Sometimes we need to put a security check on a given route.
For example, let’s say a user wants to modify some important information and we want to make sure that it is actually them.
To verify this step, we can ask for their password again using a middleware called password.confirm
that performs this verification.
Route::get('/settings', function () {
return view('auth.confirm-password');
})->middleware(['password.confirm']);
Route::post('/settings', function () {
// ...
})->middleware(['password.confirm']);
The code above does the following:
settings
view using the get
method and is protected by the password.confirm
middleware explained below.This password.confirm
middleware ships with your application by default. The middleware verifies that the user has the right to perform whatever changes they want to on the /settings
by asking the user to re-enter the password they used to log in.
This way, the application knows that the right person that is performing these changes.