/**
* Update the password of a User.
*
* @param UserRequest $request
* @param int $uid
* @return Response
*/
public function updatePassword(UpdatePasswordRequest $request, $uid)
{
try {
// Make sure the user updating the password is the user themselves
// or a System Administrator.
$initiator = $request->header('ID');
if ($initiator != $uid) {
return response()->error(403);
}
$user = Sentinel::findById($uid);
if (!$user) {
return response()->error(404, 'User Not Found');
}
// Verify that the old password matches their current password in
// the database.
$oldPassword = ['password' => $request->old_password];
if (!Sentinel::validateCredentials($user, $oldPassword)) {
return response()->error(422, 'Incorrect old password!');
}
// Change their password to the new password.
$newPassword = ['password' => $request->new_password];
Sentinel::update($user, $newPassword);
return response()->success();
} catch (Exception $e) {
return response()->error();
}
}
