From 5f721672d1d8a18b97a2c1639d955e43ad14b0a4 Mon Sep 17 00:00:00 2001
From: Dries Vints <dries.vints@gmail.com>
Date: Tue, 8 Oct 2019 17:53:11 +0200
Subject: [PATCH 1/3] Document password rule

---
 validation.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/validation.md b/validation.md
index dbd128f33d..26f2fb0ab1 100644
--- a/validation.md
+++ b/validation.md
@@ -590,6 +590,7 @@ Below is a list of all available validation rules and their function:
 [Not Regex](#rule-not-regex)
 [Nullable](#rule-nullable)
 [Numeric](#rule-numeric)
+[Password](#rule-password)
 [Present](#rule-present)
 [Regular Expression](#rule-regex)
 [Required](#rule-required)
@@ -948,6 +949,13 @@ The field under validation may be `null`. This is particularly useful when valid
 
 The field under validation must be numeric.
 
+<a name="rule-password"></a>
+#### password
+
+The field under validation must match the current logged in user's password. You can also pass a specific guard as the first parameter:
+
+    'password' => 'password:api'
+
 <a name="rule-present"></a>
 #### present
 

From 1f46df2f468b99bc7c7708b122b77fe71522ccad Mon Sep 17 00:00:00 2001
From: Dries Vints <dries.vints@gmail.com>
Date: Tue, 8 Oct 2019 17:58:29 +0200
Subject: [PATCH 2/3] Document password confirmation

---
 authentication.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/authentication.md b/authentication.md
index 36fb0e677d..f9ab406de8 100644
--- a/authentication.md
+++ b/authentication.md
@@ -208,6 +208,14 @@ When attaching the `auth` middleware to a route, you may also specify which guar
         $this->middleware('auth:api');
     }
 
+#### Confirming Password
+
+Laravel ships with a `password.confirm` middleware that allows you to protect routes with password confirmation. Adding the `password.confirm` middleware will first redirect users to a screen where they need to enter their password before they can continue. After they've successfully entered their password, they're redirected to the route they tried to access and their session is remembered for a default of three hours. This value can be changed with the `auth.password_timeout` config value.
+
+    Route::get('settings/security', function () {
+        // Users need to confirm their password before continuing...
+    })->middleware('password.confirm');
+
 <a name="login-throttling"></a>
 ### Login Throttling
 

From c18929f75633daffc3a9c798c086dd984feedd12 Mon Sep 17 00:00:00 2001
From: Dries Vints <dries.vints@gmail.com>
Date: Tue, 8 Oct 2019 18:12:42 +0200
Subject: [PATCH 3/3] Update authentication.md

---
 authentication.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authentication.md b/authentication.md
index f9ab406de8..9160c4311a 100644
--- a/authentication.md
+++ b/authentication.md
@@ -214,7 +214,7 @@ Laravel ships with a `password.confirm` middleware that allows you to protect ro
 
     Route::get('settings/security', function () {
         // Users need to confirm their password before continuing...
-    })->middleware('password.confirm');
+    })->middleware(['auth', 'password.confirm']);
 
 <a name="login-throttling"></a>
 ### Login Throttling