From a06cd105eb888f6a2c6815d36e7b500f6fc89a60 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Fri, 11 Sep 2020 14:50:33 -0500
Subject: [PATCH 01/10] confirmable

---
 .../components/confirms-password.blade.php    |  44 +++++++
 src/ConfirmsPasswords.php                     | 111 ++++++++++++++++++
 .../Livewire/TwoFactorAuthenticationForm.php  |  17 +++
 src/JetstreamServiceProvider.php              |   1 +
 .../two-factor-authentication-form.blade.php  |  16 ++-
 5 files changed, 183 insertions(+), 6 deletions(-)
 create mode 100644 resources/views/components/confirms-password.blade.php
 create mode 100644 src/ConfirmsPasswords.php

diff --git a/resources/views/components/confirms-password.blade.php b/resources/views/components/confirms-password.blade.php
new file mode 100644
index 000000000..6692e3dd3
--- /dev/null
+++ b/resources/views/components/confirms-password.blade.php
@@ -0,0 +1,44 @@
+@php
+    $confirmableId = md5($attributes->wire('then'));
+@endphp
+
+<span
+    {{ $attributes->wire('then') }}
+    x-data
+    x-ref="span"
+    x-on:click="$wire.startConfirmingPassword('{{ $confirmableId }}')"
+    x-on:password-confirmed.window="setTimeout(() => $event.detail.id === '{{ $confirmableId }}' && $refs.span.dispatchEvent(new CustomEvent('then', { bubbles: false })), 250);"
+>
+    {{ $slot }}
+</span>
+
+@once
+<x-jet-dialog-modal wire:model="confirmingPassword">
+    <x-slot name="title">
+        Confirm Password
+    </x-slot>
+
+    <x-slot name="content">
+        {{ __('For your security, please enter your password to continue.') }}
+
+        <div class="mt-4" x-data="{}" x-on:confirming-password.window="setTimeout(() => $refs.confirmable_password.focus(), 250)">
+            <x-jet-input type="password" class="mt-1 block w-3/4" placeholder="Password"
+                        x-ref="confirmable_password"
+                        wire:model.defer="confirmablePassword"
+                        wire:keydown.enter="confirmPassword" />
+
+            <x-jet-input-error for="confirmable_password" class="mt-2" />
+        </div>
+    </x-slot>
+
+    <x-slot name="footer">
+        <x-jet-secondary-button wire:click="stopConfirmingPassword" wire:loading.attr="disabled">
+            Nevermind
+        </x-jet-secondary-button>
+
+        <x-jet-button class="ml-2" wire:click="confirmPassword" wire:loading.attr="disabled">
+            Confirm
+        </x-jet-button>
+    </x-slot>
+</x-jet-dialog-modal>
+@endonce
diff --git a/src/ConfirmsPasswords.php b/src/ConfirmsPasswords.php
new file mode 100644
index 000000000..a76e965f5
--- /dev/null
+++ b/src/ConfirmsPasswords.php
@@ -0,0 +1,111 @@
+<?php
+
+namespace Laravel\Jetstream;
+
+use Illuminate\Contracts\Auth\StatefulGuard;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Validation\ValidationException;
+use Laravel\Fortify\Actions\ConfirmPassword;
+
+trait ConfirmsPasswords
+{
+    /**
+     * Indicates if the user's password is being confirmed.
+     *
+     * @var bool
+     */
+    public $confirmingPassword = false;
+
+    /**
+     * The ID of the operation being confirmed.
+     *
+     * @var string|null
+     */
+    public $confirmableId = null;
+
+    /**
+     * The user's password.
+     *
+     * @var string
+     */
+    public $confirmablePassword = '';
+
+    /**
+     * Start confirming the user's password.
+     *
+     * @param  string  $confirmableId
+     * @return void
+     */
+    public function startConfirmingPassword(string $confirmableId)
+    {
+        $this->resetErrorBag();
+
+        if ($this->passwordIsConfirmed()) {
+            return $this->dispatchBrowserEvent('password-confirmed', [
+                'id' => $confirmableId
+            ]);
+        }
+
+        $this->confirmingPassword = true;
+        $this->confirmableId = $confirmableId;
+        $this->confirmablePassword = '';
+
+        $this->dispatchBrowserEvent('confirming-password');
+    }
+
+    /**
+     * Stop confirming the user's password.
+     *
+     * @return void
+     */
+    public function stopConfirmingPassword()
+    {
+        $this->confirmingPassword = false;
+        $this->confirmableId = null;
+        $this->confirmablePassword = '';
+    }
+
+    /**
+     * Confirm the user's password.
+     *
+     * @return void
+     */
+    public function confirmPassword()
+    {
+        if (! app(ConfirmPassword::class)(app(StatefulGuard::class), Auth::user(), $this->confirmablePassword)) {
+            throw ValidationException::withMessages([
+                'confirmable_password' => [__('This password does not match our records.')],
+            ]);
+        }
+
+        session(['auth.password_confirmed_at' => time()]);
+
+        $this->dispatchBrowserEvent('password-confirmed', [
+            'id' => $this->confirmableId
+        ]);
+
+        $this->stopConfirmingPassword();
+    }
+
+    /**
+     * Ensure that the user's password has been recently confirmed.
+     *
+     * @param  int  $maximumSecondsSinceConfirmation
+     * @return void
+     */
+    protected function ensurePasswordIsConfirmed($maximumSecondsSinceConfirmation = 900)
+    {
+        return $this->passwordIsConfirmed($maximumSecondsSinceConfirmation) ? null : abort(403);
+    }
+
+    /**
+     * Determine if the user's password has been recently confirmed.
+     *
+     * @param  int  $maximumSecondsSinceConfirmation
+     * @return bool
+     */
+    protected function passwordIsConfirmed($maximumSecondsSinceConfirmation = 900)
+    {
+        return (time() - session('auth.password_confirmed_at', 0)) < $maximumSecondsSinceConfirmation;
+    }
+}
diff --git a/src/Http/Livewire/TwoFactorAuthenticationForm.php b/src/Http/Livewire/TwoFactorAuthenticationForm.php
index 74d05bff4..b66220449 100644
--- a/src/Http/Livewire/TwoFactorAuthenticationForm.php
+++ b/src/Http/Livewire/TwoFactorAuthenticationForm.php
@@ -6,10 +6,13 @@
 use Laravel\Fortify\Actions\DisableTwoFactorAuthentication;
 use Laravel\Fortify\Actions\EnableTwoFactorAuthentication;
 use Laravel\Fortify\Actions\GenerateNewRecoveryCodes;
+use Laravel\Jetstream\ConfirmsPasswords;
 use Livewire\Component;
 
 class TwoFactorAuthenticationForm extends Component
 {
+    use ConfirmsPasswords;
+
     /**
      * Indicates if two factor authentication QR code is being displayed.
      *
@@ -38,6 +41,18 @@ public function enableTwoFactorAuthentication(EnableTwoFactorAuthentication $ena
         $this->showingRecoveryCodes = true;
     }
 
+    /**
+     * Display the user's recovery codes.
+     *
+     * @return void
+     */
+    public function showRecoveryCodes()
+    {
+        $this->ensurePasswordIsConfirmed();
+
+        $this->showingRecoveryCodes = true;
+    }
+
     /**
      * Generate new recovery codes for the user.
      *
@@ -46,6 +61,8 @@ public function enableTwoFactorAuthentication(EnableTwoFactorAuthentication $ena
      */
     public function regenerateRecoveryCodes(GenerateNewRecoveryCodes $generate)
     {
+        $this->ensurePasswordIsConfirmed();
+
         $generate(Auth::user());
 
         $this->showingRecoveryCodes = true;
diff --git a/src/JetstreamServiceProvider.php b/src/JetstreamServiceProvider.php
index fe2eb4fe0..7c7582ccd 100644
--- a/src/JetstreamServiceProvider.php
+++ b/src/JetstreamServiceProvider.php
@@ -94,6 +94,7 @@ protected function configureComponents()
             $this->registerComponent('authentication-card-logo');
             $this->registerComponent('button');
             $this->registerComponent('confirmation-modal');
+            $this->registerComponent('confirms-password');
             $this->registerComponent('danger-button');
             $this->registerComponent('dialog-modal');
             $this->registerComponent('dropdown');
diff --git a/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php b/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
index cdc531ecf..d26a4b5fb 100644
--- a/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
+++ b/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
@@ -57,13 +57,17 @@
                 </x-jet-button>
             @else
                 @if ($showingRecoveryCodes)
-                    <x-jet-secondary-button class="mr-3" wire:click="regenerateRecoveryCodes">
-                        {{ __('Regenerate Recovery Codes') }}
-                    </x-jet-secondary-button>
+                    <x-jet-confirms-password wire:then="regenerateRecoveryCodes">
+                        <x-jet-secondary-button class="mr-3">
+                            {{ __('Regenerate Recovery Codes') }}
+                        </x-jet-secondary-button>
+                    </x-jet-confirms-password>
                 @else
-                    <x-jet-secondary-button class="mr-3" wire:click="$toggle('showingRecoveryCodes')">
-                        {{ __('Show Recovery Codes') }}
-                    </x-jet-secondary-button>
+                    <x-jet-confirms-password wire:then="showRecoveryCodes">
+                        <x-jet-secondary-button class="mr-3">
+                            {{ __('Show Recovery Codes') }}
+                        </x-jet-secondary-button>
+                    </x-jet-confirms-password>
                 @endif
 
                 <x-jet-danger-button wire:click="disableTwoFactorAuthentication" wire:loading.attr="disabled">

From 2aaa0dbf2dfaf96dfbaab50ed09b501c826f6950 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Fri, 11 Sep 2020 14:55:15 -0500
Subject: [PATCH 02/10] updates to confirmable

---
 resources/views/components/confirms-password.blade.php    | 6 ++++--
 src/Http/Livewire/TwoFactorAuthenticationForm.php         | 2 ++
 .../profile/two-factor-authentication-form.blade.php      | 8 +++++---
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/resources/views/components/confirms-password.blade.php b/resources/views/components/confirms-password.blade.php
index 6692e3dd3..a144f1d99 100644
--- a/resources/views/components/confirms-password.blade.php
+++ b/resources/views/components/confirms-password.blade.php
@@ -1,3 +1,5 @@
+@props(['title' => 'Confirm Password', 'content' => __('For your security, please enter your password to continue.')])
+
 @php
     $confirmableId = md5($attributes->wire('then'));
 @endphp
@@ -15,11 +17,11 @@
 @once
 <x-jet-dialog-modal wire:model="confirmingPassword">
     <x-slot name="title">
-        Confirm Password
+        {{ $title }}
     </x-slot>
 
     <x-slot name="content">
-        {{ __('For your security, please enter your password to continue.') }}
+        {{ $content }}
 
         <div class="mt-4" x-data="{}" x-on:confirming-password.window="setTimeout(() => $refs.confirmable_password.focus(), 250)">
             <x-jet-input type="password" class="mt-1 block w-3/4" placeholder="Password"
diff --git a/src/Http/Livewire/TwoFactorAuthenticationForm.php b/src/Http/Livewire/TwoFactorAuthenticationForm.php
index b66220449..651c5a0b9 100644
--- a/src/Http/Livewire/TwoFactorAuthenticationForm.php
+++ b/src/Http/Livewire/TwoFactorAuthenticationForm.php
@@ -76,6 +76,8 @@ public function regenerateRecoveryCodes(GenerateNewRecoveryCodes $generate)
      */
     public function disableTwoFactorAuthentication(DisableTwoFactorAuthentication $disable)
     {
+        $this->ensurePasswordIsConfirmed();
+
         $disable(Auth::user());
     }
 
diff --git a/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php b/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
index d26a4b5fb..1f99886f1 100644
--- a/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
+++ b/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
@@ -70,9 +70,11 @@
                     </x-jet-confirms-password>
                 @endif
 
-                <x-jet-danger-button wire:click="disableTwoFactorAuthentication" wire:loading.attr="disabled">
-                    {{ __('Disable') }}
-                </x-jet-danger-button>
+                <x-jet-confirms-password wire:then="disableTwoFactorAuthentication">
+                    <x-jet-danger-button wire:loading.attr="disabled">
+                        {{ __('Disable') }}
+                    </x-jet-danger-button>
+                </x-jet-confirms-password>
             @endif
         </div>
     </x-slot>

From d60e8e11aa6ddddb039db414a75a86540efd8089 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Fri, 11 Sep 2020 14:58:16 -0500
Subject: [PATCH 03/10] tweak wording

---
 resources/views/components/confirms-password.blade.php    | 4 ++--
 src/Http/Livewire/TwoFactorAuthenticationForm.php         | 2 ++
 .../profile/two-factor-authentication-form.blade.php      | 8 +++++---
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/resources/views/components/confirms-password.blade.php b/resources/views/components/confirms-password.blade.php
index a144f1d99..b26c63b75 100644
--- a/resources/views/components/confirms-password.blade.php
+++ b/resources/views/components/confirms-password.blade.php
@@ -1,4 +1,4 @@
-@props(['title' => 'Confirm Password', 'content' => __('For your security, please enter your password to continue.')])
+@props(['title' => 'Confirm Password', 'content' => __('For your security, please confirm your password to continue.'), 'button' => __('Confirm')])
 
 @php
     $confirmableId = md5($attributes->wire('then'));
@@ -39,7 +39,7 @@
         </x-jet-secondary-button>
 
         <x-jet-button class="ml-2" wire:click="confirmPassword" wire:loading.attr="disabled">
-            Confirm
+            {{ $button }}
         </x-jet-button>
     </x-slot>
 </x-jet-dialog-modal>
diff --git a/src/Http/Livewire/TwoFactorAuthenticationForm.php b/src/Http/Livewire/TwoFactorAuthenticationForm.php
index 651c5a0b9..58688fa66 100644
--- a/src/Http/Livewire/TwoFactorAuthenticationForm.php
+++ b/src/Http/Livewire/TwoFactorAuthenticationForm.php
@@ -35,6 +35,8 @@ class TwoFactorAuthenticationForm extends Component
      */
     public function enableTwoFactorAuthentication(EnableTwoFactorAuthentication $enable)
     {
+        $this->ensurePasswordIsConfirmed();
+
         $enable(Auth::user());
 
         $this->showingQrCode = true;
diff --git a/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php b/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
index 1f99886f1..88d8f3865 100644
--- a/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
+++ b/stubs/livewire/resources/views/profile/two-factor-authentication-form.blade.php
@@ -52,9 +52,11 @@
 
         <div class="mt-5">
             @if (! $this->enabled)
-                <x-jet-button type="button" wire:click="enableTwoFactorAuthentication" wire:loading.attr="disabled">
-                    {{ __('Enable') }}
-                </x-jet-button>
+                <x-jet-confirms-password wire:then="enableTwoFactorAuthentication">
+                    <x-jet-button type="button" wire:loading.attr="disabled">
+                        {{ __('Enable') }}
+                    </x-jet-button>
+                </x-jet-confirms-password>
             @else
                 @if ($showingRecoveryCodes)
                     <x-jet-confirms-password wire:then="regenerateRecoveryCodes">

From 9adbcee8302957562b4a2eb61cafbf780ca0b98d Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylor@laravel.com>
Date: Fri, 11 Sep 2020 14:58:56 -0500
Subject: [PATCH 04/10] Apply fixes from StyleCI (#156)

---
 src/ConfirmsPasswords.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ConfirmsPasswords.php b/src/ConfirmsPasswords.php
index a76e965f5..a0e94cfbf 100644
--- a/src/ConfirmsPasswords.php
+++ b/src/ConfirmsPasswords.php
@@ -42,7 +42,7 @@ public function startConfirmingPassword(string $confirmableId)
 
         if ($this->passwordIsConfirmed()) {
             return $this->dispatchBrowserEvent('password-confirmed', [
-                'id' => $confirmableId
+                'id' => $confirmableId,
             ]);
         }
 
@@ -81,7 +81,7 @@ public function confirmPassword()
         session(['auth.password_confirmed_at' => time()]);
 
         $this->dispatchBrowserEvent('password-confirmed', [
-            'id' => $this->confirmableId
+            'id' => $this->confirmableId,
         ]);
 
         $this->stopConfirmingPassword();

From 176c9ff56af4de9df75b307fe761521bda0f2767 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Fri, 11 Sep 2020 16:37:32 -0500
Subject: [PATCH 05/10] work on inertia confirmations

---
 .../js/Jetstream/ConfirmsPassword.vue         | 119 ++++++++++++++++++
 .../Profile/TwoFactorAuthenticationForm.vue   |  49 ++++----
 2 files changed, 146 insertions(+), 22 deletions(-)
 create mode 100644 stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue

diff --git a/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue b/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
new file mode 100644
index 000000000..79decfabf
--- /dev/null
+++ b/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
@@ -0,0 +1,119 @@
+<template>
+    <span>
+        <span @click="startConfirmingPassword">
+            <slot />
+        </span>
+
+        <jet-dialog-modal :show="confirmingPassword" @close="confirmingPassword = false">
+            <template #title>
+                {{ title }}
+            </template>
+
+            <template #content>
+                {{ content }}
+
+                <div class="mt-4">
+                    <jet-input type="password" class="mt-1 block w-3/4" placeholder="Password"
+                                ref="password"
+                                v-model="form.password"
+                                @keyup.enter.native="confirmPassword" />
+
+                    <jet-input-error :message="form.error" class="mt-2" />
+                </div>
+            </template>
+
+            <template #footer>
+                <jet-secondary-button @click.native="confirmingPassword = false">
+                    Nevermind
+                </jet-secondary-button>
+
+                <jet-button class="ml-2" @click.native="confirmPassword" :class="{ 'opacity-25': form.processing }" :disabled="form.processing">
+                    {{ button }}
+                </jet-button>
+            </template>
+        </jet-dialog-modal>
+    </span>
+</template>
+
+<script>
+    import JetButton from './Button'
+    import JetDialogModal from './DialogModal'
+    import JetInput from './Input'
+    import JetInputError from './InputError'
+    import JetSecondaryButton from './SecondaryButton'
+
+    export default {
+        props: {
+            title: {
+                default: 'Confirm Password',
+            },
+            content: {
+                default: 'For your security, please confirm your password to continue.',
+            },
+            button: {
+                default: 'Confirm',
+            },
+            within: {
+                default: 900
+            },
+        },
+
+        components: {
+            JetButton,
+            JetDialogModal,
+            JetInput,
+            JetInputError,
+            JetSecondaryButton,
+        },
+
+        data() {
+            return {
+                confirmingPassword: false,
+
+                form: this.$inertia.form({
+                    password: '',
+                    error: '',
+                }, {
+                    bag: 'confirmPassword',
+                })
+            }
+        },
+
+        methods: {
+            startConfirmingPassword() {
+                this.form.error = '';
+
+                axios.get('/user/confirmed-password-status?seconds=' + this.within).then(response => {
+                    if (response.data.confirmed) {
+                        this.$emit('confirmed');
+                    } else {
+                        this.confirmingPassword = true;
+                        this.form.password = '';
+
+                        setTimeout(() => {
+                            this.$refs.password.focus()
+                        }, 250)
+                    }
+                })
+            },
+
+            confirmPassword() {
+                this.form.processing = true;
+
+                axios.post('/user/confirm-password', {
+                    password: this.form.password,
+                }).then(response => {
+                    this.confirmingPassword = false;
+                    this.form.password = '';
+                    this.form.error = '';
+                    this.form.processing = false;
+
+                    this.$nextTick(() => this.$emit('confirmed'));
+                }).catch(error => {
+                    this.form.processing = false;
+                    this.form.error = error.response.data.errors.password[0];
+                });
+            }
+        }
+    }
+</script>
diff --git a/stubs/inertia/resources/js/Pages/Profile/TwoFactorAuthenticationForm.vue b/stubs/inertia/resources/js/Pages/Profile/TwoFactorAuthenticationForm.vue
index 655c39fff..ea087903a 100644
--- a/stubs/inertia/resources/js/Pages/Profile/TwoFactorAuthenticationForm.vue
+++ b/stubs/inertia/resources/js/Pages/Profile/TwoFactorAuthenticationForm.vue
@@ -52,31 +52,34 @@
 
             <div class="mt-5">
                 <div v-if="! twoFactorEnabled">
-                    <jet-button type="button" @click.native="enableTwoFactorAuthentication"
-                                        :class="{ 'opacity-25': enabling }"
-                                        :disabled="enabling">
-                        Enable
-                    </jet-button>
+                    <jet-confirms-password @confirmed="enableTwoFactorAuthentication">
+                        <jet-button type="button" :class="{ 'opacity-25': enabling }" :disabled="enabling">
+                            Enable
+                        </jet-button>
+                    </jet-confirms-password>
                 </div>
 
                 <div v-else>
-                    <jet-secondary-button class="mr-3"
-                                    @click.native="regenerateRecoveryCodes"
-                                    v-if="recoveryCodes.length > 0">
-                        Regenerate Recovery Codes
-                    </jet-secondary-button>
-
-                    <jet-secondary-button class="mr-3"
-                                @click.native="showRecoveryCodes"
-                                v-else>
-                        Show Recovery Codes
-                    </jet-secondary-button>
-
-                    <jet-danger-button @click.native="disableTwoFactorAuthentication"
-                                    :class="{ 'opacity-25': disabling }"
-                                    :disabled="disabling">
-                        Disable
-                    </jet-danger-button>
+                    <jet-confirms-password @confirmed="regenerateRecoveryCodes">
+                        <jet-secondary-button class="mr-3"
+                                        v-if="recoveryCodes.length > 0">
+                            Regenerate Recovery Codes
+                        </jet-secondary-button>
+                    </jet-confirms-password>
+
+                    <jet-confirms-password @confirmed="showRecoveryCodes">
+                        <jet-secondary-button class="mr-3" v-if="recoveryCodes.length == 0">
+                            Show Recovery Codes
+                        </jet-secondary-button>
+                    </jet-confirms-password>
+
+                    <jet-confirms-password @confirmed="disableTwoFactorAuthentication">
+                        <jet-danger-button
+                                        :class="{ 'opacity-25': disabling }"
+                                        :disabled="disabling">
+                            Disable
+                        </jet-danger-button>
+                    </jet-confirms-password>
                 </div>
             </div>
         </template>
@@ -86,6 +89,7 @@
 <script>
     import JetActionSection from './../../Jetstream/ActionSection'
     import JetButton from './../../Jetstream/Button'
+    import JetConfirmsPassword from './../../Jetstream/ConfirmsPassword'
     import JetDangerButton from './../../Jetstream/DangerButton'
     import JetSecondaryButton from './../../Jetstream/SecondaryButton'
 
@@ -93,6 +97,7 @@
         components: {
             JetActionSection,
             JetButton,
+            JetConfirmsPassword,
             JetDangerButton,
             JetSecondaryButton,
         },

From 2efb4563d7420e90f3397d7a2e67a9999772f999 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Fri, 11 Sep 2020 16:52:31 -0500
Subject: [PATCH 06/10] use configured timeouts

---
 src/ConfirmsPasswords.php                            | 12 ++++++++----
 src/Http/Middleware/ShareInertiaData.php             |  5 +++++
 .../resources/js/Jetstream/ConfirmsPassword.vue      |  8 ++++++--
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/ConfirmsPasswords.php b/src/ConfirmsPasswords.php
index a0e94cfbf..e181ae2d3 100644
--- a/src/ConfirmsPasswords.php
+++ b/src/ConfirmsPasswords.php
@@ -90,22 +90,26 @@ public function confirmPassword()
     /**
      * Ensure that the user's password has been recently confirmed.
      *
-     * @param  int  $maximumSecondsSinceConfirmation
+     * @param  int|null  $maximumSecondsSinceConfirmation
      * @return void
      */
-    protected function ensurePasswordIsConfirmed($maximumSecondsSinceConfirmation = 900)
+    protected function ensurePasswordIsConfirmed($maximumSecondsSinceConfirmation = null)
     {
+        $maximumSecondsSinceConfirmation = $maximumSecondsSinceConfirmation ?: config('auth.password_timeout', 900);
+
         return $this->passwordIsConfirmed($maximumSecondsSinceConfirmation) ? null : abort(403);
     }
 
     /**
      * Determine if the user's password has been recently confirmed.
      *
-     * @param  int  $maximumSecondsSinceConfirmation
+     * @param  int|null  $maximumSecondsSinceConfirmation
      * @return bool
      */
-    protected function passwordIsConfirmed($maximumSecondsSinceConfirmation = 900)
+    protected function passwordIsConfirmed($maximumSecondsSinceConfirmation = null)
     {
+        $maximumSecondsSinceConfirmation = $maximumSecondsSinceConfirmation ?: config('auth.password_timeout', 900);
+
         return (time() - session('auth.password_confirmed_at', 0)) < $maximumSecondsSinceConfirmation;
     }
 }
diff --git a/src/Http/Middleware/ShareInertiaData.php b/src/Http/Middleware/ShareInertiaData.php
index 2f9d1bd10..2bde37e0a 100644
--- a/src/Http/Middleware/ShareInertiaData.php
+++ b/src/Http/Middleware/ShareInertiaData.php
@@ -27,6 +27,11 @@ public function handle($request, $next)
                                         Jetstream::hasTeamFeatures() &&
                                         Gate::forUser($request->user())->check('create', Jetstream::newTeamModel()),
                     'canManageTwoFactorAuthentication' => Features::canManageTwoFactorAuthentication(),
+                    'configuration' => [
+                        'auth' => [
+                            'passwordTimeout' => config('auth.password_timeout', 900)
+                        ],
+                    ],
                     'flash' => $request->session()->get('flash', []),
                     'hasApiFeatures' => Jetstream::hasApiFeatures(),
                     'hasTeamFeatures' => Jetstream::hasTeamFeatures(),
diff --git a/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue b/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
index 79decfabf..41e2e980d 100644
--- a/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
+++ b/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
@@ -54,7 +54,7 @@
                 default: 'Confirm',
             },
             within: {
-                default: 900
+                default: null
             },
         },
 
@@ -83,7 +83,11 @@
             startConfirmingPassword() {
                 this.form.error = '';
 
-                axios.get('/user/confirmed-password-status?seconds=' + this.within).then(response => {
+                let within = this.within
+                            ? this.within
+                            : this.$page.jetstream.configuration.auth.passwordTimeout;
+
+                axios.get('/user/confirmed-password-status?seconds=' + within).then(response => {
                     if (response.data.confirmed) {
                         this.$emit('confirmed');
                     } else {

From 9fb4f1c1dc6f842c12ea49d02aec09bed95db536 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylor@laravel.com>
Date: Fri, 11 Sep 2020 16:52:51 -0500
Subject: [PATCH 07/10] Apply fixes from StyleCI (#158)

---
 src/Http/Middleware/ShareInertiaData.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Http/Middleware/ShareInertiaData.php b/src/Http/Middleware/ShareInertiaData.php
index 2bde37e0a..9287e2c97 100644
--- a/src/Http/Middleware/ShareInertiaData.php
+++ b/src/Http/Middleware/ShareInertiaData.php
@@ -29,7 +29,7 @@ public function handle($request, $next)
                     'canManageTwoFactorAuthentication' => Features::canManageTwoFactorAuthentication(),
                     'configuration' => [
                         'auth' => [
-                            'passwordTimeout' => config('auth.password_timeout', 900)
+                            'passwordTimeout' => config('auth.password_timeout', 900),
                         ],
                     ],
                     'flash' => $request->session()->get('flash', []),

From 97281737e5139d121f1fc76802af4da950c3c19f Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Fri, 11 Sep 2020 16:55:32 -0500
Subject: [PATCH 08/10] change within

---
 .../inertia/resources/js/Jetstream/ConfirmsPassword.vue  | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue b/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
index 41e2e980d..fd4eaac25 100644
--- a/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
+++ b/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
@@ -52,10 +52,7 @@
             },
             button: {
                 default: 'Confirm',
-            },
-            within: {
-                default: null
-            },
+            }
         },
 
         components: {
@@ -83,9 +80,7 @@
             startConfirmingPassword() {
                 this.form.error = '';
 
-                let within = this.within
-                            ? this.within
-                            : this.$page.jetstream.configuration.auth.passwordTimeout;
+                let within = 900;
 
                 axios.get('/user/confirmed-password-status?seconds=' + within).then(response => {
                     if (response.data.confirmed) {

From 23c51b7d1e425dbad06a5780d461f1ae3516c77a Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Fri, 11 Sep 2020 16:59:24 -0500
Subject: [PATCH 09/10] remove unused variable

---
 src/Http/Middleware/ShareInertiaData.php                  | 5 -----
 stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue | 4 +---
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/Http/Middleware/ShareInertiaData.php b/src/Http/Middleware/ShareInertiaData.php
index 9287e2c97..2f9d1bd10 100644
--- a/src/Http/Middleware/ShareInertiaData.php
+++ b/src/Http/Middleware/ShareInertiaData.php
@@ -27,11 +27,6 @@ public function handle($request, $next)
                                         Jetstream::hasTeamFeatures() &&
                                         Gate::forUser($request->user())->check('create', Jetstream::newTeamModel()),
                     'canManageTwoFactorAuthentication' => Features::canManageTwoFactorAuthentication(),
-                    'configuration' => [
-                        'auth' => [
-                            'passwordTimeout' => config('auth.password_timeout', 900),
-                        ],
-                    ],
                     'flash' => $request->session()->get('flash', []),
                     'hasApiFeatures' => Jetstream::hasApiFeatures(),
                     'hasTeamFeatures' => Jetstream::hasTeamFeatures(),
diff --git a/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue b/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
index fd4eaac25..c0730505f 100644
--- a/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
+++ b/stubs/inertia/resources/js/Jetstream/ConfirmsPassword.vue
@@ -80,9 +80,7 @@
             startConfirmingPassword() {
                 this.form.error = '';
 
-                let within = 900;
-
-                axios.get('/user/confirmed-password-status?seconds=' + within).then(response => {
+                axios.get('/user/confirmed-password-status').then(response => {
                     if (response.data.confirmed) {
                         this.$emit('confirmed');
                     } else {

From 1b31e678aa397f24e875f2dac0c70b9576a9aa57 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Mon, 14 Sep 2020 13:37:32 -0500
Subject: [PATCH 10/10] localize

---
 resources/views/components/confirms-password.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/components/confirms-password.blade.php b/resources/views/components/confirms-password.blade.php
index b26c63b75..220b5316a 100644
--- a/resources/views/components/confirms-password.blade.php
+++ b/resources/views/components/confirms-password.blade.php
@@ -1,4 +1,4 @@
-@props(['title' => 'Confirm Password', 'content' => __('For your security, please confirm your password to continue.'), 'button' => __('Confirm')])
+@props(['title' => __('Confirm Password'), 'content' => __('For your security, please confirm your password to continue.'), 'button' => __('Confirm')])
 
 @php
     $confirmableId = md5($attributes->wire('then'));