I am trying to implement multi auth in laravel 5.4 and have done it in this way,
i have already implemented guards and providers for the guards in auth.php,
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
class FleetLoginController extends Controller {
public function __construct() {
$this->middleware('guest:company');
}
public function showLogInForm() {
return view('fleet.fleetLogin');
}
public function login(Request $request) {
$this->validate($request, [
'email' => 'required|email',
'password' => 'required'
]);
if (Auth::guard('company')->attempt(['email' => $request->email, 'password' => $request->password], $request->remember)) {
$request->session()->regenerate();
return $this->authenticated($request, $this->guard()->user())
?: redirect()->intended($this->redirectPath());
} else {
return redirect()->back()->withInput($request->only('email', 'remember'));
}
}
public function logout(Request $request) {
$this->guard('company')->logout();
$request->session()->invalidate();
return redirect('/');
}
public function logcheck() {
if (Auth::check()) {
dd('yes logged in');
}
else
{
dd('No user logged in');
}
}
protected function authenticated(Request $request, $user) {
$this->logcheck();
}
protected function guard() {
return Auth::guard('company');
}
}
i have made the providers and guards, the problem is when i call the function logcheck()
it dumps "No user logged in". Can anyone help me? i need to get the id of the logged in user by
Auth::User()->id;
Seems like you need to use send name to guard
Auth::guard('company')->check() on logcheck()
Related
in laravel "^7.11.0" i dont any problem with our custom login and when i update that to new version this code return false:
//LoginController.php
$this->attemptLogin($request)
//trait AuthenticatesUsers.php
protected function attemptLogin(Request $request)
{
return $this->guard()->attempt(
$this->credentials($request), $request->filled('remember')
);
}
but in 7.11.0 return true, i don't know what happen on new version of laravel "^7.28.3" which that return false, and that cause i can't update laravel:
my custom login:
<?php
namespace App\Http\Controllers\Auth;
use App\Events\UserAuthenticate;
use App\Http\Controllers\Controller;
use App\User;
use Carbon\Carbon;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Session;
use Laravel\Socialite\Facades\Socialite;
class LoginController extends Controller
{
use AuthenticatesUsers;
protected $redirectTo = '/';
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function login(Request $request)
{
$this->validateLogin($request);
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if (auth()->validate($request->only('username','password'))) {
$user = User::whereUsername($request->username)->first();
if ($user->lock) {
$request->session()->flash('error',__('message.your_account_locked'));
return view('layouts.backend.pages.auth.account.locked_account');
}elseif (!$user->active) {
$checkActivationCode = $user->activationCode()->where('expire', '>=', Carbon::now())->latest()->first();
if ($checkActivationCode != null) {
if ($checkActivationCode->expire > Carbon::now()) {
$this->incrementLoginAttempts($request);
$request->session()->flash('error',__('message.please_active_your_account'));
return view('layouts.backend.pages.auth.account.active_account');
}
}else{
return redirect()->to('/page/userAccountActivation/create');
}
}
}
if ($this->attemptLogin($request)) {
dd('aaaaaa');
return $this->sendLoginResponse($request);
}
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
public function redirectToProvider()
{
return Socialite::driver('google')->redirect();
}
public function show()
{
return view('auth.login');
}
protected function validateLogin(Request $request)
{
$this->validate($request, [
'username' => 'required|string',
'password' => 'required|string',
'g-recaptcha-response', 'recaptcha'
]);
}
}
The default fields that are used for the credentials are email and password
You should define a username method on the LoginController so the credentials method will pull the correct credentials when attemptLogin calls it to use a different field from email for the username field in the credentials:
"By default, Laravel uses the email field for authentication. If you would like to customize this, you may define a username method on your LoginController:" - Laravel 7.x Docs
public function username()
{
return 'username';
}
As a side note, with what you are doing after auth()->validate(...) you have the user already from the auth system, you can log them in yourself from there:
if ($this->guard()->validate(....)) {
$user = $this->guard()->user();
...
$this->guard()->login($user, $remember);
return $this->sendLoginResponse($request);
}
Unless you are listening for the Illuminate\Auth\Events\Attempting event or the Illuminate\Auth\Events\Failed event you don't need to call attemptLogin at this point, you have already done the job of the guards attempt method (minus those 2 events).
Laravel 7.x Docs - Authentication - Authenticating - Username Customization
I'm building a Laravel application from start with user login/registration function.
Below is some code of it:
// web.php
Route::middleware(['guest'])->group(function () {
Route::get('/register', 'UserController#register');
Route::post('/register', 'UserController#doRegister')->middleware('throttle:10,1');
Route::get('/login', 'UserController#login')->name('login');
Route::post('/login', 'UserController#doLogin')->middleware('throttle:15,1');
});
Route::get('/logout', 'UserController#logout');
// UserController.php
class UserController extends Controller
{
public function register()
{
return view('user.register');
}
public function doRegister(Request $request)
{
$this->validate($request, [
'name' => 'required',
'email' => 'required|email|unique:App\User',
'password' => 'required|confirmed'
]);
$userData = $request->only(['name', 'email']);
$userData['password'] = Hash::make($request->input('password'));
$user = User::create($userData);
auth()->login($user);
return redirect("/");
}
use ThrottlesLogins;
protected $maxAttempts=5;
protected $decayMinutes=1;
public function login()
{
return view('user.login');
}
public function doLogin(Request $request)
{
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$this->validate($request, [
'email' => 'required|email',
'password' => 'required'
]);
if (auth()->attempt($request->only(['email', 'password']), $request->boolean('remember_password')) == false) {
$this->incrementLoginAttempts($request);
return back()->withErrors([
'message' => __('auth.failed')
])->with('email', $request->input('email'));
}
$this->clearLoginAttempts($request);
return redirect()->to('/');
}
protected function username()
{
return 'email';
}
public function logout()
{
auth()->logout();
return redirect()->to('/');
}
}
The web page seem working.
When I enable middleware \Illuminate\Session\Middleware\AuthenticateSession::classin Kernel.php (for trial function "Invalidating Sessions On Other Devices" later), following error happen:
After creating new user success and redirect to home page with redirect("/"), Illuminate\Auth\AuthenticationException: Unauthenticated will happen and redirect again to login page (expected must go to home page with logged user).
Stacktrace:
E:\Web\movie-resumer\vendor\laravel\framework\src\Illuminate\Session\Middleware\AuthenticateSession.php:94
Stack trace:
#0 E:\Web\movie-resumer\vendor\laravel\framework\src\Illuminate\Session\Middleware\AuthenticateSession.php(55): Illuminate\Session\Middleware\AuthenticateSession->logout(Object(Illuminate\Http\Request))
This trace refer to following code in AuthenticateSession.php:
class AuthenticateSession
{
public function handle($request, Closure $next)
{
...
if ($request->session()->get('password_hash') !== $request->user()->getAuthPassword()) {
$this->logout($request);
}
...
}
}
I just try with other replacement as below in UserController#doRegister method:
Change auth()->login($user); to use auth()->attempt($request->only(['email', 'password'])); then Exception will not occur
Or: change return redirect("/"); to use return view('home'); then Exception will not occur (the URL http://localhost/register will show the home page with logged user)
Or: change/remove the route name 'login' (Route::get('/login', 'UserController#login')->name('login123');) then Exception will not occur.
Do my first implement has any mistake, so that it cannot working with AuthenticateSession middleware?
Below is some method in a trait AuthenticatesUsers where Illuminate\Foundation\Auth, Laravel.
...
protected function validateLogin(Request $request)
{
$this->validate($request, [
$this->username() => 'required|string',
'password' => 'required|string',
]);
}
...
public function username()
{
return 'email';
}
Originally, my goal is to make another login form with user_id and password in mobile device, so this will check Auth() and if success, it will work some method and automatically logout after then. could you tell me detailed advice?
Additional question.
as Jaskaran Singh's advice I added it also as below.
protected function authenticated(Request $request, $user)
{
if($request->Inn == 'Inn') {
return redirect()->route('mobiles_start', ['Inn' => 'Inn']);
}
elseif($request->Ut == 'Ut') {
return redirect()->route('mobiles_destroy', ['Ut' => 'Ut']);
}
return view('welcome');
}
but if login failed, then it is redirected back to the /login page instead of expected view page that pre defined in the route(mobiles_start and mobiles_destroy) above.
How could I do?
You can login with User ID like this:
if(Auth::loginUsingId($user->id)){
return response()->json(['success' => $user], $this->successStatus);
}
You don't have to extend the core trait or any core Laravel code.
in app/Http/Controllers/Auth/LoginController.php add the following functions, this will override the default functions in AuthenticatesUsers trait.
add username() function
public function username()
{
if(request('id')){
return 'id'; // if request contains id then return it
}
return 'email'; // else return email
}
add validateLogin() function
protected function validateLogin(Request $request)
{
$this->validate($request, [
$this->username() => 'required', //remove |string
'password' => 'required|string',
]);
}
that's it.
I am using the standard method of login/registration of Auth Controllers. The goal is to register a new user when the user logs in if there is no such user, or just auth if there is. To my mind, it should be simply reassigning a couple of methods. For start, I changed
AuthenticatesUsers.php
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
$this->incrementLoginAttempts($request);
//return $this->sendFailedLoginResponse($request);
}
With commenting the last line it will not say that there is no such user, and I believe right there I should put register method, but I can't find the right way to include it. I suggest that I should use `RegisterUsers.php`
AuthenticatesUsers.php is the controller that does login logic. We are looking at the public function login
AuthenticatesUsers.php
<?php
namespace Illuminate\Foundation\Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Validation\ValidationException;
use Illuminate\Support\Facades\Validator;
use Illuminate\Auth\Events\Registered;
use Illuminate\Foundation\Auth\RegistersUsers;
trait AuthenticatesUsers
{
use RedirectsUsers, ThrottlesLogins, RegistersUsers;
public function showLoginForm()
{
return view('auth.login');
}
public function login(Request $request)
{
$this->validateLogin($request);
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
$this->incrementLoginAttempts($request);
//return $this->sendFailedLoginResponse($request);
$this->register($request);
}
public function register(Request $request)
{
$this->validator($request->all())->validate();
event(new Registered($user = $this->create($request->all())));
$this->guard()->login($user);
return $this->registered($request, $user)
?: redirect($this->redirectPath());
}
protected function validator(array $data)
{
return Validator::make($data, [
//'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
//'password' => 'required|string|min:6|confirmed',
]);
}
protected function validateLogin(Request $request)
{
$this->validate($request, [
$this->username() => 'required|string',
'password' => 'required|string',
]);
}
protected function attemptLogin(Request $request)
{
return $this->guard()->attempt(
$this->credentials($request), $request->filled('remember')
);
}
protected function credentials(Request $request)
{
return $request->only($this->username(), 'password');
}
protected function sendLoginResponse(Request $request)
{
$request->session()->regenerate();
$this->clearLoginAttempts($request);
return $this->authenticated($request, $this->guard()->user())
?: redirect()->intended($this->redirectPath());
}
protected function authenticated(Request $request, $user)
{
//
}
protected function sendFailedLoginResponse(Request $request)
{
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
]);
}
public function username()
{
return 'email';
}
public function logout(Request $request)
{
$this->guard()->logout();
$request->session()->invalidate();
return redirect('/');
}
protected function guard()
{
return Auth::guard();
}
}
simply override the register method from RegisterUsers.php into your LoginController.
public function register(Request $request)
{
$this->validator($request->all())->validate();
event(new Registered($user = $this->create($request->all())));
$this->guard()->login($user);
return $this->registered($request, $user)
?: redirect($this->redirectPath());
}
Also add the validator protected function from RegisterController and edit according to your fields.
Also keep in mind to edit the User model fillable array and the relatively migration file of creating users table. Set Nullable() to fields you are not going to enter during Login.
Implement this method in your LoginController
protected function attemptLogin(Request $request)
{
// here you can check if user is present or just create.
return $this->guard()->attempt(
$this->credentials($request), $request->filled('remember')
);
}
All I had to do is to turn to User model, no need to specify any methods
here is how the function in AuthenticatesUsers.php should look like:
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
//return $this->sendFailedLoginResponse($request);
$user = User::where('email', '=', $_POST['email'])->first();
if ($user === null) {
return User::create([
'name' => $_POST['email'],
'email' => $_POST['email'],
'password' => Hash::make($_POST['password']),
]);
}
else
echo 'Wrong password';
}
I am trying to use Laravel 5 built in User Authentication.In this regard I would like to redirect user to a certain route/page/controller after successfully logged in. I am trying to change code of complied.php file. I am trying to change /home of below code, but it is not working.
trait AuthenticatesAndRegistersUsers
{
protected $auth;
protected $registrar;
public function getRegister()
{
return view('auth.register');
}
public function postRegister(Request $request)
{
$validator = $this->registrar->validator($request->all());
if ($validator->fails()) {
$this->throwValidationException($request, $validator);
}
$this->auth->login($this->registrar->create($request->all()));
return redirect($this->redirectPath());
}
public function getLogin()
{
return view('auth.login');
}
public function postLogin(Request $request)
{
$this->validate($request, array('email' => 'required|email', 'password' => 'required'));
$credentials = $request->only('email', 'password');
if ($this->auth->attempt($credentials, $request->has('remember'))) {
return redirect()->intended($this->redirectPath());
}
return redirect($this->loginPath())->withInput($request->only('email', 'remember'))->withErrors(array('email' => $this->getFailedLoginMessage()));
}
protected function getFailedLoginMessage()
{
return 'These credentials do not match our records.';
}
public function getLogout()
{
$this->auth->logout();
return redirect('/home');
}
public function redirectPath()
{
if (property_exists($this, 'redirectPath'))
{
return $this->redirectPath;
}
return property_exists($this, 'redirectTo') ? $this->redirectTo : '/home';
}
public function loginPath()
{
return property_exists($this, 'loginPath') ? $this->loginPath : '/auth/login';
}
}
Thanks
You are not supposed to change anything in compiled.php
In RedirectIfAuthenticated middleware change,
return new RedirectResponse(url('/home'));
to
return new RedirectResponse(url('/'));
This basically redirects logged in user to desired path, once logged in user returns to website.
so,handle function lookes like below,
public function handle($request, Closure $next) {
if ($this->auth->check())
{
return new RedirectResponse(url('/'));
}
return $next($request);
}
after that add following in AuthController
public $redirectTo = '/';
public $redirectAfterLogout = '/';
so after successful login user wil be redirected to redirectTo and after logout user will be redirected to redirectAfterLogout.