Route /user/confirmed-password-status
only created if ($enableViews)
despite returning JSON.
#200
Labels
/user/confirmed-password-status
only created if ($enableViews)
despite returning JSON.
#200
Description:
The
/user/confirmed-password-status
route is only createdif ($enableViews)
in https://github.com/laravel/fortify/blob/1.x/routes/routes.php#L113.Actually, though,
\Laravel\Fortify\Http\Controllers\ConfirmedPasswordStatusController::show()
returns JSON - and is really only useful in an SPA (therefore:! $enableViews
).Of course anyone can create this route themselves, but it looks a bit like the declaration was moved inside the
if
block accidentally and should be fixed.Do you agree or am I getting this wrong?
I can see that https://laravel.com/docs/8.x/fortify does not mention
/user/confirmed-password-status
, so maybe the feature is just a left-over.It seems useful to me, though: Writing an SPA i'd want to check if the password confirmation timeout has passed before even asking to re-type the password.
I fail to see why this should be enabled if you are using views. In that case you would much rather redirect to a password confirmation route (
GET /user/confirm-password
) if needed, before performing theFix:
Generally, would you like to see pull requests, or have contributers first ask if a PR is desired?
PS:
\Laravel\Fortify\Http\Controllers\ConfirmablePasswordController::store()
might want to use\Illuminate\Session\Store::passwordConfirmed()
instead of manually calling$request->session()->put('auth.password_confirmed_at', time())
.The text was updated successfully, but these errors were encountered: