The Laravel v6.2.0 release ships with a new password confirmation feature. This feature allows you to attach a password.confirm middleware to routes where you want a user to re-confirm their password.
Route::get('/secrets', '[email protected]')->middleware('password.confirm');
If you attempt to access the route, you will be prompted to confirm your password, similar to what you may have seen on other applications like GitHub:
The new password confirmation screen
Confirming the password will store a timestamp in the user's session that lasts for three hours by default so users do not have to enter their password during that period again. You may customize this duration using a new password_timeout configuration option in the auth configuration file.
In addition, a new password validation rule has been added to the framework. This validation rule may be used to validate that a given password matches the user's existing password.
Here’s what we've been up to recently.