Filament Secure Action

A Filament plugin that adds security confirmation steps (Password & MFA) to your actions.

Filament Secure Action

This package extends Filament Actions with security confirmation capabilities. It allows you to easily require users to re-enter their password or provide a Multi-Factor Authentication (MFA) code before executing sensitive actions.

Installation

Install the package via Composer:

composer require obelaw/filament-secure-action

You can publish the configuration file with:

php artisan vendor:publish --tag="obelaw-secure-action"

Configuration

This is the contents of the published config file:

return [
    'password' => [
        'form' => [
            'field' => 'password',
            'content' => 'Please enter your current password...',
        ],
    ],

    'mfa' => [
        'form' => [
            'field' => 'code',
            'label' => 'Two Factor Code',
            'placeholder' => '######',
            'max_length' => 6,
            'min_length' => 6,
        ],
    ],
];

Usage

This package adds two new methods to your Filament Actions: requiresPasswordConfirmation() and requiresMFAConfirmation().

Require Password Confirmation

Use the requiresPasswordConfirmation() method to prompt the user for their current password before the action runs. This is useful for sensitive operations like deleting records or changing critical settings.

use Filament\Actions\Action;

Action::make('delete')
    ->color('danger')
    ->requiresConfirmation()
    ->requiresPasswordConfirmation() // Add this line
    ->action(function () {
        // Your protected logic here
    });

You can also pass a boolean condition to requiresPasswordConfirmation() to only require it conditionally:

Action::make('updateEmail')
    ->requiresPasswordConfirmation($isSensitiveDomain)
    ->action(fn () => ...);

Require MFA Confirmation

If your application uses Filament’s Multi-Factor Authentication, you can use requiresMFAConfirmation() to require a valid 2FA code.

use Filament\Actions\Action;

Action::make('transferFunds')
    ->requiresMFAConfirmation() // Add this line
    ->action(function () {
        // Transfer logic
    });

This will show a modal asking for the “Two Factor Code” and validate it against the user’s configured authenticator app.

Case Study: E-Commerce Administration

Consider an administrative interface for a high-volume e-commerce platform. Security is paramount, but workflow efficiency is also important. Here is how filament-secure-action is implemented to balance these needs.

Scenario 1: Preventing Accidental Deletions

Problem: Support staff occasionally delete customer records by mistake due to UI mis-clicks. Solution: Implementing requiresPasswordConfirmation() on the Delete action. Outcome: Accidental deletions dropped to zero. The friction of typing a password forces a moment of deliberation.

DeleteAction::make()
    ->requiresPasswordConfirmation()

Scenario 2: High-Value Refunds

Problem: Large refunds (> $1,000) are sensitive and require strict verification to prevent internal fraud. Solution: Implementing conditional requiresMFAConfirmation(). Outcome: High-value transactions are cryptographically secured by the authorized manager’s device.

Action::make('refund')
    ->requiresMFAConfirmation(fn (Order $record) => $record->total > 1000)
    ->action(function () {
        // Process refund
    });

Requirements

  • Filament v3.x
  • Laravel v10.x / v11.x