Build a Starter Kit With Inertia and Fortify
This episode is for members only

Sign up to access "Build a Starter Kit With Inertia and Fortify" right now.

Get started
Already a member? Sign in to continue
Playing
26. Confirming user passwords

Episodes

0%
Your progress
  • Total: 5h 21m
  • Played: 0m
  • Remaining: 5h 21m
Join or sign in to track your progress
01. Setting up
01. Introduction and demo
4m 30s
0%
02. Installing Inertia from scratch
11m 49s
0%
03. Installing Tailwind
3m 24s
0%
04. Layout and navigation
31m 15s
0%
05. Installing Fortify
6m 10s
0%
06. Exposing routes with Ziggy
6m 44s
0%
07. Global modals
23m 41s
0%
02. Authentication
08. Registering users
13m 56s
0%
09. Sharing the authenticated user globally
5m 48s
0%
10. Signing in
9m 27s
0%
11. Signing out
2m 39s
0%
12. Redirecting to the intended location
4m 58s
0%
03. Feature management
13. Adding feature management checks
3m 14s
0%
14. Client-side feature management
5m 53s
0%
04. Building a toast feature
15. Basic flash messages with Inertia
7m 51s
0%
16. Building a toast plugin
15m 38s
0%
17. Styling and transitioning the toast
4m 53s
0%
05. Profile management
18. Creating an account layout
13m 24s
0%
19. Detecting and highlighting current pages
5m 22s
0%
20. Updating profile details
9m 22s
0%
21. Profile photo output and swapping
9m 17s
0%
22. Storing a profile photo
13m
0%
23. Changing user passwords
9m 9s
0%
24. Account feature toggling
8m 19s
0%
06. Password confirmation
25. Using a modal for password confirmation
8m 16s
0%
26. Confirming user passwords
4m 23s
0%
07. Two factor authentication
27. Building the two factor modal
9m 7s
0%
28. Showing a QR code
7m 44s
0%
29. Enabling two factor authentication
6m 52s
0%
30. Disabling two factor authentication
1m 35s
0%
31. Showing recovery codes
4m 37s
0%
32. Fixing password confirm redirect
9m 42s
0%
33. Fixing password confirm flow when enabling
3m 26s
0%
34. Challenging the user when signing in
5m 58s
0%
08. Email verification
35. Mail setup and forcing email verification
4m 8s
0%
36. Adding a verification notice
3m 42s
0%
37. Resending the verification email
3m 27s
0%
09. Account recovery
38. Sending a recovery email
8m 45s
0%
39. Setting a new password
8m 22s
0%
10. Fixes and improvements
40. Closing the user navigation on click
2m 12s
0%

Transcript

00:00
so all we need to do now is go ahead and fill in the form that we have here and of course just send a request through to fortify to confirm the password, so let's go ahead and get started on our password confirm modal or confirm password modal and just go ahead and fill this in, okay so we're going to go ahead and steal some stuff from the login template so we'll grab the
00:22
password from here, I've also just noticed that we have errors.name there which we probably should change at this point so let's go ahead and grab the password from this and we'll wrap this in a form of course, we won't have an action there either and let's put that in there and we'll go ahead and grab the button from our login form as well, so let's find that button and just go ahead
00:43
and pull this over and we're just going to say continue in here and let's go up to the top here fill in the form stuff, so let's look for our form again and let's just pull in the class and the action for this as well, okay so we don't have a form in here at the moment so let's go ahead and create out a form, the only thing that we need to pass down when we're confirming a password is just a
01:09
password, so we'll go ahead and add the password in there and now we can just figure out where the root lives inside of our application, so we'll say php artisan root list again and sure enough we have a post to user slash confirm password which is password dot confirm, so very easily we can just swap this out here for that and we should be good because these are all hooked up because we
01:32
copied and pasted them over and let's try it out, so I'm going to head over to my dashboard and sure enough we have our password, let's go ahead and open up our network tab just to keep an eye on this, I'm going to go enter an incorrect password and sure enough we see the provided password was incorrect and then I'm going to go ahead and enter my actual password, hit continue and there we go
01:51
we are on our dashboard which is great, so now because this is stored in our session cookie we can just access this dashboard, now I'm going to talk quickly about how we can customize this behavior either if you need to customize the time for security reasons and also while we're developing we probably want to trigger this at some point without having to go into the storage
02:13
section of our browser and deleting the cookies and logging us out, so how do we customize this, well let's dive into the source for this and just see what we have, so if we go over to our kernel again let's have a look at this require password middleware once again, so if we come down here we've got the password timeout, we're not going to do that in the constructor because we don't modify
02:34
the construct within our middleware, we've got this using as well which is probably going to be useful to set the password timeout seconds and we've got the signature of this as well, now because this is a null value we can't pass this down as a string within our middleware stuff by that I mean if we head over to our web roots and we try and do something like null and then one
02:54
as the second timeout, null is a string value so it's not quite going to work here, it's not going to set that as a default of null, so this will probably just completely break this functionality and just not work, so what we're going to do is use this using static method and reference the middleware directly, so let's find out what that's called require password, so let's say
03:17
require password using say null for the redirect and then we'll say one for the timeout just in here, so this is just an alternative way of using middleware, so let's go over give this a refresh we've got one second timeout now for our password confirmation, so there we go it's allowing us or showing us the password confirmation modal, I can click through to continue but the next time I do
03:39
it because we have that one second delay it's showing it again, so this is helpful for obviously high security applications where you need to continually ask the user for their password probably not every one second but we can decrease that but it's also really useful for debugging as well so we can switch that timeout over so we can continue to see this modal even once we've
04:01
confirmed our password, okay so I'm going to get rid of that I'm just going to put it down here as a note so we've got that and that's pretty much it we can now access an area once we've confirmed our password we don't need that for our dashboard but when we move on to our two-factor authentication this modal is going to be automatically triggered but we now have it so we're good to go.

Episode overview

In this episode, we're working on the password confirmation modal for our app. We'll start by putting together a basic form for the user to enter their password, and to make things quicker, we'll copy some input fields and button elements from our login form. After that, we wrap everything up in a form and make sure it posts to the correct route, which is user/confirm-password. We use Laravel's Fortify routes here, so most of the wiring is already taken care of for us.

We test things by entering both incorrect and correct passwords, keeping an eye on the network tab to see the requests go through. You'll see what happens when the wrong password is provided (an error message shows up), and when the correct one is used, we get access to the dashboard as expected.

Afterward, we dive a little deeper into how password confirmation works behind the scenes. We look at the middleware in Laravel that handles this, specifically how you can customize the timeout for how long the password confirmation is valid. For development or for high-security situations, you can tweak this timeout really easily, which comes in handy if you want to keep seeing the confirmation modal repeatedly for testing, or make things more secure in production.

By the end, you'll have a working password confirmation modal that ties right in with your existing forms and authentication flow, setting us up nicely for even more security features, like two-factor authentication, in future episodes.

Episode discussion

No comments, yet. Be the first!