laravel auth


Almost everything is already configured in Laravel regarding authentication. Many applications don't even need to modify it.

Authentication Quickstart

Laravel comes with several pre-built authentication controllers which are located in the App\Http\Controllers\Auth namespace. The RegisterController handles new user registration, the LoginController handles authentication, the ForgotPasswordController handles e-mailing links for resetting passwords and the ResetPasswordController contains the logic to reset passwords. For many applications, you will not need to modify these controllers at all.

Laravel provides a quick way to scaffold all of the routes and views you need for authentication using single artisan command.

php artisan make:auth

This command will install the views for layout, registration and login as well as routes for all authentication requests. A HomeController will also be generated to handle post-login requests to the application's dashboard.

PATH CUSTOMIZATION

An authenticated user will be redirected to the /home URI by default. You can customize that location by defining a redirectTo property on the LoginController, RegisterController and ResetPasswordController.

protected $redirectTo = '/';

If you want to add custom logic for redirection process, you can define a redirectTo method instead of a property.

protected function redirectTo()
{
    
}

USERNAME CUSTOMIZATION

Laravel uses the email field for authentication. You can modify it on your LoginController.

public function userName()
{
    return 'username';
}

CUSTOMIZING LOG IN FORM

You can modify the RegisterController class to modify the registration form fields where the validator() method holds the validation rules for new users and the create() method creates new records in your database.

RETRIEVING AUTHENTICATED USER

You can access the authenticated user via the Auth facade.

use Illuminate\Support\Facades\Auth;

// Get the currently authenticated user...
$user = Auth::user();

// Get the currently authenticated user's ID...
$id = Auth::id();

USER AUTHENTICATION CHECK

The check method on the Auth facade will check if the user is already logged in and return boolean.

if (Auth::check()) {

}

ROUTES PROTECTION

Middleware can be used to allow only the authenticated users to access a given route. Laravel comes with an auth middleware that you need to attach to a route definition.

Route::get('profile', function () {
    
})->middleware('auth');

You can call the middleware method from the controller's constructor too instead of attaching it in the route definition directly.

public function __construct()
{
    $this->middleware('auth');
}

LOGGING OUT

To log users out of the application, you can use the logout method. This will clear the authentication information from the user's session.

Auth::logout();

PASSWORD RESET

Laravel comes with complete set up for sending password reminders and performing password resets.You only need to verify that the User model implements the Illuminate\Contracts\Auth\CanResetPassword contract that uses the Illuminate\Auth\Passwords\CanResetPassword trait to include required methods.

RESET TOKEN TABLE & MIGRATION

A table must be created to store the password reset tokens. The migration for this table is included with Laravel and resides in the database/migrations directory. All you need to do is run artisan migration command.

ROUTING

Laravel includes ForgotPasswordController ResetPasswordController classes that contains the logics necessary to e-mail password reset links and reset user passwords. Artisan command make:auth command generates all the routes and views needed to perform password resets.

php artisan make:auth

AFTER RESETS

The user will automatically be logged into the application after the password is reset. You can customize the post password reset redirect location by defining a redirectTo property on the ResetPasswordController.

protected $redirectTo = '/dashboard';

HASHING

The Laravel Hash facade provides secured Bcrypt hashing for storing user passwords. You can hash a password by calling the make method on the Hash facade.

$password => Hash::make($request->newPassword);

VERIFY PASSWORD

The LoginController included with Laravel will automatically perfroms the pasword verification method. The check method can be used to verify the same manually.

if (Hash::check('plain-text', $hashedPassword)) {
    
}