I am new to laravel. By default, Laravel uses the email field for authentication. If you would like to customize this, you may define a username method on your LoginController. However I want to authenticate users based on their registration number. How do I achieve this.
Related
I am currently using a API to validate Login Credentials.
I have gotten to the point where I am sending username/password correctly.
This API will return a bolean, depending on if those credentials are correct.
Along with the entire user's information, including their address etc.
How can I correctly store this into Laravel Auth, so I can use Auth::user etc in blade?
I do NOT have Database access, only API access to validate user login details.
I cannot create a local - Laravel database, as this application has to be completely API based.
I am using Guzzle to query the API.
You should try using JWT for authentication, implementing your own API Authentication can cause some security issues if not done right.
Also JWT for Laravel already has support for Laravels Authentication system
I am trying to use a API which has a postable address where you can verify if a customer's username/password is correct, if so it returns a user ID.
What would be the best way of handling this, I need to query that postable API from the login form on my Laravel website to see whether or not a username / password is validated.
How can I use Laravel's Middleware to store a USER ID and session securely?
How can I create a Laravel session to allow someone to login to my Laravel site using their WHMCS client login?
The API I am using is https://developers.whmcs.com/api-reference/validatelogin/
I'm using Laravel 7.x and sanctum. Logins are working and I would like to create a Forgot Password option from my SPA application.
I'm struggling with the basics as most of the examples in the documentation rely on the auth scaffolding. So far I've managed to get the following:
I have a controller class called ForgotPasswordController with a method called reset that receives the email to be reset via POST.
I've created a object: $user = User::where('email', $email)->get()->first();
At this point I'm too unfamiliar with the architecture to know where to go next, whether it's the Password facade, I see some additional classes in the Illuminat\Auth\Password namespace. My goal is to create an expiring token, email it to the user via the default email config (I know how to send the email / design the template) and then be able to make the webservice call that will allow the password to be resolved.
Here's what I think I know...
I've set CanResetPassword trait on my user models, which I believe are necessary to support the native methods for password reset
I believe the goal is to create a reset token keyed against the user email that expires after a period of time, then send that token appended to a url in an email (I don't know the architectural implications surrounding the generation of the token beyond the table row)
There's a Password facade with a sendResetLink method - but this
method can't work for spa applications because the base url of the
client app will be different, so I'm assuming something native will have to be re-written. In fact, calling this method will return an error of Route [password.reset] not defined.
I'm assuming I will need the password Facade, if so, what is the method to generate the token? Should I just email the link with the token appended or are there other architectural considerations to support the token expiration?
Apologies if my questions are flawed, I'm unclear on the architecture so I'm making assumptions.
Have you tried Laravel authentication? All authentication requirements have been moved to a package called laravel/ui.
By installing that package you can use Laravel authentication. It will take care of your registration, login, and forgot password processes.
This package will create some controllers for all those processes and those you need for forgot password are
ForgotPasswordController: will generate and send reset password links.
ResetPasswordController: will reset the password by getting user's email, new password, and reset password token.
But if you don't want to use the official Laravel package you should take these steps:
Show a "Request reset password form" to the user.
Validate the provided email by the user.
Generate a random reset password token and store it at DB (Need a table with at least two fields: email and token).
Send that token to the user(It's better if you send it as a URL parameter in the reset password link).
When the user navigated to the reset password page, ask for email again and validate the token by checking your DB table and matching the email and token.
Reset the password to whatever the user wants at this point.
Update: I use this piece of code for generating random tokens:
$email = 'user#email.com';
$token = \Illuminate\Support\Str::random(10);
while(\DB::table('reset_password_tokens')->where('token', $token)->exists()) {
$token = \Illuminate\Support\Str::random(10);
}
\DB::table('reset_password_tokens')->insert(compact('email', 'token'));
I'm using Laravel Hesto Multi Auth package to create multiple auth. I have not used the default auth, but created user, admin, support, professionals guards with laravel hesto
Now im trying to implement Laravel email confirmation using this package
This send me a activation link to my email. However when that routes to http://localhost:8000/confirmation/2/jOVjV2xkfRZqAM4nwjAKdwTwn2 it shows an error
Method App\Http\Controllers\Auth\RegisterController::confirm does not exist.
It should check in App\Http\Controllers\UserAuth\RegisterController::confirm
How to change this? Also would like to know how to implement the same for other guards
If you check https://github.com/bestmomo/laravel-email-confirmation/blob/master/routes/web.php you will note they have defined routes for this. You can override this by doing the following:
1) Disable auto-discover for the package on the dont-discover portion of your compopser.json file.
2) Register the package's service provider before App\Providers\RouteServiceProvider::class so you can override the registered routes on your application.
3) Go ahead and register the routes you want, which will probably be like this:
Route::get('confirmation/resend', 'UserAuth\RegisterController#resend');
Route::get('confirmation/{id}/{token}', 'UserAuth\RegisterController#confirm');
That should do it or at least get you in the right track.
Also ensure you use the package Traits on your UserAuth controllers.
In Laravel it's very useful to access Auth Facade after authentication in order to get user data like:
Auth::user()
What If during session and users interaction I'd like to enrich the object returned by the above call? Maybe assign some attributes to a user after he performed some action on my webapp?
E.g. A user performs a fast registration, and after while completes some other profile data. I'd like them to be available directly in Auth::user() instead of perform subsequent DB queries...
IMPORTANT
I'm integrating Auth0 into Laravel authentication. So the default driver/provider behind Auth is not Eloquent but Auth0.
Auth0 gives back a Json object containing all authenticated data.
Auth0User->userInfo
What I'm trying to achieve is to edit the Auth data after Auth0 Authentication by adding custom data to Session Object.
Basically I want to use another service to manage account related data, and use Auth0 only for managing user/password grant.
You can add a custom attribute to the User model. For example:
public function getTestAttribute()
{
return session()->get('test', 'defaultValue');
}
It is possible to set the session key somewhere else in your application:
session()->put('test', 'otherValue');