/reauthenticate

Reauthenticate users by letting them re-enter their passwords for specific parts of your app.

Primary LanguagePHPMIT LicenseMIT

Reauthenticate

Because sometimes, you want that extra layer of security

Software License Build Status Scrutinizer Code Quality codecov.io StyleCI

Reauthenticate users by letting them re-enter their passwords for specific parts of your app (for Laravel 5).

Route::group(['middleware' => ['auth','reauthenticate']], function () {

    Route::get('user/payment', function () {
        // Needs to re-enter password to see this
    });

});

Contents

Installation

In order to add reauthenticate to your project, just add

"mpociot/reauthenticate": "~1.0"

to your composer.json. Then run composer install or composer update.

Or run composer require mpociot/reauthenticate if you prefer that.

Usage

Add the middleware to your Kernel

In your app\Http\Kernel.php file, add the reauthenticate middleware to the $routeMiddleware array.

protected $routeMiddleware = [
    // ...
    'reauthenticate'         => \Mpociot\Reauthenticate\Middleware\Reauthenticate::class,
    // ...
];

Add the routes & views

By default, reauthanticate is looking for a route auth/reauthenticate and a view auth.reauthenticate that will hold a password field.

An example view can be copied from here. Please note that this file needs to be manually copied, because I didn't want to bloat this package with a service provider.

The HTTP controller methods can be used from the Reauthenticates trait, so your AuthController looks like this:

<?php

namespace App\Http\Controllers\Auth;

use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Mpociot\Reauthenticate\Reauthenticates;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

class AuthController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Registration & Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users, as well as the
    | authentication of existing users. By default, this controller uses
    | a simple trait to add these behaviors. Why don't you explore it?
    |
    */

    use AuthenticatesAndRegistersUsers, ThrottlesLogins, Reauthenticates {
        AuthenticatesAndRegistersUsers::getFailedLoginMessage insteadof Reauthenticates;
    }

Be sure to except the reauthenticate routes from the guest middleware.

    /**
     * Create a new authentication controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest', ['except' => ['logout','getReauthenticate','postReauthenticate'] ]);
    }

To get started, add these routes to your routes.php file:

// Reauthentication routes
Route::get('auth/reauthenticate', 'Auth\AuthController@getReauthenticate');
Route::post('auth/reauthenticate', 'Auth\AuthController@postReauthenticate');

That's it. Once the user successfully reauthenticates, the valid login will be stored for 30 minutes.

The URL the user gets redirected to can be configured by adding a reauthenticate_url key to your config/app.php file:

return [
    // ...

    'reauthenticate_url' => '/custom-url',
];

License

Reauthenticate is free software distributed under the terms of the MIT license.