Consolidate password and two-factor settings into a unified security page

app/Http/Controllers/Settings/SecurityController.php

@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Http\Controllers\Settings;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Settings\PasswordUpdateRequest;
+use App\Http\Requests\Settings\TwoFactorAuthenticationRequest;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Routing\Controllers\HasMiddleware;
+use Illuminate\Routing\Controllers\Middleware;
+use Inertia\Inertia;
+use Inertia\Response;
+use Laravel\Fortify\Features;
+
+class SecurityController extends Controller implements HasMiddleware
+{
+    /**
+     * Get the middleware that should be assigned to the controller.
+     */
+    public static function middleware(): array
+    {
+        return Features::canManageTwoFactorAuthentication()
+            && Features::optionEnabled(Features::twoFactorAuthentication(), 'confirmPassword')
+                ? [new Middleware('password.confirm', only: ['edit'])]
+                : [];
+    }
+
+    /**
+     * Show the user's security settings page.
+     */
+    public function edit(TwoFactorAuthenticationRequest $request): Response
+    {
+        $props = [
+            'canManageTwoFactor' => Features::canManageTwoFactorAuthentication(),
+        ];
+
+        if (Features::canManageTwoFactorAuthentication()) {
+            $request->ensureStateIsValid();
+
+            $props['twoFactorEnabled'] = $request->user()->hasEnabledTwoFactorAuthentication();
+            $props['requiresConfirmation'] = Features::optionEnabled(Features::twoFactorAuthentication(), 'confirm');
+        }
+
+        return Inertia::render('settings/Security', $props);
+    }
+
+    /**
+     * Update the user's password.
+     */
+    public function update(PasswordUpdateRequest $request): RedirectResponse
+    {
+        $request->user()->update([
+            'password' => $request->password,
+        ]);
+
+        return back();
+    }
+}

app/Http/Requests/Settings/TwoFactorAuthenticationRequest.php

@@ -4,21 +4,12 @@
 
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Foundation\Http\FormRequest;
-use Laravel\Fortify\Features;
 use Laravel\Fortify\InteractsWithTwoFactorState;
 
 class TwoFactorAuthenticationRequest extends FormRequest
 {
     use InteractsWithTwoFactorState;
 
-    /**
-     * Determine if the user is authorized to make this request.
-     */
-    public function authorize(): bool
-    {
-        return Features::enabled(Features::twoFactorAuthentication());
-    }
-
     /**
      * Get the validation rules that apply to the request.
      *

resources/js/layouts/settings/Layout.svelte

@@ -8,8 +8,7 @@
     import { toUrl } from '@/lib/utils';
     import { edit as editAppearance } from '@/routes/appearance';
     import { edit as editProfile } from '@/routes/profile';
-    import { show } from '@/routes/two-factor';
-    import { edit as editPassword } from '@/routes/user-password';
+    import { edit as editSecurity } from '@/routes/security';
     import type { NavItem } from '@/types';
 
     let {
@@ -24,12 +23,8 @@
             href: editProfile(),
         },
         {
-            title: 'Password',
-            href: editPassword(),
-        },
-        {
-            title: 'Two-factor auth',
-            href: show(),
+            title: 'Security',
+            href: editSecurity(),
         },
         {
             title: 'Appearance',