What is the proper way to validate user password confirmed input using Laravel lighthouse

Question

I'm working on a GraphQL schema for my Laravel project using the lighthouse library. But I'm running into a problem when trying to validate the user confirmed their password. The issue occurs when I try to register a user. Consider the following type for my user

type User {
    id: ID
    first_name: String!
    last_name: String!
    email: String!
    password: String!
    phone_number: String
    avatar: String
    email_verified_at: DateTime
}

I try to register my user using the following mutation

extend type Mutation {
    createUser(input: CreateUser @spread): User! @create
}

Where my CreateUser input looks like this

input CreateUser {
    first_name: String!
    last_name: String!
    email: String! @rules(apply: ["email"])
    password: String! @rules(apply: ["confirmed"])
    phone_number: String
}

I get the expected error for my failed validation: "Validation failed for the field [createUser]" so that is fine. But when I try to add a password_confirmation within my request the following error is encountered: "Field \"password_confirmation\" is not defined by type CreateUser.". Thats when I thought I should add the password_confirmation field to the CreateUser input. But when I try that the validation passes but I get a database error that the password_confirmation is an Undefined column. Which makes sense because it isn't in my migration and I feel this shouldn't be required to be able to validate passwords.

tldr; How can I use the laravel confirmed validation within the lighthouse @rules directive

That's a good question. I'm wondering myself. Looking forward to the answers. Maybe a workaround would be the `same:password` rule? https://laravel.com/docs/8.x/validation#rule-same — Florian Falk, Feb 18 '21 at 14:52
Wouldn't that still require me to add the password_confirmation to my migrations? — MikeSli, Feb 18 '21 at 15:42
Not necessary, I guess. You could use a validator: https://lighthouse-php.com/5.2/security/validation.html#validator-classes — Florian Falk, Feb 18 '21 at 19:06
That does sound promising, I'll try it out later today. Guess that I was to fixated on using the @rules directive — MikeSli, Feb 19 '21 at 07:23
It's still a good question. My understanding is that when a confirmed rule is applied, Lighthouse should automatically provide another attribute for the client. I'm not sure if something like that is already implemented. Otherwise this would be a really nice feature request! — Florian Falk, Feb 19 '21 at 11:04
It took me a while before being able to test this in the field. Unfortunately this would still require me to provide the `password_confirmation` in my input and in turn that will still result in the undefined column. — MikeSli, Mar 01 '21 at 21:10
What do you mean by "require me to provide the password_confirmation in my input"? — Florian Falk, Mar 02 '21 at 07:30
Trying to use the confirmed validation either by using the validation you linked or by using the @rules directive results in the following error: `"Field \"password_confirmation\" is not defined by type CreateUser."` — MikeSli, Mar 02 '21 at 11:29

Bruno Soares · Answer 1 · 2021-07-21T23:20:34.333

0

It is possible to override the fill function for the User model and manually unset the password_confirmation attribute:

public function fill(array $attributes)
{
    unset($attributes['password_confirmation']);
    return parent::fill($attributes);
}

The validation will run and the password_confirmation field will be unset before saving the model.

edited Jul 21 '21 at 23:20

answered Jul 20 '21 at 00:00

Bruno Soares

484
5
7

What is the proper way to validate user password confirmed input using Laravel lighthouse

1 Answers1