Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[6.x] Handle ajax requests in RequirePassword middleware #30390

Merged
merged 1 commit into from
Oct 23, 2019
Merged

[6.x] Handle ajax requests in RequirePassword middleware #30390

merged 1 commit into from
Oct 23, 2019
+4 −0

Conversation

netpok
Copy link
Contributor

@netpok netpok commented Oct 22, 2019

The newly introduced RequirePassword middleware does not handle ajax requests very well.

This pull request addresses this problem, for easier handling via ajax frontend libraries (like axios), I'm proposing that the error should be sent with error code 423 Locked as this would allow relatively easy handling with response interceptors.

Considered alternative error codes:

  • 400 Bad Request: Simply too broad to be easily handled.
  • 401 Unauthorized: This response is used when the authorization is missing or invalid, both of these are not true in this case. Furthermore many implementations use this error code to trigger a login flow.
  • 403 Forbidden: This response is used when the user does not have permission to access the resource, here we don't know that yet (it's handled later).
  • 423 Locked: Semantically correct because the accessed resource is locked behind the password confirmation. Also it is not used for anything else by Laravel.

I'm open for different error code ideas.

@netpok netpok force-pushed the feature/password-confirmation-ajax-error branch from e6179d8 to bcb06bc Compare October 22, 2019 22:37
@netpok netpok force-pushed the feature/password-confirmation-ajax-error branch from bcb06bc to 93eb836 Compare October 22, 2019 22:37
@taylorotwell taylorotwell merged commit 93eb836 into laravel:6.x Oct 23, 2019
@taylorotwell
Copy link
Member

Can't use foundation helpers from components. Used response factory instead.

@netpok
Copy link
Contributor Author

netpok commented Oct 23, 2019

Sorry, I missed that.

@netpok netpok deleted the feature/password-confirmation-ajax-error branch October 23, 2019 14:26
Omranic added a commit to rinvex/cortex-auth-classic that referenced this pull request Nov 9, 2019
@Omranic
Laravel v6.4.x / Handle ajax requests in RequirePassword middleware (…
0702608 
…#30390, 331c354)

https://blog.laravel.com/laravel-v6-4-0-released
laravel/framework#30390
laravel/framework@331c354
Omranic added a commit to rinvex/cortex-auth-classic that referenced this pull request Nov 23, 2019
@Omranic
Merge branch 'release/v4.1.0'
8a49710 
* release/v4.1.0:
  Bump version
  Add dockblock note for the future
  Refactor Login Throttle to use "ThrottleRequests" middleware
  Move "Remember previous URL for later redirect back" to exception handler
  Laravel v6.4.x / Handle ajax requests in RequirePassword middleware (#30390, 331c354) https://blog.laravel.com/laravel-v6-4-0-released laravel/framework#30390 laravel/framework@331c354
  Update Reauthenticate middleware to be compatible with Laravel v6.3 Use contracts for the RequirePassword middleware (#30215) laravel/framework@53b6471
  Refactor Reauthentication feature to be compatible with the new Laravel v6.2 feature https://laravel-news.com/new-password-confirmation-in-laravel-6-2
  change account display name as the two children account and settings have the same name (#87)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@netpok @taylorotwell