Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

pascal78's avatar

Laravel Fortify : stuck with redirection

Hi Everybody !

I'm using Laravel with Fortify for a project and I 'm a bit stuck :

I have users ( students ) wo can be registered( first name, last name & email ) by someone else ( a referrer ) via a registration form. A random password is generated, then an invitation / welcome email is sent to the new users containing their plain password ,

so I would like to allow ( obligate ) the users to change their password the first time they log in , for security reasons.

I have added a nullable field password_changed_at on users table, and created a route middleware protecting the routes to the student workspace :

class IsPasswordChanged
{
    public function handle(Request $request, Closure $next)
    {

        if (auth()->user()->password_changed_at == null) {

            session()->put('intended', url()->current()); 

            return redirect(route('auth.first-change-password'));
        }

        return $next($request);
    }
}

The redirection is working to a blade view whre I recreate the change password : `

 <form action="{{ route('user-password.update') }}" method="post">
        @csrf
        @method('put')
			// field current_password
			//password
			// password_confirmation
			//...

Finally I've added a few lines to the update method of the Fortify Action UpdateUserPassword :

 $user->forceFill([
            'password' => Hash::make($input['password']),
            'password_changed_at' => Carbon::now(),
        ])->save();

        $intended = session()->get('intended', '/');
        
        if (session()->has('intended')) {
            return redirect($intended);
 
        }

when the form is submitted, field password_changed_at is updated, but there is an error as I want to redirect to intended url in session :

Symfony\Component\ErrorHandler\Error\FatalError

A void function must not return a value

Indeed the update method should return void !

I tried to just redirect($intended); without return, but no redirection at all :/

I looked in docs but I still don't understand where and when the redirection happens ...

Maybe I should not rely on Fortify and make a dedicated controller for this action ?

0 likes
1 reply
pascal78's avatar

I made a mistake by confusing the code of the UpdateUserPassword action and the logic of the Fortify PasswordController controller where the redirection is done via PasswordUpdateResponse ...

I have to stop coding before three in the morning 😁

Please or to participate in this conversation.