From 5f721672d1d8a18b97a2c1639d955e43ad14b0a4 Mon Sep 17 00:00:00 2001 From: Dries Vints Date: Tue, 8 Oct 2019 17:53:11 +0200 Subject: [PATCH 1/3] Document password rule --- validation.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/validation.md b/validation.md index dbd128f33df..26f2fb0ab12 100644 --- a/validation.md +++ b/validation.md @@ -590,6 +590,7 @@ Below is a list of all available validation rules and their function: [Not Regex](#rule-not-regex) [Nullable](#rule-nullable) [Numeric](#rule-numeric) +[Password](#rule-password) [Present](#rule-present) [Regular Expression](#rule-regex) [Required](#rule-required) @@ -948,6 +949,13 @@ The field under validation may be `null`. This is particularly useful when valid The field under validation must be numeric. + +#### password + +The field under validation must match the current logged in user's password. You can also pass a specific guard as the first parameter: + + 'password' => 'password:api' + #### present From 1f46df2f468b99bc7c7708b122b77fe71522ccad Mon Sep 17 00:00:00 2001 From: Dries Vints Date: Tue, 8 Oct 2019 17:58:29 +0200 Subject: [PATCH 2/3] Document password confirmation --- authentication.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/authentication.md b/authentication.md index 36fb0e677dd..f9ab406de8c 100644 --- a/authentication.md +++ b/authentication.md @@ -208,6 +208,14 @@ When attaching the `auth` middleware to a route, you may also specify which guar $this->middleware('auth:api'); } +#### Confirming Password + +Laravel ships with a `password.confirm` middleware that allows you to protect routes with password confirmation. Adding the `password.confirm` middleware will first redirect users to a screen where they need to enter their password before they can continue. After they've successfully entered their password, they're redirected to the route they tried to access and their session is remembered for a default of three hours. This value can be changed with the `auth.password_timeout` config value. + + Route::get('settings/security', function () { + // Users need to confirm their password before continuing... + })->middleware('password.confirm'); + ### Login Throttling From c18929f75633daffc3a9c798c086dd984feedd12 Mon Sep 17 00:00:00 2001 From: Dries Vints Date: Tue, 8 Oct 2019 18:12:42 +0200 Subject: [PATCH 3/3] Update authentication.md --- authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentication.md b/authentication.md index f9ab406de8c..9160c4311a8 100644 --- a/authentication.md +++ b/authentication.md @@ -214,7 +214,7 @@ Laravel ships with a `password.confirm` middleware that allows you to protect ro Route::get('settings/security', function () { // Users need to confirm their password before continuing... - })->middleware('password.confirm'); + })->middleware(['auth', 'password.confirm']); ### Login Throttling