Reauthenticate users by letting them re-enter their passwords for specific parts of your app (for Laravel 5).
Route::group(['middleware' => ['auth','reauthenticate']], function () {
Route::get('user/payment', function () {
// Needs to re-enter password to see this
});
});In order to add reauthenticate to your project, just add
"mpociot/reauthenticate": "~1.0"
to your composer.json. Then run composer install or composer update.
Or run composer require mpociot/reauthenticate if you prefer that.
In your app\Http\Kernel.php file, add the reauthenticate middleware to the $routeMiddleware array.
protected $routeMiddleware = [
// ...
'reauthenticate' => \Mpociot\Reauthenticate\Middleware\Reauthenticate::class,
// ...
];By default, reauthanticate is looking for a route auth/reauthenticate and a view auth.reauthenticate that will hold a password field.
An example view can be copied from here. Please note that this file needs to be manually copied, because I didn't want to bloat this package with a service provider.
The HTTP controller methods can be used from the Reauthenticates trait, so your AuthController looks like this:
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Mpociot\Reauthenticate\Reauthenticates;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins, Reauthenticates {
AuthenticatesAndRegistersUsers::getFailedLoginMessage insteadof Reauthenticates;
}Be sure to except the reauthenticate routes from the guest middleware.
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => ['logout','getReauthenticate','postReauthenticate'] ]);
}To get started, add these routes to your routes.php file:
// Reauthentication routes
Route::get('auth/reauthenticate', 'Auth\AuthController@getReauthenticate');
Route::post('auth/reauthenticate', 'Auth\AuthController@postReauthenticate');That's it. Once the user successfully reauthenticates, the valid login will be stored for 30 minutes.
This value can be configured by extending the Reauthenticate middleware.
## LicenseReauthenticate is free software distributed under the terms of the MIT license.