Laravel sometimes validation rule

Question

I am trying to validate a password field only if it is present. I want to allow someone to edit a user and they may or may not want to change the users password. So I thought I could this using Laravels validation rules, specifically the 'sometimes' rule. I have this set of rules:

$this->validate($request, [
    'password' => 'sometimes|required|min:8',
]);

This is simplified for the example, there will usually be other rules for other fields and stricter rules for the password. I expect this to only apply the min:8 rule if the password field is present in the passed data, but if I leave the password field empty I get a validation error saying the password field is required.

I'm not sure what I'm not understanding in the docs. Do I need to manually remove the password field before validation if it is the form input was submitted empty like this?

$data = $request->all();

if ('' === $data['password']) {
    unset($data['password'])
}

...and then pass the array into the validator. I think this makes sense but I could do with some confirmation that I'm understanding it correctly. Thanks in advance.

Answer 1

Docs don't make it clear, But removing required makes it work.

$this->validate($request, [
    'password' => 'sometimes|min:8',
]);

Answer 2

This is an old question, but there's a lot of confusion in the answers above. This is currently the first result on Google for "sometimes validation rule", so I hope I can clarify things a bit for fellow googlers:

Rule sometimes works like this:

• If the field exists in the request, validate it with the rest of rules;
• If the field doesn't exist do nothing.

Note that doesn't exist means that the field never got submitted (isset($_POST['password']) === false), it's not the same as a field being submitted with an empty string or null or 0 value - therefore 'sometimes|required|min:8' will work only if the form has no password field at all, or it's disabled so that it's never submitted.

If password field is there, just left empty and then form gets submitted, we will still get 'password' => null and for sometimes it means it exists, so the rest of the rules will be applied (and since required field can't be null the request will fail).

What OP really needs is:

'password' => 'nullable|min:8',

Presuming that password field will always be present in the request, just sometimes its value can be left empty.

Answer 3

I think we should tell laravel If password is not empty put the rules otherwise do nothing.

$this->validate($request, [
  'password' => $request->password != null ?'sometimes|required|min:8': ''
]);

Answer 4

"I am trying to validate a password field only if it is present."

To do this, you can use the "nullable" rule within the validation system.

For example:

$this->validate($request, [
    'password' => 'sometimes|nullable|min:8',
]);

For more information take a look at https://laravel.com/docs/5.6/validation section under "A Note On Optional Fields"

Answer 5

I think it's generally safer to allow the user to change its password only if he can provided the old one.

Allowing the connected user to alter his password without providing the old one can be a security issue.

This is generally how I allow user password change with Laravel:

 $this->validate($request, [
            'user.old_password' => [],
            'user.password' => [
                'required_with:user.old_password',
                'min:6',
                'confirmed',
                'regex:/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*([-+_!@#$%^&*.,;?])).+$/',
                'different:user.old_password'
            ],
            'user.password_confirmation' => ['required_with:user.password'],
        ]);

This don't validate the old password as we don't care, the database will check it for us, but I validate the new password only if the old one is provided.