Merge pull request #291 from connorabbas/develop

Confirmable password

Author: connorabbas

app/Http/Controllers/Auth/ConfirmablePasswordController.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Validation\ValidationException;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class ConfirmablePasswordController extends Controller
+{
+    /**
+     * Show the confirm password page.
+     */
+    public function show(): Response
+    {
+        return Inertia::render('auth/ConfirmPassword');
+    }
+
+    /**
+     * Confirm the user's password.
+     */
+    public function store(Request $request): RedirectResponse
+    {
+        $successfullyValidated = Auth::guard('web')->validate([
+            'email' => $request->user()?->email,
+            'password' => $request->password,
+        ]);
+
+        if (!$successfullyValidated) {
+            throw ValidationException::withMessages([
+                'password' => __('auth.password'),
+            ]);
+        }
+
+        $request->session()->put('auth.password_confirmed_at', time());
+
+        return redirect()->intended(route('dashboard', absolute: false));
+    }
+}

resources/js/layouts/UserSettingsLayout.vue

@@ -1,7 +1,6 @@
 <script setup>
 import { computed } from 'vue';
 import { usePage } from '@inertiajs/vue3';
-import PageTitleSection from '@/components/PageTitleSection.vue';
 
 const page = usePage();
 const currentRoute = computed(() => {

resources/js/pages/auth/ConfirmPassword.vue

@@ -0,0 +1,67 @@
+<script setup>
+import { useForm } from '@inertiajs/vue3';
+import GuestAuthLayout from '@/layouts/GuestAuthLayout.vue';
+
+const form = useForm({
+    password: '',
+});
+
+const submit = () => {
+    form.post(route('password.confirm'), {
+        onFinish: () => {
+            form.reset();
+        },
+    });
+};
+</script>
+
+<template>
+    <GuestAuthLayout>
+        <InertiaHead title="Confirm password" />
+
+        <form @submit.prevent="submit">
+            <div class="space-y-6">
+                <PageTitleSection class="text-center">
+                    <template #title>
+                        Confirm your password
+                    </template>
+                    <template #subTitle>
+                        <div class="text-sm">
+                            This is a secure area of the application. Please confirm your password before continuing.
+                        </div>
+                    </template>
+                </PageTitleSection>
+
+                <div class="flex flex-col gap-2">
+                    <label for="password">Password</label>
+                    <Password
+                        v-model="form.password"
+                        :invalid="Boolean(form.errors?.password)"
+                        :feedback="false"
+                        autocomplete="current-password"
+                        inputId="password"
+                        toggleMask
+                        required
+                        fluid
+                    />
+                    <Message
+                        v-if="form.errors?.password"
+                        severity="error"
+                        variant="simple"
+                        size="small"
+                    >
+                        {{ form.errors?.password }}
+                    </Message>
+                </div>
+
+                <div class="flex justify-end items-center">
+                    <Button
+                        :loading="form.processing"
+                        type="submit"
+                        label="Confirm Password"
+                    />
+                </div>
+            </div>
+        </form>
+    </GuestAuthLayout>
+</template>

routes/auth.php

@@ -1,6 +1,7 @@
 <?php
 
 use App\Http\Controllers\Auth\AuthenticatedSessionController;
+use App\Http\Controllers\Auth\ConfirmablePasswordController;
 use App\Http\Controllers\Auth\EmailVerificationNotificationController;
 use App\Http\Controllers\Auth\EmailVerificationPromptController;
 use App\Http\Controllers\Auth\NewPasswordController;
@@ -35,6 +36,9 @@
     Route::post('email/verification-notification', [EmailVerificationNotificationController::class, 'store'])
         ->middleware('throttle:6,1')
         ->name('verification.send');
+    Route::get('confirm-password', [ConfirmablePasswordController::class, 'show'])
+        ->name('password.confirm');
+    Route::post('confirm-password', [ConfirmablePasswordController::class, 'store']);
     Route::post('logout', [AuthenticatedSessionController::class, 'destroy'])
         ->name('logout');
 });

tests/Feature/Auth/PasswordConfirmationTest.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace Tests\Feature\Auth;
+
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class PasswordConfirmationTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_confirm_password_screen_can_be_rendered()
+    {
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)->get('/confirm-password');
+
+        $response->assertStatus(200);
+    }
+
+    public function test_password_can_be_confirmed()
+    {
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)->post('/confirm-password', [
+            'password' => 'password',
+        ]);
+
+        $response->assertRedirect();
+        $response->assertSessionHasNoErrors();
+    }
+
+    public function test_password_is_not_confirmed_with_invalid_password()
+    {
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)->post('/confirm-password', [
+            'password' => 'wrong-password',
+        ]);
+
+        $response->assertSessionHasErrors();
+    }
+}