Laravel 5.1 Middleware to check the creation date from a user to change password

I assume the global middleware idea fails when the user hits a route before they sign in, like the login page. Wouldn't it be best just to put the middleware on the __contruct() method of the controllers which you want to trigger the middleware? Takes a little longer than just one global middleware, but lets you avoid routes which are publicly accessible by users that aren't signed in.

Why not check password lifetime on login ?

@bestmomo I want to check this in all the private routes and only allow the user enter when they update their passwords.

Middleware has nothing to do with this, as it is not related to request or response.

I would put this in a View Composer. If the user hasn't changed its password for too long you pass a notification to the view.

@pmall Mmm, it is a good idea but the problem is that if the lifetime of the password is superior I don't have to let the user login until he change his password.

In this case you can put it in a middleware because it will act on the response : it will redirect the user somewhere if this condition is met.

You have to use a route middleware, because session isnt available in global middleware.

if the lifetime of the password is superior I don't have to let the user login until he change his password.

@xMarston Put it in the authentication handler, then. A password policy has nothing to do with requests or responses, that’s business logic.

@martinbean this can be a stupid question but, where is the authentication handler? In which file?