allow password confirmation customization

Author: taylorotwell

src/Fortify.php

@@ -31,6 +31,13 @@ class Fortify
      */
     public static $authenticateUsingCallback;
 
+    /**
+     * The callback that is responsible for confirming user passwords.
+     *
+     * @var callable|null
+     */
+    public static $confirmPasswordsUsingCallback;
+
     /**
      * Indicates if Fortify routes will be registered.
      *
@@ -197,6 +204,17 @@ public static function authenticateUsing(callable $callback)
         static::$authenticateUsingCallback = $callback;
     }
 
+    /**
+     * Register a callback that is responsible for confirming existing user passwords as valid.
+     *
+     * @param  callable  $callback
+     * @return void
+     */
+    public static function confirmPasswordsUsing(callable $callback)
+    {
+        static::$confirmPasswordsUsingCallback = $callback;
+    }
+
     /**
      * Register a class / callback that should be used to create new users.
      *

src/Http/Controllers/ConfirmablePasswordController.php

@@ -8,6 +8,7 @@
 use Laravel\Fortify\Contracts\ConfirmPasswordViewResponse;
 use Laravel\Fortify\Contracts\FailedPasswordConfirmationResponse;
 use Laravel\Fortify\Contracts\PasswordConfirmedResponse;
+use Laravel\Fortify\Fortify;
 
 class ConfirmablePasswordController extends Controller
 {
@@ -48,16 +49,26 @@ public function show(Request $request)
      */
     public function store(Request $request)
     {
-        $username = config('fortify.username');
+        if (Fortify::$confirmPasswordsUsingCallback) {
+            $confirmed = call_user_func(
+                Fortify::$confirmPasswordsUsingCallback,
+                $request->user(),
+                $request
+            );
+        } else {
+            $username = config('fortify.username');
 
-        if ($status = $this->guard->validate([
-            $username => $request->user()->{$username},
-            'password' => $request->input('password'),
-        ])) {
+            $confirmed = $this->guard->validate([
+                $username => $request->user()->{$username},
+                'password' => $request->input('password')
+            ]);
+        }
+
+        if ($confirmed) {
             $request->session()->put('auth.password_confirmed_at', time());
         }
 
-        return $status
+        return $confirmed
                     ? app(PasswordConfirmedResponse::class)
                     : app(FailedPasswordConfirmationResponse::class);
     }

tests/ConfirmablePasswordControllerTest.php

@@ -4,6 +4,7 @@
 
 use Illuminate\Foundation\Auth\User;
 use Laravel\Fortify\Contracts\ConfirmPasswordViewResponse;
+use Laravel\Fortify\Fortify;
 
 class ConfirmablePasswordControllerTest extends OrchestraTestCase
 {
@@ -68,6 +69,26 @@ public function test_password_confirmation_can_fail()
         $this->assertNotEquals($response->getTargetUrl(), 'http://foo.com/bar');
     }
 
+    public function test_password_confirmation_can_be_customized()
+    {
+        Fortify::$confirmPasswordsUsingCallback = function () {
+            return true;
+        };
+
+        $response = $this->withoutExceptionHandling()
+            ->actingAs($this->user)
+            ->withSession(['url.intended' => 'http://foo.com/bar'])
+            ->post(
+                '/user/confirm-password',
+                ['password' => 'invalid']
+            );
+
+        $response->assertSessionHas('auth.password_confirmed_at');
+        $response->assertRedirect('http://foo.com/bar');
+
+        Fortify::$confirmPasswordsUsingCallback = null;
+    }
+
     public function test_password_can_be_confirmed_with_json()
     {
         $response = $this->actingAs($this->user)