The Laravel v6.2.0 release ships with a new password confirmation feature. This feature allows you to attach a
password.confirm middleware to routes where you want a user to re-confirm their password.
Route::get('/secrets', '[email protected]')->middleware('password.confirm');
If you attempt to access the route, you will be prompted to confirm your password, similar to what you may have seen on other applications like GitHub:
Confirming the password will store a timestamp in the user's session that lasts for three hours by default so users do not have to enter their password during that period again. You may customize this duration using a new
password_timeout configuration option in the
auth configuration file.
In addition, a new
password validation rule has been added to the framework. This validation rule may be used to validate that a given password matches the user's existing password.