a password, or if your forms still expect users to have an existing password. We tweak the logic so that users who don't have a password won't be required to enter their "current password" on the change password form, making the process as smooth as possible.

You'll see how to add a simple hasPassword helper method to the user model, update Blade templates to hide or show form fields depending on whether the user has a password, and adjust the password controller to skip validation on the current password if it's not needed. Finally, we demo how a user can set a password for the first time, and then successfully use password login alongside their social authentication. It's a practical episode for anyone adding flexibility to the login system!

Episode discussion

No comments, yet. Be the first!