Laravel | ask password for certain actions

Question

I have a form in my Laravel project. And when a user tries to submit this form I want to show a dialog asking their password(for additional security). i.e I want the logged in user to enter his/her password when he/she wants to do some critical actions and verify that password.

I can figure out the front-end part of this but I don't know how to implement the controller logic for the same.

From documentation I found Auth::check() but it only checks if the current user is logged in or not.

How should I go about doing this?

Answer 1

In your controller you can use a standard Laravel validator rule to check that the form field value supplied matches the current user's password. For example if the name of the password field in your UI is password then you would use:

    $validated = $request->validate([
        'password' => 'current_password'
    ]);

For more information about validation and the current password rule see the Laravel docs here: https://laravel.com/docs/9.x/validation#rule-current-password

Answer 2

I am actually planning to implement this on one of my websites. Lately, I have been going thought the planning and this is what I came through with:

1. When user comes to the app, he/she logs in
2. He/she adds some of the item to cart. The user has been already auth-ed, so this is not issue.
3. When he/she tries to checkout, check for existence of very specific session item (e.g. REAUTH_SUCCESS) and if such existed, proceed. Otherwise, go back and print login form with password field alone. After this, it is just matter of doing what @Alexey and @Robert suggested in their answers.

Hope this helps.

Answer 3

You can ask logged in user for a password and then check it manually with check() method, for example:

if (Hash::check(request('password'), auth()->user()->password))

The first argument is a password entered by a user. The second argument is hashed password from DB.