I am using multiple guards and want to use Laravel inbuilt system for sending verification emails. I am doing following
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'frontEnd' => [
'driver' => 'session',
'provider' => 'customers',
],
...
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'customers' => [
'driver' => 'eloquent',
'model' => App\Customer::class,
],
...
],
In the User Model and Customer Model, I am using MustVerifyEmail. Both Model has email_verified_at column. When I am creating a user and when that user tries to login he redirects to email/verify the route. Email does not trigger at the time of creating a User.
For some reasons I am not using Auth::routes(['verify' => true]); insted i put
Route::get('email/verify', 'Auth\VerificationController#show')->name('verification.notice');
Route::get('email/verify/{id}', 'Auth\VerificationController#verify')->name('verification.verify');
Route::get('email/resend', 'Auth\VerificationController#resend')->name('verification.resend');
On route/web.php file
Related
I am using Laravel Sanctum for Token Based Authentication.
I have created a customer guard for customer. For Other users its default users table.
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'customer' => [
'driver' => 'sanctum',
'provider' => 'customers',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'customers' => [
'driver' => 'eloquent',
'model' => Customer::class,
],
],
I was authenticating all other users using middleware' => ['auth:sanctum'] now for the given particular route, I want customer guard can also access this Route. But there is no such Functionality provided by Laravel for OR condition.
Route::group(['as' => 'business', 'prefix' => 'business', 'middleware' => ['auth:sanctum']], function () {
Route::get('/categories', [BusinessCategoryController::class, 'listBusinessCategories'])->name('business-category');
Route::get('/categories/{parentId}', [BusinessCategoryController::class, 'listBusinessSubCategories'])->name('business-sub-category');
});
I just want middleware' => ['auth:sanctum'] or ['auth:customer']
Laravel by default creates the model and the User table. The problem is that I create and use the table in the database, a model and a controller called Citizen.
And here comes my doubt, when we configure laravel-passport we must specify the guard, this is the Laravel example:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
What is the provider? Taking into account this line:
'provider' => 'users',
Should I use 'provider' => 'citizen', instead of 'provider' => 'users'?
You can create custom provider. This has to be done in config/auth.php
There is one provider named users by default. You can create your own guard and providers as follows:
guards:
'guards' => [
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
'citizens' => [
'driver' => 'passport',
'provider' => 'citizens',
],
],
In the providers section:
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'citizens' => [
'driver' => 'eloquent',
'model' => App\Models\Citizen::class, //path to your model
],
],
Now you can use the middleware with custom guard by using auth:citizens as middleware.
For example, in route file,
Route::middleware('auth:citizens')->group(function(){
});
Configure the auth.php config file as below:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
'admin-api' => [
'driver' => 'passport',
'provider' => 'admins',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Models\Admin::class,
],
],
I successfully generate access_token for both user and admin.
However, if I get the user's access_token to access the api admin route ('middleware' => 'auth:admin-api'), it succeeds.
The information received by request()->user() is the admin account with the same id as the user.
Same thing happens when I use admin token for user access and api.
Note:
This scenario only happens when admin and user have the same ID value.
What is going on, or did I do something wrong?
I guess the scenario that happened was as follows:
Step 1: user's access_token passes 'middleware' => 'auth:admin-api'.
Step 2: The oauth_access_tokens.user_id value is returned
Step 3: From user_id will return the corresponding admin.
So it happens only when user.id and admin.id are same.
Help me clarify this issue. Thanks
If i want to prevent this, what should I do?
Obviously users shouldn't access the admin account-only api
I have problem on my jwt authentication. When I hit the api for the login of admin it shows error on my postman says that "message": "Argument 2 passed to Tymon\JWTAuth\JWTGuard::__construct() must be an instance of Illuminate\Contracts\Auth\UserProvider, null given.
I read some threads regarding on this, they said that there is problem on auth.php of laravel I guess it is providers.
Here is what is inside on my auth.php and my controller.
Controller
public function __construct()
{
Config::set('jwt.user', Admin::class);
Config::set('auth.providers', ['users' => [
'driver' => 'eloquent',
'model' => Admin::class,
]]);
}
Auth.php
'guards' => [
// 'web' => [
// 'driver' => 'session',
// 'provider' => 'users',
// ],
'api' => [
'driver' => 'jwt',
'provider' => 'assureds',
'hash' => false,
],
'admins' => [
'driver' => 'jwt',
'provider' => 'admins',
],
],
Provider:
'providers' => [
'assureds' => [
'driver' => 'eloquent',
'model' => App\Assured::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Admin::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
I have two models in my laravel v5.4 project, user and admin.
In config/auth.php i added admin to guards and providers as below :
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Models\Admin::class,
],
],
Now in AdminController class i want to use Auth::attempt function but by default it uses the users table. I can change defaults in config/auth.php as below and it works but in this case i can not use Auth::attempt for users.
'defaults' => [
'guard' => 'admin',
'passwords' => 'users',
],
I want to set user as default but use Auth::attempt function for admin with a method like Auth::attempt('admin',[credentials]). How can i use Auth::attempt for Admin model?
You call the guard directly, like this:
Auth::guard('admin')->attempt($credentials);
Or with the helper:
auth()->guard('admin')->attempt($credentials);
Or, even shorter with the helper:
auth('admin')->attempt($credentials);