[1.x] Require password and confirmation (#245)

* Require password and confirmation

* Update NewPasswordController.php

Co-authored-by: Taylor Otwell <[email protected]>

Author: driesvints

src/Http/Controllers/NewPasswordController.php

@@ -57,6 +57,8 @@ public function store(Request $request): Responsable
         $request->validate([
             'token' => 'required',
             Fortify::email() => 'required|email',
+            'password' => 'required|confirmed',
+            'password_confirmation' => 'required',
         ]);
 
         // Here we will attempt to reset the user's password. If it is successful we

tests/NewPasswordControllerTest.php

@@ -61,9 +61,6 @@ public function test_password_reset_can_fail()
     {
         Password::shouldReceive('broker')->andReturn($broker = Mockery::mock(PasswordBroker::class));
 
-        $guard = $this->mock(StatefulGuard::class);
-        $user = Mockery::mock(Authenticatable::class);
-
         $broker->shouldReceive('reset')->andReturnUsing(function ($input, $callback) {
             return Password::INVALID_TOKEN;
         });
@@ -130,4 +127,15 @@ public function test_password_can_be_reset_with_customized_email_address_field()
         $response->assertStatus(302);
         $response->assertRedirect('/login');
     }
+
+    public function test_password_and_password_confirmation_are_required()
+    {
+        $response = $this->post('/reset-password', [
+            'token' => 'token',
+            'email' => '[email protected]',
+        ]);
+
+        $response->assertStatus(302);
+        $response->assertSessionHasErrors(['password', 'password_confirmation']);
+    }
 }