create([ 'password' => Hash::make('OldPass123!'), ]); $this->actingAs($user); $action = new UpdateUserPassword(); $action->update($user, [ 'current_password' => 'OldPass123!', 'password' => 'NewPass123!', 'password_confirmation' => 'NewPass123!', ]); $user->refresh(); expect(Hash::check('NewPass123!', $user->password))->toBeTrue(); }); it('rejects wrong current password', function (): void { $user = User::factory()->create([ 'password' => Hash::make('OldPass123!'), ]); $this->actingAs($user); $action = new UpdateUserPassword(); try { $action->update($user, [ 'current_password' => 'WrongPass', 'password' => 'NewPass123!', 'password_confirmation' => 'NewPass123!', ]); $this->fail('Expected ValidationException not thrown.'); } catch (ValidationException $e) { expect($e->errors())->toHaveKey('current_password'); } });