Use Date for storing the password confirmation timestamp (#520)

chrisvanlier2005 · web-flow · commit ab1a76991a32 · 2024-02-08T08:36:46.000-06:00
diff --git a/src/Http/Controllers/ConfirmablePasswordController.php b/src/Http/Controllers/ConfirmablePasswordController.php
@@ -5,6 +5,7 @@
 use Illuminate\Contracts\Auth\StatefulGuard;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
+use Illuminate\Support\Facades\Date;
 use Laravel\Fortify\Actions\ConfirmPassword;
 use Laravel\Fortify\Contracts\ConfirmPasswordViewResponse;
 use Laravel\Fortify\Contracts\FailedPasswordConfirmationResponse;
@@ -54,7 +55,7 @@ public function store(Request $request)
         );
 
         if ($confirmed) {
-            $request->session()->put('auth.password_confirmed_at', time());
+            $request->session()->put('auth.password_confirmed_at', Date::now()->unix());
         }
 
         return $confirmed
diff --git a/tests/ConfirmablePasswordControllerTest.php b/tests/ConfirmablePasswordControllerTest.php
@@ -4,6 +4,7 @@
 
 use Illuminate\Foundation\Auth\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Date;
 use Laravel\Fortify\Contracts\ConfirmPasswordViewResponse;
 use Laravel\Fortify\Fortify;
 use Orchestra\Testbench\Attributes\WithMigration;
@@ -40,6 +41,8 @@ public function test_the_confirm_password_view_is_returned()
 
     public function test_password_can_be_confirmed()
     {
+        $this->freezeSecond();
+
         $response = $this->withoutExceptionHandling()
             ->actingAs($this->user)
             ->withSession(['url.intended' => 'http://foo.com/bar'])
@@ -48,7 +51,7 @@ public function test_password_can_be_confirmed()
                 ['password' => 'secret']
             );
 
-        $response->assertSessionHas('auth.password_confirmed_at');
+        $response->assertSessionHas('auth.password_confirmed_at', Date::now()->unix());
         $response->assertRedirect('http://foo.com/bar');
     }
 
@@ -86,6 +89,8 @@ public function test_password_confirmation_can_fail_without_a_password()
 
     public function test_password_confirmation_can_be_customized()
     {
+        $this->freezeSecond();
+
         Fortify::$confirmPasswordsUsingCallback = function () {
             return true;
         };
@@ -98,14 +103,16 @@ public function test_password_confirmation_can_be_customized()
                 ['password' => 'invalid']
             );
 
-        $response->assertSessionHas('auth.password_confirmed_at');
+        $response->assertSessionHas('auth.password_confirmed_at', Date::now()->unix());
         $response->assertRedirect('http://foo.com/bar');
 
         Fortify::$confirmPasswordsUsingCallback = null;
     }
 
     public function test_password_confirmation_can_be_customized_and_fail_without_password()
     {
+        $this->freezeSecond();
+
         Fortify::$confirmPasswordsUsingCallback = function () {
             return true;
         };
@@ -118,7 +125,7 @@ public function test_password_confirmation_can_be_customized_and_fail_without_pa
                 ['password' => null]
             );
 
-        $response->assertSessionHas('auth.password_confirmed_at');
+        $response->assertSessionHas('auth.password_confirmed_at', Date::now()->unix());
         $response->assertRedirect('http://foo.com/bar');
 
         Fortify::$confirmPasswordsUsingCallback = null;
