You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/1-essentials/01-routing.md
+27Lines changed: 27 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -387,6 +387,33 @@ final readonly class AirportController
387
387
The `map()` function allows mapping any data from any source into objects of your choice. You may read more about them in [their documentation](../2-features/01-mapper.md).
388
388
:::
389
389
390
+
### Sensitive fields
391
+
392
+
When handling sensitive data such as passwords or tokens, you may not want these values to be stored in the session or re-displayed in forms after validation errors. You can mark request properties as sensitive using the {b`#[Tempest\Http\SensitiveField]`} attribute:
393
+
394
+
```php app/ResetPasswordRequest.php
395
+
use Tempest\Http\Request;
396
+
use Tempest\Http\IsRequest;
397
+
use Tempest\Http\SensitiveField;
398
+
use Tempest\Validation\Rules\HasMinLength;
399
+
400
+
final class ResetPasswordRequest implements Request
401
+
{
402
+
use IsRequest;
403
+
404
+
public string $email;
405
+
406
+
#[SensitiveField]
407
+
#[HasMinLength(8)]
408
+
public string $password;
409
+
410
+
#[SensitiveField]
411
+
public string $password_confirmation;
412
+
}
413
+
```
414
+
415
+
When a validation error occurs, Tempest will filter out sensitive fields from the original values stored in the session. This prevents sensitive data from being re-populated in forms after a redirect.
416
+
390
417
### Retrieving data directly
391
418
392
419
For simpler use cases, you may simply retrieve a value from the body or the query parameter using the request's `get` method.
0 commit comments