Open mjamilasfihani opened 3 years ago
Actually, another user had sent me an email with their solution on this, which I think works nicely. I had forgotten about it, unfortunately. If you want to take this and turn it into a PR that would be awesome. Here's their email:
My process of Re-authenticate begin with update the App/Filters and add this line to aliases
'passwordConfirmCheck' => PasswordConfirm::class
and then, add this line to filter, it will tell the fw which place need to Re-authenticate the password
'passwordConfirmCheck' => ['before' => ['acp/user','acp/user/*', 'acp/permission', 'acp/config']],
The password confirm function
/**
* Confirm the password
*/
public function passwordConfirm() {
$this->_render('\acp\password_confirm', $this->_data);
}
public function passwordConfirmAction() {
$inputData = $this->request->getPost();
// Validate data
$rules = [
'password' => 'required',
];
$errMess = [
'password' => [
'required' => lang('User.pw_required')
]
];
//validate the input
if (! $this->validate($rules, $errMess)) {
return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
}
$authenticator = Services::authentication();
if ( !$authenticator->validPassword($inputData['password']) ) {
return redirect()->back()->withInput()->with('error', lang('Auth.invalidPassword'));
} else {
$redirectURL = session('redirect_url') ?? '/';
unset($_SESSION['redirect_url']);
session()->set('password_confirm', $this->user->id);
return redirect()->to($redirectURL);
}
}
View: password_confirm.php
I haven't examined it too closely but seems like a great solution for it.
Thanks for the good news @lonnieezell . I am in fire right now 😂
You can see the detail in project card, here is the link https://github.com/lonnieezell/myth-auth/projects/1#card-37568349
From the ROADMAP https://github.com/lonnieezell/myth-auth/projects/1#card-37568349 I notice that we can use filter (maybe
sudo-su
😄) for give the user access to the page that need to input their password first.how to check it? we can use session to save the key, any flows suggestion? It's honor for me to finish this feature