Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Feature | Force Re-authenticate #447

Open
mjamilasfihani opened this issue Sep 27, 2021 · 3 comments
Open

New Feature | Force Re-authenticate #447

mjamilasfihani opened this issue Sep 27, 2021 · 3 comments
Labels
enhancement

Comments

@mjamilasfihani
Copy link
Contributor

From the ROADMAP https://github.com/lonnieezell/myth-auth/projects/1#card-37568349
I notice that we can use filter (maybe sudo-su 😄) for give the user access to the page
that need to input their password first.

how to check it? we can use session to save the key, any flows suggestion? It's honor for me to finish this feature
@lonnieezell
Copy link
Owner

Actually, another user had sent me an email with their solution on this, which I think works nicely. I had forgotten about it, unfortunately. If you want to take this and turn it into a PR that would be awesome. Here's their email:

My process of Re-authenticate begin with update the App/Filters and add this line to aliases

'passwordConfirmCheck' => PasswordConfirm::class

and then, add this line to filter, it will tell the fw which place need to Re-authenticate
the password

'passwordConfirmCheck' => ['before' => ['acp/user','acp/user/*', 'acp/permission', 'acp/config']],

  • the PasswordConfirm.php file will check the session password_confirm if it does not exist we will asked user to input password again

The password confirm function

/**
 * Confirm the password
 */
public function passwordConfirm() {

    $this->_render('\acp\password_confirm', $this->_data);
}

public function passwordConfirmAction() {
    $inputData = $this->request->getPost();
    // Validate data
    $rules = [
        'password'    => 'required',
    ];
    $errMess = [
        'password' => [
            'required' => lang('User.pw_required')
        ]
    ];

    //validate the input
    if (! $this->validate($rules, $errMess)) {
        return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
    }

    $authenticator = Services::authentication();

    if ( !$authenticator->validPassword($inputData['password']) ) {
        return redirect()->back()->withInput()->with('error', lang('Auth.invalidPassword'));
    } else {
        $redirectURL = session('redirect_url') ?? '/';
        unset($_SESSION['redirect_url']);

        session()->set('password_confirm', $this->user->id);
        return redirect()->to($redirectURL);
    }
}

View: password_confirm.php

I haven't examined it too closely but seems like a great solution for it.

@mjamilasfihani
Copy link
Contributor Author

Thanks for the good news @lonnieezell . I am in fire right now 😂

@mjamilasfihani mjamilasfihani changed the title New Feature? New Feature | Force Re-authenticate Oct 6, 2021
@mjamilasfihani
Copy link
Contributor Author

You can see the detail in project card, here is the link https://github.com/lonnieezell/myth-auth/projects/1#card-37568349

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lonnieezell @mjamilasfihani @manageruz