I am using Laravels normal authentication functionality with RegisterController and the default views that are included. I have modified the RegisterController#create method to create a related model called Home to the User. Although a Home can have several User relations.
After signup, the User automatically have a Home related to them. The user should now be able to invite new users to join their Home. All the logic around the invites are solved, but I was wondering what the best solution for registering the invited user is.
Currently I have created a InviteController with a acceptInvite method that registers the new User related to the existing Home. But I really want to reuse the RegisterController#create method instead of having to maintain two registration processes.
Any ideas?
Your question is not clear... The user you want to invite to HOME are they registered users? if yes
All you need is a many to many relationship using a pivot table.
If the user you want to add to HOME is a new user and not already register on your app, just send them a mail with link to your register page, and let then use the RegisterController#create
Hope this help:)
Related
I am building a Laravel webapp, where I need to implement a custom registration process. Now I am not sure, whether I can/should use the built-in Authentication features from Laravel or not.
I have three types of users:
Admin users: My colleagues in my company who talk to clients, onboard them, etc.
Clients: Users who create certain tasks, that need to be done. They could more or less use a "standard registration" process
Service Providers: Users who fulfill tasks for clients. They need to be onboarded by our company. So our admin users would create their user profile and send them an invitation link.
Especially the Service Providers are giving me a headache. Is this kind of custom registration flow possible in Laravel or do I have to build my own custom athentication to accomplish this?
Thank you for posting your question. I have implemented Laravel Authentication with custom features before, I would recommend you to take the following steps:
Install Laravel Authentication.
Update users table with a column name type that will distinguish between users.
Create middleware for each user. Middleware helps you which user can access or perform which tasks.
If you have different elements for each user then you can also implement policies or gates to show specific elements on your blade template according to user type.
I would not recommend creating custom Authentication for this scenario, as you have to implement proper session handling throttling, forgot password, verify the process along with emails and notifications. which is built-in by default in Laravel.
If you want to edit the register and login function you can do that. ;)
I am using django-allauth and dj-rest-auth in my django-rest project to register users and allow them to sign in to my react-native app. The problem I am having is that when the user is registered, it creates the particular user in a social accounts table. However, I want to also create a user profile for each member who registers via Facebook and store additional data (name, email, picture). I have had a look at docs, blogs, stack-overflow but just can't seem to figure out how I can do this.
So far, I have a social_login app which manages the login and has a view which has the following:
from allauth.socialaccount.providers.facebook.views import FacebookOAuth2Adapter
from dj_rest_auth.registration.views import SocialLoginView
class FacebookLogin(SocialLoginView):
adapter_class = FacebookOAuth2Adapter
How can I edit the social accounts model? and how can I create a user profile in my users app once a user has registered using Facebook?
Update:
I have realised that I can only have one user auth table in Django which manages user, regardless of whether they are customers or staff. I have now migrated to using a custom user model using the AbstractUser from Django. I could potentially create another table for user profiles which could then hold additional details or extend the model I have now. I will extend the User model I have created as I think created an extra model would be overkill for my current needs.
This blog post helped me migrate to using a custom user model mid-project.
I also realised that I am able to make use of allauth signals (user_signed_up in particular for my case) in order to trigger a function. I'm fairly new to Python/Django so didn't even know what a signal was till about 30 mins ago. It's fair to say you learn something new everyday :)
I am building an app and will need multi auth to works well. First, users that will log as employees using table users with email and password. I´m using Voyager as backend and using roles and permissions. So far, so good. Now I have another kind of user: they are registered on an ERP and I reach then via WS using CPF (like the social-secure number) and password stored in ERP. Then I get then and record at a table all the data I need. It is working well as good. Well, was working. For those users, I used the API route, just not to make a mess on my web routes file. Yesterday I ran PHP artisan make:auth and that´s when things start to get crazy.
Every axios call now returns me an 'unauthorized' message cause, obviously, they´re not authenticated.
What would be better?
Refactory Users login to use CPF instead of email and give a new role for those others API guys and make then pass trough web.php file like everybody?
Use a multiauth package?
Or anything else?
Please, help!
To me, a user is a user. It seems to be a common thing that if an application has more than one “type” of user, that developers instantly start creating multiple Eloquent models, then guards, then controllers, then views, and so on; and then find themselves in a mess when they need a route that can be accessed by more than one type of user.
Instead, elevate “type” to its own model and add it as a relation to your User model. If a user can only be of one type, then make it a one-to-many relation. If a user can have many roles, then make it a belongs-to-many relation. You then use authorization to determine whether a user can access a route based on the role(s) they have.
I'm trying to figure out how quickest and easiest to allow the admin user on the site I'm building to access and update any user's settings etc. E.g. I've written the code for a regular user to update their settings (and various other actions). Ideally I want an admin to be able to "be" that user as far as my code is concerned, i.e. allow the admin to do anything a user can, to that user's account. Is there any way of doing this?
If I Auth::login() as admin then from the point of view of Laravel I'm the admin user and not the user they might want to edit. If I login as the user then I don't have admin rights (which in my case means an extra admin menu on the navbar with options to suspend or delete the user, or search for other users).
Any thoughts on how to do this please, or am I overcomplicating things? I am looking for a specific functions/code to allow this, rather than a general strategy. I'm using Laravel 5.4, deployed on Heroku. I know there's middleware but it doesn't seem to do what I want as above.
Many thanks.
You could do as suggested in the above comment by Tim Lewis, or you could accept an "override" property in the user edit page where you can pass a specific user ID and then view the page as that user. For instance, the method might look like this:
public function editUser(User $user=null) {
//User that you want to edit can be provided. If not provided, $user will be null and we will load the user that is currently logged in.
if($user!=null && Auth::user()->role=='admin')
$user_to_edit = $user;
else
$user_to_edit = Auth::user();
//other code goes here
}
Then, if you pass a $user object to the method, you will be given the edit page for that user, rather than the Admin. Otherwise, a user will be able to use the same route in order to always view their own edit page.
Be very careful with code like this! You will want to make sure that non-admins do not have the ability to load in a user object and see somebody else's information. That's why I added the $user->role check in the if/else statement, but you might want to add extra security in the form of middleware.
spatie permissions is a wonderful package that I use to make permissions to resources available to super-administrators. https://github.com/spatie/laravel-permission
Im new to Umbraco development, but im plenty familiar with ASP.Net & MVC etc. So Im getting to grips with the object model and terminology used, but Im not sure where to start. I need to use windows authentication on my Umbraco site, which will be for internal use only.
What I envision:
- When a domain user hits any area of the website, grab the user identity
- Lookup to see if matching user(or member) exists and if not create it
- Login this user to Umbraco
- By default all new visitors, if their user identity doesnt match a current member, then create that member and log them in.
Sounds like I need to create my own controller that overrides the base controller (RenderMvcController ?) and check the user identity on each and every request? Maybe do this by overriding the Index action method? Or could I do this with a macro - or as ive seen mentioned, are macros loosing favor with the new version of Umbraco?
Also, Im not sure how to deal with members vs users? As I understand it, members are who have access to the front part of the website, whereas users are those that have access to the back office area and can create/manage content.
Are all users also members?
There will be some that I want to give access to create/manage content, so when Im auto-creating users, its actually members that I need to create, not users?
[ update ]
Actually, I think I will need to create my own membership provider if I want every request routed through the check for a valid domain user? In my research, I keep coming across this example http://thegrayzone.co.uk/blog/2012/07/combined-authentication-with-umbraco/
I have overridden the default RenderMvcController in numerous projects with success, you could of course use the built in Umbraco auth to redirect to an authentication page for users that do not have a valid Umbraco Auth token and set it only only on that page based on their windows identity.
RE: Are users also members?
No. Users & Members are entirely independent of one another; users being back office users & members being front end users. You will need to create 2 accounts.