I am trying to validate a password field only if it is present. I want to allow someone to edit a user and they may or may not want to change the users password. So I thought I could this using Laravels validation rules, specifically the 'sometimes' rule. I have this set of rules:
$this->validate($request, [
'password' => 'sometimes|required|min:8',
]);
This is simplified for the example, there will usually be other rules for other fields and stricter rules for the password. I expect this to only apply the min:8 rule if the password field is present in the passed data, but if I leave the password field empty I get a validation error saying the password field is required.
I'm not sure what I'm not understanding in the docs. Do I need to manually remove the password field before validation if it is the form input was submitted empty like this?
$data = $request->all();
if ('' === $data['password']) {
unset($data['password'])
}
...and then pass the array into the validator. I think this makes sense but I could do with some confirmation that I'm understanding it correctly. Thanks in advance.
sometimes adds the defined validation conditions to a given field if the field is present in the request. It's therefore useful in situations where you wish to run validation checks against a field only if that field is present in the request.
Each form request generated by Laravel has two methods: authorize and rules .
you can easily use bail validation in laravel 6, laravel 7, laravel 8 and laravel 9. If you added more then one validation on your field like required, integer, min and max then if first is fail then other should stop to display error message. right now by default it print other too.
Docs don't make it clear, But removing required makes it work.
$this->validate($request, [
'password' => 'sometimes|min:8',
]);
This is an old question, but there's a lot of confusion in the answers above. This is currently the first result on Google for "sometimes validation rule", so I hope I can clarify things a bit for fellow googlers:
Rule sometimes
works like this:
Note that doesn't exist means that the field never got submitted (isset($_POST['password']) === false
), it's not the same as a field being submitted with an empty string or null or 0 value - therefore
'sometimes|required|min:8'
will work only if the form has no password field at all, or it's disabled so that it's never submitted.
If password field is there, just left empty and then form gets submitted, we will still get 'password' => null
and for sometimes
it means it exists, so the rest of the rules will be applied (and since required field can't be null the request will fail).
What OP really needs is:
'password' => 'nullable|min:8',
Presuming that password field will always be present in the request, just sometimes its value can be left empty.
I think we should tell laravel If password is not empty put the rules otherwise do nothing.
$this->validate($request, [
'password' => $request->password != null ?'sometimes|required|min:8': ''
]);
"I am trying to validate a password field only if it is present."
To do this, you can use the "nullable" rule within the validation system.
For example:
$this->validate($request, [
'password' => 'sometimes|nullable|min:8',
]);
For more information take a look at https://laravel.com/docs/5.6/validation section under "A Note On Optional Fields"
I think it's generally safer to allow the user to change its password only if he can provided the old one.
Allowing the connected user to alter his password without providing the old one can be a security issue.
This is generally how I allow user password change with Laravel:
$this->validate($request, [
'user.old_password' => [],
'user.password' => [
'required_with:user.old_password',
'min:6',
'confirmed',
'regex:/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*([-+_!@#$%^&*.,;?])).+$/',
'different:user.old_password'
],
'user.password_confirmation' => ['required_with:user.password'],
]);
This don't validate the old password as we don't care, the database will check it for us, but I validate the new password only if the old one is provided.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With