-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password challenge #40
Labels
Comments
Thank you very much! You're right about everything, and this is definitely needed. That feature has indeed been envisaged from the beginning, which is why we have Will be available shortly! |
I'm very interested in this feature! Any information on when this will be available? |
@Furentes Within the next week! |
Awesome! 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello
Just a quick feature suggestion: the ability to challenge a user for a password without proceeding through a complete login process.
For example, imagine that a user is already authenticated because they are remembered. But now the user accesses a "dangerous" or "significant" feature (such as linking a bank account). It would be good to challenge the user for their password again to ensure that it is not an imposter using a shared computer, for instance.
Browsing the internals of
Auth.php
I see that this can be done bypassword_verify($password, $userData['password'])
. However, perhaps there is some more reusable logic that may be helpful. Or if the password hashing changes, it would be good to encapsulate it all in one place...Thx
The text was updated successfully, but these errors were encountered: