New password confirmation process for user login in Laravel 6.2 (code example)

Laravel has released v6.2, which adds a new password confirmation feature that allows you to require logged in users to re-enter their password before they can access routes.

This function is similar to the GitHub confirmation dialog box when you perform sensitive operations. You can easily set this up in Laravel, so let's try out the new feature so you can better understand how it works:

SETUP

First, in order to understand this new feature more intuitively, we create a new Laravel application:

laravel new confirm-app
cd confirm-app
composer require laravel/ui --dev

As you know, the make:auth command was removed in Laravel 6, and the same functionality has been migrated to laravel/ui. In the official expansion package. Let us use a new command to generate user authentication related code:

 php artisan ui vue --auth
 yarn install
 yarn dev

Next, we configure the SQLite database (of course you can choose the database you want to use):

touch database/database.sqlite

We have created the default configuration file required by Laravel when using the sqlite driver, but you still need to update the .env file to ensure the database connection and path are correct:

DB_CONNECTION=sqlite
# ...
# 使用 sqlite 驱动程序的默认路径
# DB_DATABASE=laravel

Next, let’s run the migration and then create a test user:

php artisan migrate

We can create it in the console through the factory() method A test user:

 php artisan tinker
 >>> $user = factory(App\User::class)->create([
 ... 'password' => bcrypt('secret'),
 ... 'email' => 'admin@example.com'
 ... ]);

Write the controller.

Assume you want the user to view administrative actions such as adding an SSH key before Re-verify their password. We want users to re-enter their passwords within a configured window (default is three hours).

We will create a fake /settings/ssh/create route, in which we need the new password.confirm middleware before the user can create a new key:

php artisan make:controller Settings/SSHController

Next, create the method create() in this controller:

 namespace App\Http\Controllers\Settings;
  
  use App\Http\Controllers\Controller;
  use Illuminate\Http\Request;
  
  class SSHController extends Controller
  {
  public function create()
  {
 return view('secret');
 }
 }

We will stub the secret template and place it at the root of the view path In the directory resources/views/secret.blade.php:

  @extends('layouts.app')
  @section('content')
  <div class="container">
  <div class="row justify-content-center">
  <div class="col-md-8">
  <h1 id="Add-nbsp-a-nbsp-New-nbsp-SSH-nbsp-Key">Add a New SSH Key</h1>
  <p>This page is only shown after password confirmation.</p>
  </div>
  </div>
 </div>
 @endsection

When coding, you should copy the file auth/passwords/confirm.blade.php to your project . You can get the file to copy here: ui/confirm.stub. Copy this file and add it to your project in the following path:

resources/views/auth/passwords/confirm.blade.php

Next, we need to define the routes, in routes/ At the end of the web.php file I mention the need for this middleware:

 Route::namespace('Settings')
 ->middleware(['auth'])
 ->group(function () {
 Route::get('/settings/ssh/create', 'SSHController@create')->middleware('password.confirm');
 });

Note: Typically, you can aggregate all routes that require authentication through the auth middleware. In this demo , we created a controller in the Settings namespace.

With it, once you log in, you will be redirected to /home. There, navigate to /settings/ssh/create and you will be prompted for your password:

If you follow this tutorial, enter secret, submit the form, and then enter the create view. Once you confirm your password, you can refresh this page without prompting.

Use the new ddd() helper function, add it to your SSHController::create() method, the method will determine the value of session in auth.password_confirmed_at the next time you are prompted:

public function create()
 {
 ddd(session('auth'));
 return view('secret');
 }

This is the last time the password was verified. By default, users will not be reminded to verify their password again within 3 hours. Of course, you can customize it by modifying the config('auth.password_timeout') configuration item (the configuration item is defined in config/auth. of Laravel v6.2.0. php configuration file).

For more technical articles related to the laravel framework, please visit the laravel tutorial column!

The above is the detailed content of New password confirmation process for user login in Laravel 6.2 (code example). For more information, please follow other related articles on the PHP Chinese website!