I used use AuthenticatesAndRegistersUsers, ThrottlesLogins; to login in laravel , using Auth::user() login is successful but I want to set session using authentication is done. and I getting session value in my home page.
What Laravel version do you use?
In Laravel 5.1 or 5.0 you should edit:
vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php
Then you have to edit the postLogin method, inside this method, you can edit what ever.
This if is for Too many login attempts.
if ($throttles && $this->hasTooManyLoginAttempts($request)) {
return $this->sendLockoutResponse($request);
}
If you have to put your code after the user has login correctly, you must edit this IF:
if (Auth::attempt($credentials, $request->has('remember'))) {
}
Example:
/**
* Handle a login request to the application.
*
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
*/
public function postLogin(Request $request)
{
$this->validate($request, [
$this->loginUsername() => 'required', 'password' => 'required',
]);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
$throttles = $this->isUsingThrottlesLoginsTrait();
if ($throttles && $this->hasTooManyLoginAttempts($request)) {
return $this->sendLockoutResponse($request);
}
$credentials = $this->getCredentials($request);
if (Auth::attempt($credentials, $request->has('remember'))) {
\Session::flash('new_user', 0);
return $this->handleUserWasAuthenticated($request, $throttles);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
if ($throttles) {
$this->incrementLoginAttempts($request);
}
return redirect($this->loginPath())
->withInput($request->only($this->loginUsername(), 'remember'))
->withErrors([
$this->loginUsername() => $this->getFailedLoginMessage(),
]);
}
Related
I'm working on a project where user and admin are two different login. I want to redirect user and admin to their respective dashboard pages.
I'm not getting how to do this. In database, I created roles column (1 for admin, 2 for user).
I'm not getting how to set send to a different dashboard.
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Validator,Redirect,Response;
Use App\User;
use Illuminate\Support\Str;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Session;
use Socialite;
class AuthController extends Controller
{
public function index()
{
return view('login');
}
public function registration()
{
return view('registration');
}
public function postLogin(Request $request)
{
request()->validate([
'email' => 'required',
'password' => 'required',
]);
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
return redirect()->intended('dashboard');
// return redirect($this->redirectPath());
}
return Redirect::to("login")->withSuccess('Oppes! You have entered invalid credentials');
}
}
Currently on successful login going only same dashboard. I want to change that and send redirection according to roles.
I have created middleware also, but not getting what exact need to do.
<?php
namespace App\Http\Middleware;
use Closure;
Use App\User;
class RoleMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->check()) {
$auth = Auth::user()->roles()->first();
switch ($auth->role) {
case 'admin':
return redirect()->route('admin');
break;
case 'user':
return redirect()->route('user');
break;
default:
return redirect()->route('login');
break;
}
}
return $next($request);
}
}
and routing will be following
Route::get('login', 'AuthController#index');
Route::post('post-login', 'AuthController#postLogin');
First of all, you don't need to create a middleware for redirecting users based on their role.
Just check the role of user after successful login attempt and do your redirect.
public function postLogin(Request $request)
{
$request->validate([
'email' => 'required',
'password' => 'required',
]);
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// Authentication passed...
// Set redirect route/path based on user role.
$to = $request->user()->role->name === 'admin' ? 'admin' : 'user';
// Redirect user to a named route.
return redirect()->route($to); // or return redirect($to);
}
return Redirect::to('login')->withSuccess('Oops! You have entered invalid credentials.');
}
You can Manage different different dashboards for User and Admin URLs Easily using Gates method also in Laravel.
refer and Try to understand this Example,
I have a Laravel 6 application.
In a typical application, the user would just specify their email, where the email is unique.
However, in my application, I have 2 columns in the User model that is used to authenticate users.
app_id
email
unique(app_id, email)
So in order to login, we need to pass both an app_id and an email, along with the password. The same email could be used across different app_ids.
How would I achieve this?
The default login actions provided by Auth::routes() are the following:
Route::get('login', 'Auth\LoginController#showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController#login');
This is the default login function, part of the AuthenticatesUsers trait used by the LoginController:
/**
* Handle a login request to the application.
*
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*
* #throws \Illuminate\Validation\ValidationException
*/
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
There are a few ways to approach this.
Option 1: Override login function in LoginController
# app/Http/Controllers/Auth/LoginController.php
public function login(Request $request)
{
// add more stuff like validation, return the view you want, etc.
// This is barebones
auth()->attempt($request->only(['app_id', 'login', 'password']);
}
Option 2: Override both the validateLogin and the credentials functions in LoginController
# app/Http/Controllers/Auth/LoginController.php
protected function validateLogin(Request $request)
{
$request->validate([
'app_id' => 'required|string',
'email' => 'required|string',
'password' => 'required|string',
]);
}
/**
* Get the needed authorization credentials from the request.
*
* #param \Illuminate\Http\Request $request
* #return array
*/
protected function credentials(Request $request)
{
return $request->only('app_id', 'email', 'password');
}
I'm trying to make a logout test for my api with tymon/jwt-auth package. Here I have defined the api routes, controller, and a unit test.
In api.php:
Route::group(['middleware' => 'api', 'prefix' => 'auth'], function ($router) {
Route::post('login', 'AuthController#login');
Route::post('logout', 'AuthController#logout');
Route::post('refresh', 'AuthController#refresh');
Route::post('me', 'AuthController#me');
Route::post('me/profile', 'AuthController#profile');
});
In AuthController.php:
/**
* Log the user out (Invalidate the token).
*
* #return \Illuminate\Http\JsonResponse
*/
public function logout()
{
auth()->logout();
return response()->json(['message' => 'Successfully logged out']);
}
In tests/Unit/AuthenticationTest.php:
/**
* Test if user can login trough internal api.
*
* #return void
*/
public function testLogin()
{
$response = $this->post('api/auth/login', [
'email' => 'admin#xscriptconnect.com',
'password' => 'password'
]);
$response->assertStatus(200)
->assertJsonStructure(['access_token', 'token_type', 'expires_in']);
$this->assertAuthenticated('api');
}
/**
* Test if user can logout trough internal api.
*
* #return void
*/
public function testLogout()
{
$user = User::first();
$user = $this->actingAs($user, 'api');
$user->post('api/auth/logout')
->assertStatus(200)
->assertJsonStructure(['message']);
$this->assertUnauthenticatedAs($user, 'api');
}
The login test works fine but when it starts the logout test, the assertion fails. It shows me this error:
There was 1 failure:
1) Tests\Unit\AuthenticationTest::testLogout
Expected status code 200 but received 500.
Failed asserting that false is true.
And when I tested it using this method:
public function testLogout()
{
$user = User::first();
$this->actingAs($user, 'api');
$response = auth()->logout();
$response->assertStatus(200);
$response->assertJsonStructure(['message']);
}
I got this error:
There was 1 error:
1) Tests\Unit\AuthenticationTest::testLogout
Tymon\JWTAuth\Exceptions\JWTException: Token could not be parsed from the request
What is the proper way to test a logout trough this package? Please help.
According to the this comment in it's github page, I have found the solution for this problem. I changed my script like this and it works.
/**
* Test if user can logout trough internal api.
*
* #return void
*/
public function testLogout()
{
$user = User::first();
$token = \JWTAuth::fromUser($user);
$this->post('api/auth/logout?token=' . $token)
->assertStatus(200)
->assertJsonStructure(['message']);
$this->assertGuest('api');
}
Please feel free to post another answer regarding to this question if any. Thank you very much.
Override the method be() in your TestCase to set the authorization header when use actingAs() aka be() method
use Illuminate\Contracts\Auth\Authenticatable as UserContract;
abstract class TestCase extends BaseTestCase
{
public function be(UserContract $user, $driver = null)
{
$token = auth()->fromUser($user);
return parent::be($user, $driver)->withHeader('Authorization', "Bearer {$token}");
}
}
I changed the login function a bit, that the user can only log in with his username and his email if his email address was confirmed by a sent email.
what do I want to do
If the email address has not yet been confirmed, I would like to redirect the user to a page to confirm his email address. If the table "users, active" has a 1, the address has been confirmed.
Currently I have problems logging in with the username. Does anyone recognize a mistake?
How can I implement that? Does anyone have a similar code?
/**
* Get the needed authorization credentials from the request.
*
* #param \Illuminate\Http\Request $request
* #return array
*/
protected function credentials(Request $request)
{
$field = filter_var($request->get($this->username()), FILTER_VALIDATE_EMAIL)
? $this->username()
: 'username';
return [
$field => $request->get($this->username()),
'password' => $request->password,
];
}
/**
* Validate the user login request.
*
* #param \Illuminate\Http\Request $request
* #return void
*/
protected function validateLogin(Request $request)
{
$this->validate($request, [
$this->username() => [
'required', 'string',
Rule::exists('users')->where(function ($query){
$query->where('active', true);
})
],
'password' => 'required|string',
], $this->validationError());
}
New loginController
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* #var string
*/
protected $redirectTo = '/iboard';
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => ['logout', 'userLogout']]);
}
/**
* Get the needed authorization credentials from the request.
*
* #param \Illuminate\Http\Request $request
* #return array
*/
protected function credentials(Request $request)
{
$field = filter_var($request->get($this->username()), FILTER_VALIDATE_EMAIL)
? $this->username()
: 'username';
return [
$field => $request->get($this->username()),
'password' => $request->password,
];
}
public function login(Request $request)
{
$this->validateLogin($request);
if (Auth::once($this->credentials($request))) { //use auth once so that it will not create auth session
$user = Auth::user();
if($user->active){
Auth::login($user); //now create auth session, check
return redirect('/iboard'); //redirect to dashboard url
}else{
return redirect('email_confirm')->with('fail', 'Please confirm your email'); //redirect to email confirm page
}
}
return redirect()->back()->with('fail', "Invalid username or password");
}
public function userLogout()
{
Auth::guard('')->logout();
return view('/exit');
}
}
You can try the below code for your login, assuming you have validateLogin and credentials functions in the same controller because the below login action used both of these function. Check details here
public function login(Request $request)
{
$this->validateLogin($request);
if (Auth::once($this->credentials($request))) { //use auth once so that it will not create auth session
$user = Auth::user();
if($user->active == 1){
Auth::login($user); //now create auth session
return redirect('dashboard'); //redirect to dashboard url
}else{
return redirect('email_confirm')->with('error', 'Please confirm your email'); //redirect to email confirm page
}
}
return redirect()->back()->with('error', "Invalid username or password");
}
I have a laravel project, where I try implement checking if user account is confirmed by activation code from user's email:
public function SignIn(Request $request){
if(Auth::attempt(['email' => $request['email'], 'password' => $request['password']])) {
if(Auth::user()->status==false){
Auth::logout();
Session::flash('activationError','First please active your account');
return back();
}
return redirect()->route('showDashboardWelcome');
}
else{
Session::flash('loginError','Your username and password are wrong');
return back();
}
}
In above code there is function from controller to Sign in user. This function check if the user email and password are correct and if user has confirmed account($status variable from user model with two boolean values) by email code.
If account is not confirmed by user I must logout user from account, because function attempt start simultaneously user's session. Is there any possible way to do this operation without starting a user session and then logout user?
I would be grateful for help. Best regards
Add a middleware to directly query the users table and check the status field. If not verified redirect away to the page showing the message. For example:
<?php
namespace App\Http\Middleware;
use Closure;
class CheckVerified
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$user = User::where('email', $request->email)->first();
if (!user->status) {
return redirect()->back()->with('not verified');
}
return $next($request);
}
}
You can pass as many parameters to attempt([]) as you want. So here you can add 'status' to the array like this
if(Auth::attempt([
'email' => $request['email'],
'password' => $request['password'],
'status' => true
])) {
}
Every single parameter you pass to that array has to be met for the Auth::attemp() to start the session.