I'm trying to understand how an authentication request is handled by laravel in order to be able to write my own authentication method that allows me to check data from multiple tables before authenticating (basically there are some columns that I need to check to understand if a user is able to login).
I'm actually quietly confused about the relation between guards, middleware, provider and driver.
Can someone please explain me the lifecycle of a login request?
Thank you
EDIT: i'm working with laravel 5.7, standard Auth scaffolding that is available using make:auth
To make a custom authentication follow this steps
1.go to routes/web.php and make a get route to handle login view and post login route to handle login logic
Route::get('login','LoginController#show')
Route::post('login','LoginController#login')
2. Make a controller called LoginController
php artisan make:controller LoginController
4.inside LoginController make a function called login to handle login logic like this
public function login(){
$input = $this->validate(request(),['username'=>'required','password'=>'required']);
$model = CustomUsersModel::where('username',$input['username'])
->where('password',bcrypt($input['password']))->first();
if($model){
//user exist and valid login information
auth()->login($model);//login user via model
//now user loggedin
}
//handle wrong login information
}
Related
I am having a problem with Laravel 5.7 Email verification.
After using Laravel's email verification it is forcing me to the login page if I'm not logged in.
Here is what we need:
We enable the code for the email verification of users. So when someone signup we want to verify the user email. We want the user to signup on the website, the user is asked to verify the email address and they can't do anything further until verified - which is ok for me.
Our trouble is, if a new user comes (Not registered) to our website, our website will force all that user to the login page as well .
A normal user who is not signed up is also getting to login page and force to verify or log in.
While we want the only user who signed up needs to verify. Which is working.
All the normal users who are not subscribed can use site easy. Where currently they are going to login page
What I've done so far
Added the following code
class User extends Authenticatable implements MustVerifyEmail
Auth::routes(['verify' => true]);
Route::get('profile', function () { })->middleware('verified');
After Verifying Emails
protected $redirectTo = '/dashboard';
It is working fine but,
What I need is that I don't want to force users to verify email because this is blocking the user from accessing the home page of my website.
The problem is you need to specify what pages will use auth middleware. To exclude your welcome view.
In your controller file.
public function __construct()
{
$this->middleware('auth')->except('welcome');
}
public function home(){
return view('welcome');
}
Im using 'welcome' view, because I believe that you do not change the code of default Laravel installation, you must be careful, since the view 'home' is the default page that laravel shows after you logged in. If you remove the authentication layer of that page, any user can access your system. You must change the code of this page or create another view.
In your web.php file
Route::get('/', 'HomeController#home');
Laravel Docs - Controller Middleware
try to add except method and check for url home
public function __construct()
{
$this->middleware(['auth', 'verified'])->except('home');
}
I am developing a card for Laravel nova.
As part of this, I want an API route that can be posted, but I don't want to have to authenticate against it.
I have registered my route in the card's api.php
Route::post('/endpoint/{id}', function (Request $request, $id) {)
This works if I call it with an already authenticated session.
But if I try to call it from postman I get
HTTP 419 Sorry, your session has expired. Please refresh and try again.
I can see that the card service provider is registering the route as so
Route::middleware(['nova'])
->prefix('nova-vendor/NovaPusherCard')
->group(__DIR__.'/../routes/api.php');
So I guess that Nova is putting some authenticated in front of the route.
Is there a way I can register the route without adding authentication?
ok so I worked it out.
I just needed to update the middleware to api instead of nova.
I am able to login via Ajax in Laravel 5.3
This is easily accomplished by making a post request to the login route with the proper parameters.
However, for my application, I am designing two ways for a user to be logged in - via the traditional email/password combination that Laravel already supports, and via an access code that would be distributed and allow the possessor of said code to login without an email/password combination. There is no "registration" in my app, there is just different levels of authentication.
Anyway, in /vendor/laravel/framework/src/Illuminate/Foundation/Auth I am editing the AuthenticatesUsers.php and understand that this function specifically handles the login attempts:
protected function attemptLogin(Request $request)
{
return $this->guard()->attempt(
$this->credentials($request), $request->has('remember')
);
}
My question is, how can I change the success of attempt() based on the content of the request?
In other words, if someone is sending an ajax access code it shouldn't be tested against an email/password combination, as it would obviously fail. Similarly, if they are sending an ajax with email/password parameters, it shouldn't be tested against the list of available access codes.
Am I on the right track? Where in Laravel can I go to make the Auth::attempt() contingent on request parameters?
I will not advice to edit a framework file.
You should rather write a middleware to handle identification of the type of authentication user is requesting for, before sending it to the controller. In your middleware,
public function handle($request, Closure $next)
{
// check if the request has access_code
$request->attributes->add(['using_access_code' => $request->has('access_code')]);
return $next($request);
}
And in your controller, you can check for positive test on this request parameter that we newly added (you can of course do this inside controller directly, but I personally like middleware to handle this because there are chances that you may want to add more functionality)
In your controller, if using_access_code is false, proceed with attempt() login, else, retrieve the user using access_code and manually authenticate the user using Auth::login($user). Let me know if you are unclear.
By default Laravel 5.3 login user automatically after registration.I need a suggestion for get the user ID after the user automatically logged in and then run a function without redirection.How can I do this?
You can edit create() method in Auth\RegisterController.php and call your function there.
I'm new to laravel framework and I used the laravel-5.2 out of the box user authentication feature for creating a user authentication system. It is working fine. But when I want my home page to be displayed not the login page as the root. That is I want to access the login via the home page not the login page first. How can I customize my routes.
Just make sure that your home page route is not protected by the auth middleware. The default auth scaffolding provided by Laravel generates the following "home" route:
Route::get('/home', 'HomeController#index');
Inside the HomeController, in the constructor, is the following statement:
public function __construct()
{
$this->middleware('auth');
}
This means that any route handled by this controller is subject to the auth middleware: if you're not logged in, you'll be redirected to the login page. So, if you don't want your "home" route to be protected by auth, you need to either remove the auth middleware from the HomeController, or create a new controller to handle your "home" route, one which does not use the auth middleware.