I am wanting to create an Android / iPhone application to enable mobile phone users to have the same functionality as the website.
The website's authentication works as planned:
Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password')))
What I have is another auth.php within the public/app/ folder (I will add the .htaccess later!) that will authenticate users logging in through their mobile phones. Ideally, to make it simpler, I'm wanting to use all of the Laravel controller functions that my web app uses.
I know the Auth:: function resides in the BaseController but I'm unsure of how to access this within the /public folder, or if this is it the suggested method.
As anyone else authenticated a user through their mobile phone through Laravel?
Any help would be hugely appreciated. Many thanks.
I would suggest to create a route in the app/routes.php for authenticate a mobile user.
Route::post('mobile/auth', function() {
// your stuff
});
or via controller:
// app/routes.php
// connect the route to a controller
Route::post('mobile/auth', 'MobileAuthController#auth');
class MobileAuthController extends BaseController
{
public function auth()
{
// ...
}
}
Is this what you mean? or else i misunderstand you.
You're authentication is pretty basic, checkout the damn good documentation on the laravel website for better examples.
Related
I'm working on a project with laravel. in my project there's two type of users one of them are admins and other one is normal users.
btw project is only provides API and there's no blade views.
I give a token to any user or admin logins with the api. and application will identify user or admin by sending that token with an authorization header and I check if token is validate and the user type is admin then give access to the admin features for that client.
here's my code for this part:
$admin = Auth::guard('admin-api')->user();
if ($admin) {
// allow to use admin features
}
else {
return response()->json(['error' => 'token is invalid'], 401);
}
I read something about applying Restrictions on a controller class in laravel and it was written there to add a constructor like this into controller class:
public function __construct() {
$this->middleware('admin-api');
}
and also there's something like that just for Restricting routes. like this
but I just want to know is it necessary to add same constructor to my controller class while the project just provides API? or the way that I'm doing is correct?
You are doing it right.
I would prefer restricting the request via routes, so there is no need to add constructor on each new Controllers.
Route::middleware(['admin-api'])
->group(function () {
Route::get('cart', 'Carts\CartController#retreive');
Route::post('cart/coupon', 'Carts\CartCouponController#addCoupon');
Route::delete('cart/coupon', 'Carts\CartCouponController#deleteCoupon');
Route::delete('cart/flyer', 'Carts\CartController#deleteFlyer');
});
This will apply the admin-api middleware on all the routes in the group and there is no need to add a constructor on Carts\CartController and Carts\CartCouponController, just to have middleware restriction.
I started working on a project which should have admin panel and frontend and I want to use CodeIgniter framework on client request. But the problem is I am not able to understand how to start the project as mentioned above.
I want folder similar to the image shared
Besides the Admin_controller (for separeted security rules), for better organization, it's good to use some extension like this one:
HMVC: https://bitbucket.org/wiredesignz/codeigniter-modular-extensions-hmvc/src
With this you'll be able to that this type os structure:
URLs
http://awesome.site/public_controller
http://awesome.site/*module_name*/*controller_inside_module*
http://awesome.site/admin/login
Try using Codeigniter's session functionality to authenticate the user and his role (e.g., "admin", "customer", etc)
Then add a constructor like this to every controller (this is just an example)
class Admin_only extends CI_Controller {
public function __construct()
{
parent::__construct();
if( !isset($this->session->userdata['logged_in']) || $this->session->userdata['logged_in']['user_type'] != 'administrator' )
{
// you're not welcome here
redirect('welcome/access_error');
}
}
The __construct() is run every time anything within the controller is accessed.
See how in my example (there's cleaner ways, but this will definitely work), I'm constantly checking if the user is logged in AND if the user is an administrator (actually I'm checking the opposite... logged out OR not administrator, but it's pretty much the same thing logically) and if the check fails, the user is redirected away from the controller.
After reading some tutorials on laravel 5.4 authentication (including the doc),I don't know how to work with it in my file.
I have been able to run the artisan command.. php artisan make:auth. Have seen the the controller, views etc that was created and even have accessed it by going to http://localhost/blogsite/public/register (don't worry about, its on my local disk) but how do I integrate it with with the pages that needs authentication? That I don't know..
Who can put me through how to integrate it with other pages
Many way you can use for this solution.
First Way:
If you load views file from controller just use the following line to your controller.
Suppose my controller name is DashBoardController
public function __construct()
{
$this->middleware('auth');
}
So all of the view you return from DashboardController it will make you auth for you. That means if you return any of view from this controller you must need to log in.
So you need to put this constructor function to all of your Controller from where you return view and need to authenticate the user.
To avoid this constructor funtion to all controller you can use the following
Way using route:
Route::group(['middleware' => 'auth'], function () {
Route::Your_Request_Method('your_url1', 'YourController1');
Route::Your_Request_Method('your_url2', 'YourController2');
});
You can get more way at laravel authentication documentation
Hope you will understand.
I am using the Laravel 5.2 Auth system coming up with this command :
php artisan make:auth
Although this works totally fine as is, my goal is to use an external API to perform login, registering and changing password while still being able to use the core function of the Auth class.
So taking the login for example, I want to use something like
function login(ApiController $api) {
// This function return data or error code and message in JSON
$login = $api->login([ $credentials['email'], $credentials['password']]);
if($login->success)
// login successfully like normal Auth would do
else
// redirect to main page with $login->message
}
By the way, I want to pass fields coming up from $login to the Auth class, like we can actually do Auth::user()->email giving us the email, I'd want to set value like "database field" but with my API JSON fields behind
I looked on the Internet and found something to do inside AuthController and something related to ServiceProvider, but I don't know how to follow my exact needs
Adding a custom user provider would help in this case. There is no need to play with AuthController here. Check this Laravel Docs page.
You will need to create a new User Provider which implements Illuminate\Contracts\Auth\UserProvider, specify it in AuthServiceProvider and update your auth config file accordingly.
Here are the links to the framework's default User Providers for reference :
1) DatabaseUserProvider
2) EloquentUserProvider
I ended up coding my own Auth system...
Using session() and Input()
I implemented phpCAS as a Service Provider in my app that is running Laravel 5.1. Every single page in my app needs to be authorized so I created a Helper function that authenticates with phpCAS on my main app.blade.php file. The Helper function authenticates and then retrieves user information from my database so I can get user properties (id, fullName, etc.)
Here is the helper function:
public static function full_authenticate() {
Cas::authenticate();
$username = Cas::getCurrentUser();
$userinfo = Users::where('username', '=', $username)->first();
return $userinfo;
if (!is_null($userinfo)) {
return "ERROR." //THIS DOES NOT WORK
} else {
return View::share('userinfo', $userinfo);
}
}
This is how it's used in app.blade.php (as an example)
{{ Helpers::full_authenticate()->fullname }}
The authentication works perfectly and if you are in the Users model, it will load up your information no problem. The issue I am having is when you authenticate successfully in CAS, but are not in the Users table, I want to be able to throw a 403 error or redirect to another view or just say some sort of message, but no matter what I put in the "return" section, it doesn't work. I think it has something to do with my helper function running behind a controller, but I have no idea.
Also looked into integrating CAS into middleware, but not sure how to pursue that.
Any ideas would be awesome! Thanks in advance!