Add basic settings and change password features

[CyberPunkCodes]

Just pinning an issue for a potential future enhancement. I know you have some things you are working on.

Since AdminLTE is used for both user and admin dashboards, it would make sense to have the most basic features out of the box.

• The user should be able to change their name.
• The user should be able to change their password.

It's something necessary for every dashboard. So why not include it so it's ready to go out of the box? If they don't like exactly how it's done, It's easier to move code around that is already there, than to write it every time they use this dashboard.

These should use the "password confirmation" feature. They click "settings" or "change password".. it takes them to the lock screen, then they can edit their settings. The change password probably doesn't need to ask for their old password since they just confirmed it.

Maybe by default, a /settings route with a table showing the Name field (maybe also show the created/updated times?) and a save/submit button, and a link click here to change your password which takes them to /settings/change-password.

With that said, the default sidebar nav of /admin/settings would be changed to /settings and /settings/change-password accordingly. Maybe tucked into the Profile sub-menu with view profile, edit profile, change password links under it.

Or maybe instead of using /settings path, it should be /profile and /profile/change-password to match the Profile sidebar option?

Just some ideas. I think adding them into this repo by default would be a big plus for many people using it. We want to get on with the actual customizations, not adding basic features that are common to every dashboard.

[dfsmania]

This is basically a profile management out of the box. It is a good idea, but right now I have no time for a feature like this one. It may require the development of controllers, views, routes definitions, and a way to deploy these into a Laravel project.

[CyberPunkCodes]

I understand. It sucks keeping up with 3rd party repos that keep changing all the time. By the time you catch up, they are moving to the next version lol.

I did this for the AdminLTE project for Yii2 with my "Yii2 Members System". I added the basics like edit profile, change password, etc.. plus some extras. I just installed it and focused on what was unique to the client's project.

When I get some spare time, I might work on a PR with them. I don't know how it will affect what you are working on now, so I'll check your branches then too to see where it's at.

[CyberPunkCodes]

Just a teaser of the basic edit profile and change password pages:

The profile page is using the horizontal form class, the other isn't.

When doing this though, I think this needs a global component for handling the alert/status messages. I don't know if there is already a good Laravel extension to use for Bootstrap dismissable alerts? Or to just create a component? I created a component and tucked it inside the content-header div on the page blade to keep the margins. Worked well. This way, no matter which page they are redirected to after the update, they get the alert message.

[dfsmania]

That is good, I have a basic profile page in development too. It uses the new form components that will come soon. However, I'm still not sure how to deploy all the controllers, routes and views nicely into the Laravel framework...

[x7ryan]

I was actually kinda surprised myself this didn't include this myself. I threw together the functionality on my own.

1. I went into the source grabbed the register view code, copied it and made a custom change password view by copying the code and making a few changes. I changed the form to be 3 password fields (old_password, password, and password_confirm). Changed the text of the submit button and header and setup a Route:view in my routes file to send any GET requests to that route directly to this custom view. But you could just as easily build a regular page view.

2. Added a simple invokable controller with a Route:post for the same path going to it for the form to post to. Here is that code:

public function __invoke(ChangePasswordRequest $request)
    {
        // NOTE: Request validation will confirm the old password is correct along with ensuring the new password meets minimum requirements.
        // Therefore, we can safely proceed with saving the new password here as everything is in order if the code gets to this point.

        $user = Auth::user();
        $user->password = bcrypt($request->get('password'));
        $user->save();

        return redirect()->route('dashboard')->with("success","Password changed successfully!");

    }

3. Created a ChangePasswordRequest FormRequest class to validate the form. I used some simple rules, it looks like this:

public function authorize()
    {
        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'old_password' => ['required', 'password'],
            'password' => ['required', 'string', 'min:8', 'confirmed', 'different:old_password'],
        ];
    }

Essentially that'll ensure the user entered an old password and it matches the user's current password. The new password must be a string, at least 8 characters, must have a matching field called password_confirm and must not be the same as the old password.

In case anyone else wants to add this on their own, there's how I did it. The new password requirements could be more robust, forcing a user to include a special character for example but since I know this is only for a few internal users all of whom use a password manager to generate their passwords I wasn't too worried about having detailed complexity requirements.

All-in-all I had to add two routes to my web.php took just a few minutes to do it all. Spent more time reading laravel docs than anything else but learned some nice validation shorthand for verifying the old password ect. Here's what I added to my routes file:

Route::view('/change-password', 'changepw')->name('change_pw'); //Send GET request to /change-password directly to the view changepw.blade.php
Route::post('/change-password',  ChangePasswordController::class)->name('submit_change_pw'); //Send POST requests to /change-password to an invokable controller for validation and saving the new password

[dfsmania]

@x7ryan Thanks for share your idea, it is a good reference for future enhancements...

[CyberPunkCodes]

@Shidersz I have completed my Laravel Flash Messages package. Adding it to the AdminLTE project would be super easy to give users flash messages out of the box. It is highly configurable, allowing the developer to take total control of the alerts (icons, classes, dismissable, etc).

Here is a screenshot showing off various flash message alerts on AdminLTE:

Feel free to check it out on a fresh test install and let me know what you think.

Link: https://github.com/WadeShuler/laravel-flashmessages

[dfsmania]

@WadeShuler Nice, I will give it a try later. Also, I will create a new Wiki Section for these type of related packages that offers extensions. On the next package release, we going to include an Alert component that may be similar (in someway)...