Fix updating password

Author: driesvints

app/Http/Requests/UpdatePasswordRequest.php

@@ -9,10 +9,15 @@ class UpdatePasswordRequest extends Request
 {
     public function rules()
     {
-        return [
-            'current_password' => ['sometimes', 'required', new PasscheckRule()],
+        $rules = [
             'password' => ['required', 'confirmed', Password::min(8)->uncompromised()],
         ];
+
+        if ($this->user()->hasPassword()) {
+            $rules['current_password'] = ['required', new PasscheckRule()];
+        }
+
+        return $rules;
     }
 
     public function newPassword(): string

tests/Feature/SettingsTest.php

@@ -82,6 +82,19 @@
     assertPasswordWasHashedAndSaved();
 });
 
+test('current password is required when updating your password', function () {
+    $this->login();
+
+    $this->visit('/settings')
+        ->submitForm('Update Password', [
+            'password' => 'QFq^$cz#P@MZa5z7',
+            'password_confirmation' => 'QFq^$cz#P@MZa5z7',
+        ])
+        ->seePageIs('/settings')
+        ->see('Something went wrong. Please review the fields below.')
+        ->see('The current password field is required.');
+});
+
 test('users cannot update their password when it has been compromised in data leaks', function () {
     $this->login();