Laravel's auth class requires a database in order for it to be used right?
Does that consider database coming from the server having their own authentication process ?
Cause I want to use Laravel's Auth class methods where I can distinguish if the user is logged in or not so that I can prevent them(who have logged out) from clicking the back button.
Laravel 4 by default support two authentication driver, 'Eloquent' and 'Database', refer to the file you have in your app\config\auth.php, this is set to Eloquent by default.
The Eloquent ORM itself by default tied to a table in your database, though I have seen it creating tables by itself when no tables are found (maybe someone else can clarify this).
If you are not using the Auth::attempt() then it is of best practice to call the Auth::login() or Auth::loginUsingId() in your application. However this depends on how far you want to use your own authentication method (or how much you want to use the bundled authentication, for that matter).
Related
I have recently started using laravel 5.2. I don't understand what's the use of guards. As I see everything that can be done with guard can easily be replaced with lot more readable middleware. Am I missing anything ?
Guard will let you to have multi authentication in your app and you we have diffrent provider even drivers(such as doctrine or eloquent). for example, you can have login with user model and an admin model in one application at the same time.
You may specify which guard instance you would like to utilize using the guard method on the Auth facade. This allows you to manage authentication for separate parts of your application using entirely separate authenticatable models or user tables.
The guard name passed to the guard method should correspond to one of the guards configured in your auth.php configuration file:
if (Auth::guard('admin')->attempt($credentials)) {
//
}
Know more about Illuminate/Contracts/Auth/Guard
I'm looking at implementing two-factor authentication for one of my projects. I've seen: https://github.com/bitbeans/Yubikey
https://github.com/antonioribeiro/google2fa
https://github.com/lahaxearnaud/laravel-u2f
And I want to leave the choice up to my users, on which and how many methods of authentication will be required. As such I know I'm looking at coding something special to achieve this but I'm not sure where to start.
My goal is to enable users to not use any additional authentication methods or allow them to use all additional authentication methods available. Ideally the login form would only require username/password; upon entering correct credentials the user would be directed to a new page for every authentication method the user has chosen to use.
laravel-u2f uses middleware; which I'm not against doing, but seems like too much extra logic to process for every request instead of just when logging the user in.
I've thought about replacing the default Auth driver but I'm not sure that's the best thing to do.
My final thought; and what I'm leaning towards is listening for the "auth.attempt" event and using that to check what additional authentication needs to be done. But I'm not sure how the best way to process getting additional authentication information from that.
So the reason I'm posting is looking for input on the best way to achieve what I'm looking for.
You could place a value e.g. full_authenticated
Session::put('full_authenticated', 'false');
and use it in the existing authentication middleware.
This way you cut the logic in the middleware section to one comparison.
If you want to add later more methods for authentication you should implement an interface/contract for a general authentication method.
Then you write a authentication manager class which sets full_authenticated in the session and handles the different methods for the different users.
I have used this tutorial for creating my user login in Laravel: Laravel Authentication Essentials. So I have a SessionController that contains the methods create, store and destroy, for showing the form, logging in and out respectively.
But there is no model in this tutorial, the validation and Auth::attempt is in the controller. And that doesn't feel right. I can not create a Session model, since the Session class already exists.
Should I put the login/out logic in the User model, or is there another way to do this that complies with the MVC architectural pattern?
First, remember (or know) that you can change everything in Laravel. If you need a Session model using a sessions table, go to app/config/session.php and change the Laravel sessions table to laravel_sessions:
'table' => 'laravel_sessions',
People are doing things differently these days, methods are improving on a daily basis and the way you do your code must be confortable to you. If you feel it is not right the way you are seeing people doing it, change it, Laravel give you the power to change and do things your way. And if you feel you just found a better way of doing it, share it.
This is a 2013 video and today Jeffrey is doing authentication in a completly different way. Sign up for a Laracasts account and take the full Build a Larabook video series to see how he's doing it now.
There's no Session model in this tutorial because he's not storing sessions (successful logins) in a sessions table.
In the tutorial he never touches the User model, so there is no login in the user model. The only thing he's using to do authentication is Auth::attempt(), a Laravel facade method which uses internally the user model (M), to find a user and check if the password matches. He's working with a Session controller (C) and everything related to login (or sign in) and showing login views (V) is done inside that particular controller.
If it is easier to you, you can rename SessionsController to LoginController, I, myself, don't really like the Sessions name for login, but that's a matter of taste not code correctness.
That being said I don't see an MVC (or whatever name people like to call it this week) problem in that video.
EDIT Answering the comment:
The purpose of the model is towards data, no data, no model. In the context of Laravel and a database management system, yes, no table, no model. In the context, for instance, of a client-server API, your server API (Laravel, Rails...) will provide data for your client model (Angular, EmberJS...), so, there will be no table directly related to the client model, but still a model.
But in that particular case you are accessing a model, the user model, via a service, the Authentication service.
I am just about three days old in laravel, yesterday I tried creating an authentications system using eloquent, so without looking I deleted the default User model, and then I tried creating my own from what I had read from the documentation. After setting up every thing as I had studied and understood, I tried running my app, but whenever I enter the correct username and password I get this error
Argument 1 passed to Illuminate\Auth\EloquentUserProvider::validateCredentials()
must be an instance of Illuminate\Auth\UserInterface, instance of User given, called in dir
I did not know what the EloquentUserProvider was or where it was even coming from. My original model looked like this
class User extends Eloquent {}
I battled with this error for the whole day (no exaggeration), But today I found out from this SO Can't authenticate user in laravel that it was because I had not implemented some interface, so they linked me to https://github.com/laravel/laravel/blob/master/app/models/User.php where I copied the default model I initially deleted.
I used the documentation almost through out my learning process, and no where in the documention for authentication and for eloquent did they mention that we are suppose to implement these interface for us to be able to use Auth::attempt() method, my question now is how then do we (newbies) know what to implement and what not to implement, or what any of these interfaces even do.
This is simple. It's a laravel's requirement. The User model is generated by default for you. If you do not need to implement the interface's methods, just add them empty in your User class.
And of course, in your case, what to extend or implement will be shown as errors on startup. Reading them carefully can give you all the asnwers.
Also, if you want to use different User Authentication features, or extend the existing ones, you can look some info here in the docs
This may be simple but I just want to clarify something does the Auth class in Laravel requires a database to work? Cause I've been practicing user authentication without the database, just a simple string comparison .. thanks :)
Yes, Laravel 4 Auth requires the use of a database.
There are two Auth drivers, one is called database and the other one, which is default, is called eloquent which also makes use of your database using Laravel's very own ORM layer.