How to perform password confirmation in Laravel

widget

Sometimes we need to put a security check on a given route.

For example, let’s say a user wants to modify some important information and we want to make sure that it is actually them.

To verify this step, we can ask for their password again using a middleware called password.confirm that performs this verification.

Route::get('/settings', function () {
   return view('auth.confirm-password');
})->middleware(['password.confirm']);

Route::post('/settings', function () {
    // ...
})->middleware(['password.confirm']);

The code above does the following:

  • Line 1: Gets the settings view using the get method and is protected by the password.confirm middleware explained below.
  • Line 2: Confirms the password and redirects the user to his intended location.

This password.confirm middleware ships with your application by default. The middleware verifies that the user has the right to perform whatever changes they want to on the /settings by asking the user to re-enter the password they used to log in.

This way, the application knows that the right person that is performing these changes.

Free Resources