kshitizmittal's avatar

Force Password Reset

Want to restrict user to go further in application, if he doesn't submit the force password reset form.

How can I do this , I have added a column to check password has been changed by user or not in User.php model or users table.

0 likes
3 replies
manelgavalda's avatar

You can check the user column that let you know if the user needs to reset the password, and redirect him to the reset-password view with a middleware. Something like this:

//middleware

class EnsurePasswordReset
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (auth()->user()->needsToResetPassword()) {
            return redirect(route('auth.password'));
        }

        return $next($request);
    }
}

Docs: https://laravel.com/docs/5.7/middleware#defining-middleware

kshitizmittal's avatar

@MANELGAVALDA - How to check this middleware after login or everytime when user tries to redirect without changing password??

manelgavalda's avatar

@KSHITIZMITTAL - You need to have the user to know if he reseted the password, so use it on all routes, except the auth routes :

Auth::routes();

Route::middleware('ensurePasswordReset')->group(function () {
    // your routes
});

Please or to participate in this conversation.