[6.x] Confirm password

authentication.md

@@ -208,6 +208,14 @@ When attaching the `auth` middleware to a route, you may also specify which guar
  $this->middleware('auth:api');
  }
 
+#### Confirming Password
+
+Laravel ships with a `password.confirm` middleware that allows you to protect routes with password confirmation. Adding the `password.confirm` middleware will first redirect users to a screen where they need to enter their password before they can continue. After they've successfully entered their password, they're redirected to the route they tried to access and their session is remembered for a default of three hours. This value can be changed with the `auth.password_timeout` config value.
+
+ Route::get('settings/security', function () {
+ // Users need to confirm their password before continuing...
+ })->middleware(['auth', 'password.confirm']);
+
 <a name="login-throttling"></a>
 ### Login Throttling
 

validation.md

@@ -590,6 +590,7 @@ Below is a list of all available validation rules and their function:
 [Not Regex](#rule-not-regex)
 [Nullable](#rule-nullable)
 [Numeric](#rule-numeric)
+[Password](#rule-password)
 [Present](#rule-present)
 [Regular Expression](#rule-regex)
 [Required](#rule-required)
@@ -948,6 +949,13 @@ The field under validation may be `null`. This is particularly useful when valid
 
 The field under validation must be numeric.
 
+<a name="rule-password"></a>
+#### password
+
+The field under validation must match the current logged in user's password. You can also pass a specific guard as the first parameter:
+
+ 'password' => 'password:api'
+
 <a name="rule-present"></a>
 #### present