Skip to content

Instantly share code, notes, and snippets.

@browner12
Last active Sep 28, 2017
Embed
What would you like to do?
Reauthorize
<?php
namespace App\Http\Controllers;
use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Http\Request;
class ReauthorizeController extends Controller
{
/**
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function reauthorize()
{
//load view
return view('main/auth/reauthorize');
}
/**
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Contracts\Hashing\Hasher $hasher
* @return \Illuminate\Http\RedirectResponse
*/
public function processReauthorize(Request $request, Hasher $hasher)
{
//good password
if ($hasher->check($request->get('password'), $request->user()->password)) {
//update session
$request->session()->put('reauthorize.last_authorized', strtotime('now'));
//send to requested page
return redirect()->to($request->session()->get('reauthorize.requested_url', '/'));
}
//message
alert('Error', 'Incorrect password.');
//send back
return back();
}
}
<?php
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'reauthorize' => \App\Http\Middleware\Reauthorize::class,
];
<?php
namespace App\Http\Middleware;
use Closure;
class Reauthorize
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
//only check after set number of seconds
if ((strtotime('now') - $request->session()->get('reauthorize.last_authorized', 0)) > 10) {
//store the requested url
$request->session()->put('reauthorize.requested_url', $request->route()->uri());
//send to reauthorization page
return redirect()->route('reauthorize');
}
//reset timer if we are already authorized
$request->session()->put('reauthorize.last_authorized', strtotime('now'));
//next layer
return $next($request);
}
}
//reauthorize
Route::get('reauthorize', 'ReauthorizeController@reauthorize')->name('reauthorize');
Route::post('reauthorize', 'ReauthorizeController@processReauthorize')->name('reauthorize.process');
@extends('layouts.master')
@section('content')
<div class="container">
<div class="row">
<div class="col-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-6 col-lg-offset-3 m-auto">
<div class="text-center">
<img src="/images/logo.png" />
<h3 class="my-4">Confirm Password</h3>
</div>
<div class="text-center"></div>
<div class="card">
<div class="card-body">
<form name="reauthorize" method="post" action="{{ route('reauthorize.process') }}">
<!--hidden-->
<input name="_token" type="hidden" value="{{ csrf_token() }}" />
<!--password-->
<div class="form-group row {{ validation_state($errors, ['password']) }}">
<div class="col-12">
<input name="password" type="password" class="form-control" id="password" placeholder="Password" autofocus value="" />
</div>
</div>
<!--submit-->
<div class="form-group row mb-0">
<div class="col-12">
<button name="submit" type="submit" id="submit" class="btn btn-primary btn-block">Confirm Password <i class="fa fa-check-circle"></i></button>
</div>
</div>
</form>
</div>
</div>
<div class="mt-2 px-3" style="font-size: 0.8rem; ">Tip: You are entering sudo mode. We won’t ask for your password again for a few hours. After you've performed a sudo-protected action, you'll only be asked to re-authenticate again after a few hours of inactivity. Every sudo-protected action resets this timer.</div>
</div>
</div>
</div>
@endsection
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment