I've read many posts on how to force a user to create their own password once they log in for the first time, most of them are outdated ever since Laravel 5.4 came along (which I am using).
I am stuck on where to add my middleware to "catch" a new user logging in for the first time. I will be assigning users with temporary passwords, and once they enter the correct credentials in the login form, I want to redirect them to a page where they can create their own password. I do not want a user to be 'authenticated' until they DO create a password. Otherwise, if they try to go anywhere else, they will be sent back to the login page. I would rather not modify any of the base code in Laravel. So,
Would creating an Event be the best way to go?
Or if middleware should be used, where would I place my route? Between my guest middleware and my auth middleware? Here are my routes:
web.php
...
// Login Routes
Route::group(['prefix' => 'auth', 'namespace' => 'Admin\Auth'], function(){
// Login Routes
Route::get('login', 'LoginController@showLoginForm');
Route::post('login', 'LoginController@login');
Route::get('logout', 'LoginController@logout')->name('logout');
// Password Reset Routes
Route::get('password/reset', 'ForgotPasswordController@showLinkRequestForm')->name('password.request');
Route::post('password/email', 'ForgotPasswordController@sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'ResetPasswordController@showResetForm')->name('password.reset');
Route::post('password/reset', 'ResetPasswordController@reset');
});
// Admin Routes
Route::group(['namespace' => 'Admin', 'prefix' => 'admin', 'middleware' => 'auth'], function () {
// Business
Route::get('/', function(){
return view('admin.dashboard');
});
Route::get('profile', 'Settings\UserController@profile');
...
via amcardwell
