Password Confirmation

Oct, 8 2019

The Laravel v6.2.0 release ships with a new password confirmation feature. This feature allows you to attach a password.confirm middleware to routes where you want a user to re-confirm their password.

Route::get('/secrets', 'SecretsController@show')->middleware('password.confirm');

If you attempt to access the route, you will be prompted to confirm your password, similar to what you may have seen on other applications like GitHub:

The new password confirmation screen

The new password confirmation screen

Confirming the password will store a timestamp in the user's session that lasts for three hours by default so users do not have to enter their password during that period again. You may customize this duration using a new password_timeout configuration option in the auth configuration file.

In addition, a new password validation rule has been added to the framework. This validation rule may be used to validate that a given password matches the user's existing password.

By Dries Vints

Developer at Laravel working on the first-party open source libraries. Find me on TwitterGitHub or my website.

Follow the RSS Feed.