Password challenge

[rgvy]

Hello

Just a quick feature suggestion: the ability to challenge a user for a password without proceeding through a complete login process.

For example, imagine that a user is already authenticated because they are remembered. But now the user accesses a "dangerous" or "significant" feature (such as linking a bank account). It would be good to challenge the user for their password again to ensure that it is not an imposter using a shared computer, for instance.

Browsing the internals of Auth.php I see that this can be done by password_verify($password, $userData['password']). However, perhaps there is some more reusable logic that may be helpful. Or if the password hashing changes, it would be good to encapsulate it all in one place...

Thx

[ocram]

Thank you very much!

You're right about everything, and this is definitely needed. That feature has indeed been envisaged from the beginning, which is why we have isRemembered in the first place. But somehow it was forgotten later on.

Will be available shortly!

[p08dev]

I'm very interested in this feature! Any information on when this will be available?

[ocram]

@Furentes Within the next week!

[p08dev]

Awesome! 👍

[ocram]

Implemented in:

• f56e7e6
• 79ecb85
• d8f21a3

This is available in a new major version, v6.0.0, which comes with a few breaking changes. For a guide on how to upgrade, please see the migration notes in Migration.md.