Manual auth in Laravel: password confirmation

jeroenvanrensen

Jeroen van Rensen

Posted on March 31, 2021

Manual auth in Laravel: password confirmation

With the arrival of Laravel 8, new ways for authentication have been added to the Laravel ecosystem. Fortify, Jetstream and Breeze. Although these tools can save you a lot of time, often when you want something more complex they cost you more time.

Fortunately, Laravel allows you to add manual auth without the use of any package, just Laravel's core. In this series, we're going to learn how to add manual auth in Laravel.

These topics will be covered:

Note: For the examples in this series, I've chosen to use controllers and blade views. But you can also use other technologies, like Livewire or Inertia.js.

Getting started

First we'll create a controller to load a view:

// app/Http/Controllers/Auth/PasswordConfirmationController.php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;

class PasswordConfirmationController extends Controller
{
    public function show()
    {
        return view('auth.confirm-password');
    }

    public function handle()
    {
        // Handling the response
    }
}
Enter fullscreen mode Exit fullscreen mode

Routing

Next, we'll add routes:

// routes/web.php

use App\Http\Controllers\Auth\PasswordConfirmationController;
use Illuminate\Support\Facades\Route;

Route::get('/confirm-password', [PasswordConfirmationController::class, 'show'])
    ->middleware('auth')
    ->name('password.confirm');

Route::post('/confirm-password', [PasswordConfirmationController::class, 'handle'])
    ->middleware('auth')
    ->name('password.confirm');
Enter fullscreen mode Exit fullscreen mode

Views

After routing, we create a form for the user to fill in their password. For example:

<!-- resources/views/auth/confirm-password.blade.php -->

<h1>Confirm Password</h1>

<form  action="{{ route('password.confirm') }}" method="post">
    @csrf

    <!-- Password -->
    <label for="password">Password</label>
    <input type="password" name="password" id="password"  />

    <!-- Submit button -->
    <button type="submit">Confirm Password</button>
</form>
Enter fullscreen mode Exit fullscreen mode

Controller logic

Finally, we'll add some code to the handle method:

First, we check if the password is correct:

// app/Http/Controllers/Auth/PasswordConfirmationController.php

use Illuminate\Support\Facades\Hash;

if (!Hash::check(request()->password, auth()->user()->password)) {
    return back()->withErrors(['password' => 'The provided password does not match our records.']);
}
Enter fullscreen mode Exit fullscreen mode

If the password was correct, we will tell Laravel that the password was correct.

// app/Http/Controllers/Auth/PasswordConfirmationController.php

session()->passwordConfirmed();
Enter fullscreen mode Exit fullscreen mode

Finally, we will redirect the user as intented after a success.

// app/Http/Controllers/Auth/PasswordConfirmationController.php

return redirect()->intended();
Enter fullscreen mode Exit fullscreen mode

Conclusion

Where as registering and signing in and out does not use much of Laravel's authentication features, confirming a password does. However, you still have a lot of freedom as to how you want to implement it.

If you at some point couldn't follow the tutorial anymore, this is the finished Auth\PasswordConfirmationController:

<?php

// app/Http/Controller/Auth/PasswordConfirmationController.php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Hash;

class PasswordConfirmationController extends Controller
{
    public function show()
    {
        return view('auth.confirm-password');
    }

    public function handle()
    {
        if (!Hash::check(request()->password, auth()->user()->password)) {
            return back()->withErrors(['password' => 'The provided password does not match our records.']);
        }

        session()->passwordConfirmed();

        return redirect()->intended();
    }
}
Enter fullscreen mode Exit fullscreen mode
💖 💪 🙅 🚩
jeroenvanrensen
Jeroen van Rensen

Posted on March 31, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related