-
Notifications
You must be signed in to change notification settings - Fork 1
Authentication Documentation.
Micro framework's authentication facilities are made up of "guards". Guards define how users are authenticated for each request. For example, framework ships with a session guard which maintains state using session storage.
Your application's authentication configuration file is located at config/auth.php:
return [
/**
* Set Default authentication guards.
*/
'defaults' => 'web',
/**
* Define multiple guards.
*/
'guards' => [
'web' => [
'provider' => 'users',
'model' => App\Models\Users::class,
],
// Custom guard.
'editor' => [
'provider' => 'editors',
'model' => App\Models\Editors::class,
],
],
];The framework gives you a method called "attempt". With the help of which you can login very easily.
The attempt method is normally used to handle authentication attempts from your application's "login" form.
/**
* Handle an authentication attempt.
*/
public function store(Request $request) {
$validator = new Validator();
$validation = $validator->validate($request->only('email', 'password'), [
'email' => 'required|email',
'password' => 'required|min:6',
]);
if ($validation->fails()) {
$errors = $validation->errors();
return back()->withError($errors);
} else {
$validatedData = $validation->getValidatedData();
(new AuthAttempt())->attempt($validatedData);
}
}The attempt method accepts an array of key / value pairs as its first argument. The values in the array will be used to find the user in your database table. So, in the example above, the user will be retrieved by the value of the email column. If the user is found, the hashed password stored in the database will be compared with the password value passed to the method via the array. You should not hash the incoming request's password value, since the framework will automatically hash the value before comparing it to the hashed password in the database. An authenticated session will be started for the user if the two hashed passwords match.
Remember, Micro framework's authentication services will retrieve users from your database based on your authentication guard's configuration.
The default config/auth.php configuration file instructs the app to use the app\Models\Users model when retrieving users.
You may change these values within your configuration file based on the needs of your application.
If authentication is successful it will redirect to '/login' route. Otherwise, false is returned. By default '/login' route will be given. You can change the redirect link if you want.
(new AuthAttempt())->attempt($validatedData, '\your-route');If needed, you may specify an authentication guard before calling the login method.
(new AuthAttempt())->guard('editor')->attempt($validatedData, '\editors\login');To manually log users out of your application, you may use the destroy method provided by the Auth facade. This will remove the authentication information from the user's session so that subsequent requests are not authenticated.
If logout is successful it will redirect to '/login' route. Otherwise. By default '/login' route will be given. You can change the redirect link if you want.
public function destroy() {
(new AuthAttempt())->destroy();
}For multiple guards:
public function destroy() {
(new AuthAttempt())->guard('editor')->destroy('\editors\login');
}