Laravel released v6.2 version, which adds a new password confirmation feature, which allows you to ask the user has logged on to re-enter the password before you can access route.
When you perform sensitive operations, this feature is similar to GitHub confirmation dialog. In Laravel you can easily set it up, so let's try the new features, so that you can better understand how it works:
Set
First, for a more intuitive understanding of this new feature, we create a new Laravel applications:
laravel new confirm-app cd confirm-app composer require laravel/ui --dev
You know, make: auth command is removed Laravel 6, the same functions have migrated to laravel / ui the official expansion pack lets us generate code for user authentication associated with the new command:
1 php artisan ui vue --auth 2 yarn install 3 yarn dev
Next, we configure SQLite database (of course you can choose to use the database they want):
touch database/database.sqlite
We have created a Laravel required when using sqlite driver default configuration file, but you still need to update .env file to ensure that the database connection and the correct path:
= DB_CONNECTION sqlite # ... # use sqlite driver default path # db_database = Laravel
Next, let's run the migration, and then create a test user:
php artisan migrate
We can create a test user console factory () method:
1 php artisan tinker 2 >>> $user = factory(App\User::class)->create([ 3 ... 'password' => bcrypt('secret'), 4 ... 'email' => '[email protected]' 5 ... ]);
Write controller.
Suppose you want the user to view their password to re-authenticate before SSH key management operations such as add. We want the user to re-enter their password in the configuration window (default is three hours).
We will create a fake / settings / ssh / create routes in the routing, we need new password.confirm middleware, users can then go to create a new key:
php artisan make:controller Settings/SSHController
Next, create a create method in the controller ():
1 namespace App\Http\Controllers\Settings; 2 3 use App\Http\Controllers\Controller; 4 use Illuminate\Http\Request; 5 6 class SSHController extends Controller 7 { 8 public function create() 9 { 10 return view('secret'); 11 } 12 }
We will stub secret template, and places it in the root directory path view among resources / views / secret.blade.php:
1 @extends('layouts.app') 2 @section('content') 3 <div class="container"> 4 <div class="row justify-content-center"> 5 <div class="col-md-8"> 6 <h1>Add a New SSH Key</h1> 7 <p>This page is only shown after password confirmation.</p> 8 </div> 9 </div> 10 </div> 11 @endsection
When code code, you should copy the file auth / passwords / confirm.blade.php to your project where you can get the files to be copied:.. Ui / confirm.stub copy this file and add your path to the following items:
resources / views / auth / passwords / confirm.blade.php
Next, we need to define the route, at the end of routes / web.php files I need to say this middleware:
1 Route::namespace('Settings') 2 ->middleware(['auth']) 3 ->group(function () { 4 Route::get('/settings/ssh/create', 'SSHController@create')->middleware('password.confirm'); 5 });
Note: Usually, you can put all require aggregation routing authentication by auth middleware together in this demo, we create a controller namespace Settings inside.
With it, once logged in, you will be redirected to / home. There, navigate to the / settings / ssh / create, and then prompts you to enter the password:
If the tutorial follow, enter the Secret, the form is submitted, and then enter create view. After confirming the password, without prompting to refresh this page.
The new ddd () helper function to add it to your SSHController :: create () method, the method will determine the next prompt values auth.password_confirmed_at in the session when you:
1 public function create() 2 { 3 ddd(session('auth')); 4 return view('secret'); 5 }
That this is the last time to verify the password. Over 3 hours, no duplicate default alert the user authentication password again, of course, you can customize the configuration item (CI defined Laravel v6.2.0 version config / auth by modifying config ( 'auth.password_timeout'). php configuration file).
Read more
Thank you very much Dries Vints brought us awesome new features included in this version of Laravel 6.2, you can Pull Request # 5129 to learn more about implementation details middleware.