Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[6.x] Handle ajax requests in RequirePassword middleware #30390



Copy link

netpok commented Oct 22, 2019

The newly introduced RequirePassword middleware does not handle ajax requests very well.

This pull request addresses this problem, for easier handling via ajax frontend libraries (like axios), I'm proposing that the error should be sent with error code 423 Locked as this would allow relatively easy handling with response interceptors.

Considered alternative error codes:

  • 400 Bad Request: Simply too broad to be easily handled.
  • 401 Unauthorized: This response is used when the authorization is missing or invalid, both of these are not true in this case. Furthermore many implementations use this error code to trigger a login flow.
  • 403 Forbidden: This response is used when the user does not have permission to access the resource, here we don't know that yet (it's handled later).
  • 423 Locked: Semantically correct because the accessed resource is locked behind the password confirmation. Also it is not used for anything else by Laravel.

I'm open for different error code ideas.

@netpok netpok force-pushed the netpok:feature/password-confirmation-ajax-error branch from e6179d8 to bcb06bc Oct 22, 2019
@netpok netpok force-pushed the netpok:feature/password-confirmation-ajax-error branch from bcb06bc to 93eb836 Oct 22, 2019
@taylorotwell taylorotwell merged commit 93eb836 into laravel:6.x Oct 23, 2019
2 checks passed
2 checks passed
continuous-integration/styleci/pr The analysis has passed
continuous-integration/travis-ci/pr The Travis CI build passed

This comment has been minimized.

Copy link

taylorotwell commented Oct 23, 2019

Can't use foundation helpers from components. Used response factory instead.


This comment has been minimized.

Copy link
Contributor Author

netpok commented Oct 23, 2019

Sorry, I missed that.

@netpok netpok deleted the netpok:feature/password-confirmation-ajax-error branch Oct 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.