Reauthenticate users by letting them re-enter their passwords for specific parts of your app (for Laravel 5).
Route::group(['middleware' => ['auth','reauthenticate']], function () {
Route::get('user/payment', function () {
// Needs to re-enter password to see this
});
});
In order to add reauthenticate to your project, just add
"mpociot/reauthenticate": "~1.0"
to your composer.json. Then run composer install
or composer update
.
Or run composer require mpociot/reauthenticate
if you prefer that.
In your app\Http\Kernel.php
file, add the reauthenticate middleware to the $routeMiddleware
array.
protected $routeMiddleware = [
// ...
'reauthenticate' => \Mpociot\Reauthenticate\Middleware\Reauthenticate::class,
// ...
];
By default, reauthanticate is looking for a route auth/reauthenticate
and a view auth.reauthenticate
that will hold a password field.
An example view can be copied from here. Please note that this file needs to be manually copied, because I didn't want to bloat this package with a service provider.
The HTTP controller methods can be used from the Reauthenticates
trait, so your AuthController looks like this:
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Mpociot\Reauthenticate\Reauthenticates;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins, Reauthenticates {
AuthenticatesAndRegistersUsers::getFailedLoginMessage insteadof Reauthenticates;
}
Be sure to except the reauthenticate routes from the guest
middleware.
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => ['logout','getReauthenticate','postReauthenticate'] ]);
}
To get started, add these routes to your routes.php
file:
// Reauthentication routes
Route::get('auth/reauthenticate', 'Auth\AuthController@getReauthenticate');
Route::post('auth/reauthenticate', 'Auth\AuthController@postReauthenticate');
That's it. Once the user successfully reauthenticates, the valid login will be stored for 30 minutes.
The URL the user gets redirected to can be configured by adding a reauthenticate_url
key
to your config/app.php
file:
return [
// ...
'reauthenticate_url' => '/custom-url',
];
Reauthenticate is free software distributed under the terms of the MIT license.