I was wondering if anyone can shed some light on setting up basic user authentication. I've installed the admin app into my project and it works great. But I need a basic user role that can have it's own registration page etc.
I need to see something like
domain.com/users/user.slug
would take them to their profile page
I'm also going to have nested resources, so a user can have a project associated to them.
domain.com/users/user.slug/projects/project.slug
or
domain.com/users/user.slug/project.slug
The admin piece worked great, but I have no idea how to setup registration etc for a user model?
I've used devise in the past with Rails and I'm wondering if anything like it currently exists? I've seen some discussion around warden. Is there a defacto solution that people are using or am I able to implement the admin app to handle this? Right now /accounts is protected and can only be accessed by the admin role.. so I can't have users go to accounts/new
Thanks
For now I basically just copied the admin app.. into my own Users app while using my own User model.
The user model is basically a direct port of the account model.. as is the session controller etc. Just switched the model names around.
I'm still not sure if this is the best approach or if I'm able to leverage the admin app to handle this also?
This solution is working, though again, I'm not sure if it's the optimal approach.
Related
Okay so I know there are a ton of tutorials out there talking about changing the authentication to your liking, but I couldn't find one for my specific case. So here it goes:
In one of my projects I've been using the standard authentication system that comes with Laravel. I have a user model, and each user has an email and a password. They also have roles and permissions and everything works as expected.
I also have a client model. There are projects and each project belongs to a client. Now there is a new requirement for the app, where clients should be able to login and see all of their projects.
Clients should login with a username (not email) and a password.
My question is: What steps are necessary to completely get this going. All I can find online are some pieces of the puzzle, but unfortunately I'm not able to put this together on my own. I know it involves creating a user provider, but that is only part of it. How do I hook up routes/controllers for this, how do I use the custom user provider, how can I use the Auth facade in addition to the standard "user" authentication (I will need to use both side by side)?
If someone knows of a comprehensive tutorial I will be happy to read that and apologize for this question ;-) Otherwise I will be very thankful for a little checklist of all the things I have to consider.
PS: There a many reasons why I can't just use my user model with a special role or something like that. I need to use the client model for authentication.
I found this tutorial which contains the gist of what you're looking for. The basics come down to something along these lines:
Create a new Authenticatable model
Adjust auth.php with new guards and providers
Adjust routing to take both models in account
I'm not sure how the Auth facades plays its role in this, but it might require some additional configuration.
I am developing a web system in php using the laravel framework, I arrived at the part of authentication of users, where it is not allowed the type of user x access to page y. What is the best way to do this with laravel? I thought about creating a session and saving the id of the user, so every time he accesses a certain controller I check if he has access to the id or not. so I had some doubts.
Is this a good way to perform this authentication?
Is this really safe?
is there any way for the client to change my session?
What would be a better method for authenticating user access?
Laravel provides a very good authentication system out of the box. Even though Hacking is inevitable it provides very good protection and since Laravel is pretty popular framework you don't have to worry about the security part. if there is any security bug, patches will be available almost immediately.
And your second concern can a client can change the session ? the answer is NO, if you code it properly. session resides in the server unlike cookies, so there is no direct way for a user to change the session. if you follow good coding practices you are good to go.
And how do you limit userA from accessing pageB. This is a pretty common feature needed in almost all the applications. As of now Laravel does not provide an out of the box solution for this. but this is pretty simple, you can add a role column to the users table, and check whether user have appropriate permission in each page. Laravel keeps the user object in the session, and it is avilable via the auth() helper or Auth Facade. if you want a little sophisticated solution there is a package out there [entrust][1]. it seems a good choice.
You may want to read about
Authorization
Csrf Protection
Authentication
I hope I have addressed all your concerns
Laravel provides a simple way to authorize action thats purpose built for what you need:
https://laravel.com/docs/5.5/authorization
I have been working with CodeIgniter for couple of days and I love it. For a beginner it`s a great framework for creating web applications.
I`m using Tank auth to set up login system and so far I have managed to get same thing done.
But there is one thing that I can not understand. I`ve been studying Tank auth code and googled but still can not ger around this very simple problem - how do I protect my websites content from unregistered users? What is the method used in CodeIgniter for that?
Lets say for example I have a controller Products with method show. By typing www.mywebsite.com/index.php/products/show I get to see them all in my website. Now how do I forbid unregistered users to access(see) my products?
I do understand that this most likely is silly question but I just can not move on without decent understanding about this. While it is fundamental google does not have the answer... (or I dont know how to ask precisely)
Assuming you have tank auth installed and configured correctly, you can simply redirect someone to the login screen if they aren't already logged in for any particular controller function.
if (!$this->tank_auth->is_logged_in()) redirect('auth/login');
If you use that at the start of any function it ensures only logged in users can load it, because any other user will be redirected away. Likewise, if you want to lock an entire controller off, just place that in the constructor.
The Welcome Controller that comes bundled with Tank Auth shows a good example of it, because only logged in users can see the "you are logged in now" page.
I'm trying to build an internal admin system to get to grips with creating a Laravel app from scratch. Currently everything is public so I'm looking at implementing a very simple login system.
There will be no DB connection needed as we want a single user. We'll store the relevant username and password in the .env file most likely.
I feel like I've looked everywhere and haven't been able to find any tutorials covering this requirement! From everything I've read it seems I have to use a 'custom authentication driver' or possibly build my own user provider class but I have no idea how to go about this task.
The idea is that if the app is expanded in future we'd like to be able to just go back to using Laravel's built in db auth functionality. For this reason it would be nice to retain all the common methods relating to checking the current user, using auth middleware on my routes and managing login tokens etc.
Thanks in advance for any help offered.
I implemented codeigniter Ion_Auth library for user registration and etc. I noticed it does not have a built-in user manager such as edit user accounts. Does a user manager such as edit user accounts exist? I can always code one, but I rather not reinvent the wheel.
I use Ion Auth too, it is pretty well coded I and I like writing code with it.
I also needed users editing, but I find it quite easy, because I needed only one simple form, because the library has update_user() and you need only to pass an array with your new data.
Download a CMS because it looks to me you have little or no experience with codeigniter or php for that matter. I dont mean that in a rude way by any means but if you cant perform simple CRUD operations, install a pre-built system as it will save you lots of headaches.
I've just started using CI and am also using Ion Auth for authentication. I'm handling user signup/authentication exclusively with ion auth and extending public profiles using Grocery CRUD. All public info can be viewed globally, but only edited by the user that owns it (as defined by linking the ion auth user table to the extended profile table). I don't know if this is the best way to do it, but it is what I'm doing so far.