skip to Main Content

I am using Laravel 9, and I’m trying to get the user to confirm their password before moving forward to a certain route; however, what happens is, that after a user confirms their password, they are redirected back to the route, which redirected them to the password. confirm route (password.confirm is the name of the route) and not the route that should be opened after password confirmation.

Example:

A user access a /settings route via a get method and changes the settings, after changing the settings, in order save the settings they need to access the /settings route via the post method and this /settings (post) route is password protected.

what happens is the user changes the settings (on /settings (gets)) and when they try to save them by accessing the /settings (post) route, they are asked to confirm their password. After confirming their password, they are redirected to /settings (get) instead of /settings (post), which is a route that is supposed to save their changes.

I was using the document for laravel 9.x to get this working without any luck.

According to the documentation, this is the code I’m supposed to add to the web.php file.

Route::get('/confirm-password', function () {

    return view('auth.password.confirm');
})
  ->middleware('auth')
  ->name('password.confirm');

Route::post('/confirm-password', function (Request $request) {

    if (!Hash::check($request->password, $request->user()->password)) {

        return back()->withErrors([
            'password' => ['The provided password does not match our records.']
        ]);
    }

    $request->session()->passwordConfirmed();

    return redirect()->intended();
})
    ->middleware(['auth', 'throttle:6,1']);

2

Answers


  1. Chosen as BEST ANSWER

    I have discovered that the redirect()->intended method does not redirect to the /settings(post) route because it uses a Post method instead of a Get method


  2. There might be an issue in your code that causes the redirection problem.
    Modified Code:

    use IlluminateHttpRequest;
    use IlluminateSupportFacadesHash;
    
    // ...
    
    Route::get('/confirm-password', function () {
        return view('auth.password.confirm');
    })->middleware('auth')->name('password.confirm');
    
    Route::post('/confirm-password', function (Request $request) {
        if (!Hash::check($request->password, $request->user()->password)) {
            return back()->withErrors([
                'password' => ['The provided password does not match our records.']
            ]);
        }
    
        // Instead of 'passwordConfirmed', use 'password.confirm' to store the confirmation status
        $request->session()->put('password.confirm', true);
    
        // Redirect to the intended URL or a default one
        return redirect()->intended('/settings'); // Replace '/settings' with your desired route
    })->middleware(['auth', 'throttle:6,1']);
    

    Modifications:

    • Replaced $request->session()->passwordConfirmed(); with $request->session()->put('password.confirm', true); to store the confirmation status.
    • Changed the return redirect()->intended(); line to return redirect()->intended('/settings'); to redirect to the intended URL or a default one (replace ‘/settings’ with your desired route).
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search