Initial commit

app/Http/Livewire/Profile/UpdateNonUserPasswordForm.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Http\Livewire\Profile;
+
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+use Livewire\Component;
+
+class UpdateNonUserPasswordForm extends Component
+{
+    public $state = [
+        'current_password' => '',
+        'password' => '',
+        'password_confirmation' => '',
+    ];
+
+    public function updatePassword()
+    {
+        $profileName = strtolower(getActiveProfileType());
+        $this->validate([
+            'state.current_password' => ['required', 'string'],
+            'state.password' => timebank_config('rules.profile_' . $profileName . '.password'),
+        ]);
+
+        $activeProfile = getActiveprofile();
+
+        // CRITICAL SECURITY: Validate user has ownership/access to this profile
+        \App\Helpers\ProfileAuthorizationHelper::authorize($activeProfile);
+
+        // Check if the current password matches
+        if (!Hash::check($this->state['current_password'], $activeProfile->password)) {
+            $this->addError('state.current_password', __('The provided password does not match your current password.'));
+            return;
+        }
+
+        // Update the password
+        $activeProfile->forceFill([
+            'password' => Hash::make($this->state['password']),
+        ])->save();
+
+        activity()
+            ->useLog(class_basename(getActiveProfileType()))
+            ->performedOn($activeProfile)
+            ->causedBy(Auth::guard('web')->user())
+            ->event('password_changed')
+            ->log('Password changed for ' . $activeProfile->name);
+
+        // Dispatch a success message
+        $this->dispatch('saved');
+    }
+
+    public function render()
+    {
+        return view('livewire.profile.update-non-user-password-form');
+    }
+}