英文:
Laravel 9 password.confirm middleware feature not working
问题
我正在尝试在我的一些需要安全保护的路由中使用password.confirm中间件。我希望用户在生成特定的POST请求时应该确认他的密码。
此外,password.confirm中间件已添加到app/Http/Kernel.php文件的$routeMiddleware属性中。
这是我的web.php中路由的样子。
Route::post('fetchResult', [ReportController::class, 'fetchResult'])->name('fetchComplaintResult')->middleware('password.confirm');
但它不起作用。当我生成POST请求时,它直接命中到控制器的fetchResult方法,与往常一样。
我的控制器函数:
public function fetchResult(Request $request){Model::create(['id' => $request->id,'action' => $request->action,'comments' => $request->comment]);// 其他操作}
我是否遗漏了什么?
英文:
I am trying to use the password.confirm middleware in some of my routes which I need to be secured. I want a user should confirm his password when he generate a specific post request.
Also, password.confirm middleware is added $routeMiddleware property in the app/Http/Kernel.php file.
This is what my route looks like in web.php.
Route::post('fetchResult', [ReportController::class, 'fetchResult'])->name('fetchComplaintResult')->middleware('password.confirm');
But it is not working. When I generate post request it directly hit to controller fetchResult method as usual.
My controller function:
public function fetchResult(Request $request){Model::create(['id' => $request->id,'action' => $request->action,'comments' => $request->comment]);// Other Action}
Am I missing something ??
答案1
得分: 2
如果你想在每次需要确认密码时得到提示,你应该像这样编写你的路由:
Route::post('fetchResult', [ReportController::class, 'fetchResult'])->name('fetchComplaintResult')->middleware('password.confirm:password.confirm,1');
为什么?
password.confirm 中间件映射到 Illuminate\Auth\Middleware\RequirePassword 类。以下是它的代码。
use Closure;use Illuminate\Contracts\Routing\ResponseFactory;use Illuminate\Contracts\Routing\UrlGenerator;class RequirePassword{/*** The response factory instance.** @var \Illuminate\Contracts\Routing\ResponseFactory*/protected $responseFactory;/*** The URL generator instance.** @var \Illuminate\Contracts\Routing\UrlGenerator*/protected $urlGenerator;/*** The password timeout.** @var int*/protected $passwordTimeout;/*** 创建一个新的中间件实例。** @param \Illuminate\Contracts\Routing\ResponseFactory $responseFactory* @param \Illuminate\Contracts\Routing\UrlGenerator $urlGenerator* @param int|null $passwordTimeout* @return void*/public function __construct(ResponseFactory $responseFactory, UrlGenerator $urlGenerator, $passwordTimeout = null){$this->responseFactory = $responseFactory;$this->urlGenerator = $urlGenerator;$this->passwordTimeout = $passwordTimeout ?: 10800;}/*** 处理传入的请求。** @param \Illuminate\Http\Request $request* @param \Closure $next* @param string|null $redirectToRoute* @param int|null $passwordTimeoutSeconds* @return mixed*/public function handle($request, Closure $next, $redirectToRoute = null, $passwordTimeoutSeconds = null){if ($this->shouldConfirmPassword($request, $passwordTimeoutSeconds)) {if ($request->expectsJson()) {return $this->responseFactory->json(['message' => 'Password confirmation required.',], 423);}return $this->responseFactory->redirectGuest($this->urlGenerator->route($redirectToRoute ?? 'password.confirm'));}return $next($request);}/*** 确定确认超时是否已过期。** @param \Illuminate\Http\Request $request* @param int|null $passwordTimeoutSeconds* @return bool*/protected function shouldConfirmPassword($request, $passwordTimeoutSeconds = null){$confirmedAt = time() - $request->session()->get('auth.password_confirmed_at', 0);return $confirmedAt > ($passwordTimeoutSeconds ?? $this->passwordTimeout);}}
需要注意的重要部分是 handle 方法的签名:
public function handle($request, Closure $next, $redirectToRoute = null, $passwordTimeoutSeconds = null)
在这里,$redirectToRoute 和 $passwordTimeoutSeconds 是我们可以在路由文件中设置的参数。
$redirectToRoute 在 handle 方法中像这样使用:
$this->urlGenerator->route($redirectToRoute ?? 'password.confirm')
$passwordTimeoutSeconds 在 shouldConfirmPassword 方法中使用:
return $confirmedAt > ($passwordTimeoutSeconds ?? $this->passwordTimeout);
由于它被设置为 null,所以与之比较的值是 $this->passwordTimeout,它在构造函数中被设置为 10800(10800 秒 = 180 分钟 = 3 小时)。
因此,总结一下,我们需要设置 $passwordTimeoutSeconds 参数。由于它是第二个参数,我们还需要设置 $redirectToRoute 参数。
更多信息,请参考 Laravel 文档。
英文:
If you want to get prompted to confirm your password every time you should write your route like this:
Route::post('fetchResult', [ReportController::class, 'fetchResult'])->name('fetchComplaintResult')->middleware('password.confirm:password.confirm,1');
Why?
The password.confirm middleware maps to the Illuminate\Auth\Middleware\RequirePassword class. This is its code.
use Closure;use Illuminate\Contracts\Routing\ResponseFactory;use Illuminate\Contracts\Routing\UrlGenerator;class RequirePassword{/*** The response factory instance.** @var \Illuminate\Contracts\Routing\ResponseFactory*/protected $responseFactory;/*** The URL generator instance.** @var \Illuminate\Contracts\Routing\UrlGenerator*/protected $urlGenerator;/*** The password timeout.** @var int*/protected $passwordTimeout;/*** Create a new middleware instance.** @param \Illuminate\Contracts\Routing\ResponseFactory $responseFactory* @param \Illuminate\Contracts\Routing\UrlGenerator $urlGenerator* @param int|null $passwordTimeout* @return void*/public function __construct(ResponseFactory $responseFactory, UrlGenerator $urlGenerator, $passwordTimeout = null){$this->responseFactory = $responseFactory;$this->urlGenerator = $urlGenerator;$this->passwordTimeout = $passwordTimeout ?: 10800;}/*** Handle an incoming request.** @param \Illuminate\Http\Request $request* @param \Closure $next* @param string|null $redirectToRoute* @param int|null $passwordTimeoutSeconds* @return mixed*/public function handle($request, Closure $next, $redirectToRoute = null, $passwordTimeoutSeconds = null){if ($this->shouldConfirmPassword($request, $passwordTimeoutSeconds)) {if ($request->expectsJson()) {return $this->responseFactory->json(['message' => 'Password confirmation required.',], 423);}return $this->responseFactory->redirectGuest($this->urlGenerator->route($redirectToRoute ?? 'password.confirm'));}return $next($request);}/*** Determine if the confirmation timeout has expired.** @param \Illuminate\Http\Request $request* @param int|null $passwordTimeoutSeconds* @return bool*/protected function shouldConfirmPassword($request, $passwordTimeoutSeconds = null){$confirmedAt = time() - $request->session()->get('auth.password_confirmed_at', 0);return $confirmedAt > ($passwordTimeoutSeconds ?? $this->passwordTimeout);}}
The important parts to note are the handle method's signature:
public function handle($request, Closure $next, $redirectToRoute = null, $passwordTimeoutSeconds = null)
Here, $redirectToRoute and $passwordTimeoutSeconds are arguments we can set in the route file.
$redirectToRoute is used like this in the handle method:
$this->urlGenerator->route($redirectToRoute ?? 'password.confirm')
$passwordTimeoutSeconds is used here in the shouldConfirmPassword method.
return $confirmedAt > ($passwordTimeoutSeconds ?? $this->passwordTimeout);
Since it's set to null, the value $confirmedAt is compared to is $this->passwordTimeout, which is set in the constructor to 10800. (10800 seconds = 180 minutes = 3 hours).
So in summary we need to set the $passwordTimeoutSeconds parameter. Since it's the second parameter, we also need to set the $redirectToRoute parameter.
https://laravel.com/docs/9.x/middleware#middleware-parameters
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论