Demo Projects > framework >

master

laravel/framework

Get started View on GitHub

Last updated at: 29/12/2023 09:20

RequirePassword.php

TLDR

The RequirePassword.php file is part of the Illuminate\Auth\Middleware namespace and contains the RequirePassword class. This class is a middleware that checks if a password confirmation is required and redirects or returns a JSON response accordingly.

Methods

__construct(ResponseFactory $responseFactory, UrlGenerator $urlGenerator, $passwordTimeout = null)

This method initializes a new instance of the RequirePassword middleware class. It takes three parameters:

  • $responseFactory: An instance of the Illuminate\Contracts\Routing\ResponseFactory class.
  • $urlGenerator: An instance of the Illuminate\Contracts\Routing\UrlGenerator class.
  • $passwordTimeout (optional): The password timeout in seconds. If not provided, a default value of 10800 (3 hours) is used.

using($redirectToRoute = null, $passwordTimeoutSeconds = null)

This static method specifies the redirect route and timeout for the middleware. It returns a string representation of the middleware class name, along with the provided parameters. It accepts two parameters:

  • $redirectToRoute (optional): The route to redirect to. If not provided, the default 'password.confirm' route is used.
  • $passwordTimeoutSeconds (optional): The password timeout in seconds. If not provided, the default timeout value is used.

handle($request, Closure $next, $redirectToRoute = null, $passwordTimeoutSeconds = null)

This method handles an incoming request. If password confirmation is required, it returns a JSON response or redirects to the specified route. Otherwise, it passes the request to the next middleware. It accepts four parameters:

  • $request: An instance of the Illuminate\Http\Request class representing the incoming request.
  • $next: The callback representing the next middleware in the pipeline.
  • $redirectToRoute (optional): The route to redirect to if password confirmation is required. If not provided, the default 'password.confirm' route is used.
  • $passwordTimeoutSeconds (optional): The password timeout in seconds. If not provided, the default timeout value is used.

shouldConfirmPassword($request, $passwordTimeoutSeconds = null)

This protected method determines if the confirmation timeout has expired for the password confirmation. It calculates the time since the password was confirmed and checks if it exceeds the specified timeout. It accepts two parameters:

  • $request: An instance of the Illuminate\Http\Request class representing the incoming request.
  • $passwordTimeoutSeconds (optional): The password timeout in seconds. If not provided, the class property $passwordTimeout is used.
<?php

namespace Illuminate\Auth\Middleware;

use Closure;
use Illuminate\Contracts\Routing\ResponseFactory;
use Illuminate\Contracts\Routing\UrlGenerator;

class RequirePassword
{
    /**
     * The response factory instance.
     *
     * @var \Illuminate\Contracts\Routing\ResponseFactory
     */
    protected $responseFactory;

    /**
     * The URL generator instance.
     *
     * @var \Illuminate\Contracts\Routing\UrlGenerator
     */
    protected $urlGenerator;

    /**
     * The password timeout.
     *
     * @var int
     */
    protected $passwordTimeout;

    /**
     * Create a new middleware instance.
     *
     * @param  \Illuminate\Contracts\Routing\ResponseFactory  $responseFactory
     * @param  \Illuminate\Contracts\Routing\UrlGenerator  $urlGenerator
     * @param  int|null  $passwordTimeout
     * @return void
     */
    public function __construct(ResponseFactory $responseFactory, UrlGenerator $urlGenerator, $passwordTimeout = null)
    {
        $this->responseFactory = $responseFactory;
        $this->urlGenerator = $urlGenerator;
        $this->passwordTimeout = $passwordTimeout ?: 10800;
    }

    /**
     * Specify the redirect route and timeout for the middleware.
     *
     * @param  string|null  $redirectToRoute
     * @param  string|int|null  $passwordTimeoutSeconds
     * @return string
     *
     * @named-arguments-supported
     */
    public static function using($redirectToRoute = null, $passwordTimeoutSeconds = null)
    {
        return static::class.':'.implode(',', func_get_args());
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string|null  $redirectToRoute
     * @param  string|int|null  $passwordTimeoutSeconds
     * @return mixed
     */
    public function handle($request, Closure $next, $redirectToRoute = null, $passwordTimeoutSeconds = null)
    {
        if ($this->shouldConfirmPassword($request, $passwordTimeoutSeconds)) {
            if ($request->expectsJson()) {
                return $this->responseFactory->json([
                    'message' => 'Password confirmation required.',
                ], 423);
            }

            return $this->responseFactory->redirectGuest(
                $this->urlGenerator->route($redirectToRoute ?: 'password.confirm')
            );
        }

        return $next($request);
    }

    /**
     * Determine if the confirmation timeout has expired.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int|null  $passwordTimeoutSeconds
     * @return bool
     */
    protected function shouldConfirmPassword($request, $passwordTimeoutSeconds = null)
    {
        $confirmedAt = time() - $request->session()->get('auth.password_confirmed_at', 0);

        return $confirmedAt > ($passwordTimeoutSeconds ?? $this->passwordTimeout);
    }
}