Merge 3125b77 into f31029f

realodix · Oct 8, 2019 · 52bd64a · 52bd64a
2 parents f31029f + 3125b77
commit 52bd64a
Show file tree

Hide file tree

Showing 10 changed files with 111 additions and 54 deletions.
diff --git a/app/Http/Controllers/Auth/ConfirmPasswordController.php b/app/Http/Controllers/Auth/ConfirmPasswordController.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\ConfirmsPasswords;
+
+class ConfirmPasswordController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Confirm Password Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password confirmations and
+    | uses a simple trait to include the behavior. You're free to explore
+    | this trait and override any functions that require customization.
+    |
+    */
+
+    use ConfirmsPasswords;
+
+    /**
+     * Where to redirect users when the intended url fails.
+     *
+     * @var string
+     */
+    protected $redirectTo = '/home';
+
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('auth');
+    }
+}
diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -20,16 +20,6 @@ class ForgotPasswordController extends Controller
 
     use SendsPasswordResetEmails;
 
-    /**
-     * Create a new controller instance.
-     *
-     * @return void
-     */
-    public function __construct()
-    {
-        $this->middleware('guest');
-    }
-
     /**
      * Display the form to request a password reset link.
      *

diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php
@@ -28,16 +28,6 @@ class ResetPasswordController extends Controller
      */
     protected $redirectTo = '/admin';
 
-    /**
-     * Create a new controller instance.
-     *
-     * @return void
-     */
-    public function __construct()
-    {
-        $this->middleware('guest');
-    }
-
     /**
      * Display the password reset view for the given token.
      *

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -57,6 +57,7 @@ class Kernel extends HttpKernel
         'cache.headers'     => \Illuminate\Http\Middleware\SetCacheHeaders::class,
         'can'               => \Illuminate\Auth\Middleware\Authorize::class,
         'guest'             => \App\Http\Middleware\RedirectIfAuthenticated::class,
+        'password.confirm'  => \Illuminate\Auth\Middleware\RequirePassword::class,
         'signed'            => \Illuminate\Routing\Middleware\ValidateSignature::class,
         'throttle'          => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified'          => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,

diff --git a/composer.lock b/composer.lock
diff --git a/config/auth.php b/config/auth.php
@@ -100,4 +100,17 @@
         ],
     ],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Password Confirmation Timeout
+    |--------------------------------------------------------------------------
+    |
+    | Here you may define the amount of seconds before a password confirmation
+    | times out and the user is prompted to re-enter their password via the
+    | confirmation screen. By default, the timeout lasts for three hours.
+    |
+    */
+
+    'password_timeout' => 10800,
+
 ];
diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php
@@ -93,6 +93,7 @@
     'not_in'               => 'The selected :attribute is invalid.',
     'not_regex'            => 'The :attribute format is invalid.',
     'numeric'              => 'The :attribute must be a number.',
+    'password'             => 'The password is incorrect.',
     'present'              => 'The :attribute field must be present.',
     'regex'                => 'The :attribute format is invalid.',
     'required'             => 'The :attribute field is required.',

diff --git a/resources/views/frontend/auth/passwords/confirm.blade.php b/resources/views/frontend/auth/passwords/confirm.blade.php
@@ -0,0 +1,51 @@
+@extends('layouts.auth')
+
+@section('content')
+<div class="container">
+  <div class="row justify-content-center">
+    <div class="col-md-8">
+      <div class="card">
+        <div class="card-header">{{ __('Confirm Password') }}</div>
+
+        <div class="card-body">
+          {{ __('Please confirm your password before continuing.') }}
+          {{ __('We won\'t ask for your password again for a few hours.') }}
+
+          <form method="POST" action="{{ route('password.confirm') }}">
+            @csrf
+
+            <div class="form-group row">
+              <label for="password" class="col-md-4 col-form-label text-md-right">{{ __('Password') }}</label>
+
+              <div class="col-md-6">
+                <input id="password" type="password" class="form-control @error('password') is-invalid @enderror"
+                  name="password" required autocomplete="current-password">
+
+                @error('password')
+                <span class="invalid-feedback" role="alert">
+                  <strong>{{ $message }}</strong>
+                </span>
+                @enderror
+              </div>
+            </div>
+
+            <div class="form-group row mb-0">
+              <div class="col-md-8 offset-md-4">
+                <button type="submit" class="btn btn-primary">
+                  {{ __('Confirm Password') }}
+                </button>
+
+                @if (Route::has('password.request'))
+                <a class="btn btn-link" href="{{ route('password.request') }}">
+                  {{ __('Forgot Your Password?') }}
+                </a>
+                @endif
+              </div>
+            </div>
+          </form>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+@endsection
diff --git a/tests/Feature/Auth/ForgotPasswordTest.php b/tests/Feature/Auth/ForgotPasswordTest.php
@@ -26,11 +26,6 @@ protected function postRoute()
         return route('password.email');
     }
 
-    protected function guestMiddlewareRoute()
-    {
-        return route('home');
-    }
-
     /** @test */
     public function user_can_view_an_email_password_form()
     {
@@ -41,14 +36,6 @@ public function user_can_view_an_email_password_form()
             ->assertViewIs('frontend.auth.passwords.email');
     }
 
-    /** @test */
-    public function user_cannot_view_an_email_password_form_when_authenticated()
-    {
-        $response = $this->loginAsUser()->get($this->requestRoute());
-
-        $response->assertRedirect($this->guestMiddlewareRoute());
-    }
-
     /** @test */
     public function user_receives_an_email_with_a_password_reset_link()
     {

diff --git a/tests/Feature/Auth/ResetPasswordTest.php b/tests/Feature/Auth/ResetPasswordTest.php
@@ -36,11 +36,6 @@ protected function successfulRoute()
         return route('dashboard');
     }
 
-    protected function guestMiddlewareRoute()
-    {
-        return route('home');
-    }
-
     /** @test */
     public function user_can_view_a_password_reset_form()
     {
@@ -52,17 +47,6 @@ public function user_can_view_a_password_reset_form()
             ->assertViewHas('token', $token);
     }
 
-    /** @test */
-    public function user_cannot_view_a_password_reset_form_when_authenticated()
-    {
-        $user = $this->user();
-
-        $response = $this->actingAs($user)
-                         ->get($this->getRoute($this->getValidToken($user)));
-
-        $response->assertRedirect($this->guestMiddlewareRoute());
-    }
-
     /** @test */
     public function user_can_reset_password_with_valid_token()
     {