Password Confirmation for Edit Profile page
Password Confirmation to view Profile page
Hi π
I am using
->profile on one of my panels and want to have password confirmation (preferably in a modal) before being able to access the Edit Profile form. Following https://v2.filamentphp.com/tricks/password-confirmation-action I have created PasswordAction and tried to add it within AdminPanelProvider
which gives the following error
Filament\Panel::Filament\Panel\Concerns\{closure}(): Argument #1 ($item) must be of type Filament\Navigation\MenuItem, Filament\Actions\Action given
Any ideas if this is feasible and how to approach it?
Thanks πFilament
Password confirmation action by Jeff Greco - Tricks - Filament
Filament is a collection of tools for rapidly building beautiful TALL stack apps, designed for humans.
9 Replies
do you even need it, why not just put a guard / policy in place so that only the authenticated user can view the page.
There are requirements I have been given that say we need a PasswordConfirmation modal (could even be a screen) before accessing the Edit Profile and potentially changing the account information of the currently logged-in/authed User.
So it is needed I'm just looking for whether it's possible to do this for a panels link before I end up creating a custom page just to add an action or middleware in front of it
Just confused why the profile page would load any data that is not the logged in users data. And if the profile users Iβd in in the url then a policy could be used to make it so only the logged in user can access their own profile. These two approaches are what makes it safe. A password confirmation isnβt going to be safe if that password could be guessed or hacked.
But as your error implies, you canβt just pass an action to the menu builder it would have to be a menuItem that has an action on it.
To try and clarify a little further. The use case is that in a busy industry a user could potentially leave their user logged in on a system that is potentially accessible by other members of staff.
Therefore an additional safeguard of asking for the user's password before changing their account information is required.
Generally though it isn't uncommon for applications to require a user to confirm their password before the action is performed.I'm trying to implement functionality similar to Laravel Jetstream https://jetstream.laravel.com/features/password-confirmation.html π€
Is it possible to add an action to https://github.com/filamentphp/filament/blob/3.x/packages/panels/src/Navigation/MenuItem.php if it is then that is a route I could take. Do you know of any examples of how that can be done?
only way i can think to put an action in the user menu is with a renderhook, but that's going to put it at the top or bottom of the menu if you're ok with that.
And I get what you are saying, but I still feel the approach is wrong based on your use case. If you're worried about people leaving their apps open then you it would be better to expire their session after x amount of time.
I mean changing someones profile is the least of your problems if the non logged in user can use that account to change other data, ie add / delete other users with inappropriate permissions.
@deploynotfound If you are asking to do something similar to Laravel Jetstream, then just use a Confirmation model with a form inside with the password. https://filamentphp.com/docs/3.x/actions/modals#confirmation-modals
@deploynotfound A policy check, or really anything on the Edit Profile page, could open the modal on visitation of the page, and ask the user for their password before continuing. If the user fails the password confirmation you can do whatever you want such as redirecting them back to the previous page they were on or logging them out of the application, etc...
Thank you both for your responses! We are going to try opening a modal on the visitation of the edit page itself rather than trying to add a action/hook that it fired on click of Edit Profile π
Sounds good, your welcome.