From 050c1d880ec1d48ef40d7a0f2b2f1040c23cebb9 Mon Sep 17 00:00:00 2001
From: Dries Vints <dries.vints@gmail.com>
Date: Tue, 8 Oct 2019 11:26:03 +0200
Subject: [PATCH 1/3] Add new password rule language line

---
 resources/lang/en/validation.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php
index e1d879f3..ce1d80dd 100644
--- a/resources/lang/en/validation.php
+++ b/resources/lang/en/validation.php
@@ -93,6 +93,7 @@
     'not_in' => 'The selected :attribute is invalid.',
     'not_regex' => 'The :attribute format is invalid.',
     'numeric' => 'The :attribute must be a number.',
+    'password' => 'The password is incorrect.',
     'present' => 'The :attribute field must be present.',
     'regex' => 'The :attribute format is invalid.',
     'required' => 'The :attribute field is required.',

From 4036f17416549758816894dc52dc54eabcc13914 Mon Sep 17 00:00:00 2001
From: Dries Vints <dries.vints@gmail.com>
Date: Tue, 8 Oct 2019 13:39:57 +0200
Subject: [PATCH 2/3] Remove middleware from password reset

It's not necessary for the user to be logged out when resetting their password. This allows users to reset their password while logged in. Can be used in combination with the new RequiresPassword middleware.
---
 app/Http/Controllers/Auth/ForgotPasswordController.php | 10 ----------
 app/Http/Controllers/Auth/ResetPasswordController.php  | 10 ----------
 2 files changed, 20 deletions(-)

diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
index 6a247fef..465c39cc 100644
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -19,14 +19,4 @@ class ForgotPasswordController extends Controller
     */
 
     use SendsPasswordResetEmails;
-
-    /**
-     * Create a new controller instance.
-     *
-     * @return void
-     */
-    public function __construct()
-    {
-        $this->middleware('guest');
-    }
 }
diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php
index cf726eec..fe965b24 100644
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@@ -26,14 +26,4 @@ class ResetPasswordController extends Controller
      * @var string
      */
     protected $redirectTo = '/home';
-
-    /**
-     * Create a new controller instance.
-     *
-     * @return void
-     */
-    public function __construct()
-    {
-        $this->middleware('guest');
-    }
 }

From ba3aae6c338314c2ba1779f336278c2532071b7c Mon Sep 17 00:00:00 2001
From: Dries Vints <dries.vints@gmail.com>
Date: Tue, 8 Oct 2019 13:45:40 +0200
Subject: [PATCH 3/3] Implement password confirmation

---
 .../Auth/ConfirmPasswordController.php        | 39 +++++++++++++++++++
 app/Http/Kernel.php                           |  1 +
 config/auth.php                               | 13 +++++++
 3 files changed, 53 insertions(+)
 create mode 100644 app/Http/Controllers/Auth/ConfirmPasswordController.php

diff --git a/app/Http/Controllers/Auth/ConfirmPasswordController.php b/app/Http/Controllers/Auth/ConfirmPasswordController.php
new file mode 100644
index 00000000..5b9042c5
--- /dev/null
+++ b/app/Http/Controllers/Auth/ConfirmPasswordController.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\ConfirmsPasswords;
+
+class ConfirmPasswordController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Confirm Password Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password confirmations
+    | and uses a simple trait to include this behavior. You're free to
+    | explore this trait and override any methods you wish to tweak.
+    |
+    */
+
+    use ConfirmsPasswords;
+
+    /**
+     * Where to redirect users when the intended url fails.
+     *
+     * @var string
+     */
+    protected $redirectTo = '/home';
+
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('auth');
+    }
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 0d7d8c15..2741c0a3 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -57,6 +57,7 @@ class Kernel extends HttpKernel
         'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
         'can' => \Illuminate\Auth\Middleware\Authorize::class,
         'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
+        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
         'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
diff --git a/config/auth.php b/config/auth.php
index 897dc826..204a378d 100644
--- a/config/auth.php
+++ b/config/auth.php
@@ -100,4 +100,17 @@
         ],
     ],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Password Confirmation Timeout
+    |--------------------------------------------------------------------------
+    |
+    | Here you may specify the amount of seconds before a password confirmation
+    | is timed out and the user's prompted to give their password again on the
+    | confirmation screen. By default the timeout lasts for three hours.
+    |
+    */
+
+    'password_timeout' => 10800,
+
 ];