Reauthenticate users by letting them re-enter their passwords for specific parts of your app (for Laravel 5).
Route::group(['middleware' => ['auth','reauthenticate']], function () {
Route::get('user/payment', function () {
// Needs to re-enter password to see this
});
});
This package is a fork of mpociot/reauthenticate, with two extra features and the readme instructions updated to Laravel 5.5+ which is the new LTS version of Laravel.
I do not take credit for this work, I simply forked it and modified it. A PR was submitted but not addressed, thus, this fork was published to packagist.
In order to add reauthenticate to your project, just run the following command in terminal:
composer require madmikeyb/reauthenticate
In your app\Http\Kernel.php
file, add the reauthenticate middleware to the $routeMiddleware
array.
protected $routeMiddleware = [
// ...
'reauthenticate' => \Mpociot\Reauthenticate\Middleware\Reauthenticate::class,
// ...
];
By default, reauthanticate is looking for a route auth/reauthenticate
and a view auth.reauthenticate
that will hold a password field.
An example view can be copied from here. Please note that this file needs to be manually copied, because I didn't want to bloat this package with a service provider.
The HTTP controller methods can be used from the Reauthenticates
trait, so your AuthController looks like this:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Mpociot\Reauthenticate\Reauthenticates;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers, Reauthenticates;
Be sure to except the reauthenticate routes from the guest
middleware.
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => ['logout','getReauthenticate','postReauthenticate'] ]);
}
To get started, add these routes to your routes.php
file:
// Reauthentication routes
Route::namespace('Auth')->group(function () {
Route::get('auth/reauthenticate', 'LoginController@getReauthenticate');
Route::post('auth/reauthenticate', 'LoginController@postReauthenticate');
});
That's it.
Once the user successfully reauthenticates, the valid login will be stored for 30 minutes by default.
Reauthenticate can be (optionally) configured through your config/app.php
file. The following keys are supported:
return [
/*
|--------------------------------------------------------------------------
| Reauthenticate
|--------------------------------------------------------------------------
*/
/**
* The URL to redirect to after re-authentication is successful.
*/
'reauthenticate_url' => '/custom-url',
/**
* The key to use as your re-authentication session key.
*/
'reauthenticate_key' => 'custom-reauthentication-key',
/**
* The time (in minutes) that the user is allowed to access the protected area
* before being prompted to re re-authenticate.
*/
'reauthenticate_time' => 30,
];
Reauthenticate is free software distributed under the terms of the MIT license.