Detailed examples of Laravel Multi-User Authentication System
Preface
Since Laravel5.2, the built-in Auth authentication system supports multiple role authentication. That is to say, if you have two roles: Administrator and common user, you can use the same Auth System for authentication.
This article will give you a detailed description of Laravel Multi-User Authentication System and share it for your reference. I will not talk much about it below. Let's take a look at the detailed introduction.
#1 automatically generate code
Laravel's self-contained Auth can generate related authentication controllers, templates, and routes using a single line of command:
php artisan make:auth
In this way, an AuthController authentication controller and a General Controller of HomeController will be generated. This controller is useless and jumps after successful logon. Some template files are required for login registration, in the resource/view, you can see it. In addition, the related authentication routing will be generated in the routing file. The source code is in\Illuminate\Routing\Router::auth();
In fact, it is configured with some login registration:
public function auth() { // Authentication Routes... $this->get('login', 'Auth\AuthController@showLoginForm'); $this->post('login', 'Auth\AuthController@login'); $this->get('logout', 'Auth\AuthController@logout'); // Registration Routes... $this->get('register', 'Auth\AuthController@showRegistrationForm'); $this->post('register', 'Auth\AuthController@register'); // Password Reset Routes... $this->get('password/reset/{token?}', 'Auth\PasswordController@showResetForm'); $this->post('password/email', 'Auth\PasswordController@sendResetLinkEmail'); $this->post('password/reset', 'Auth\PasswordController@reset'); }
#2 auth. php file configuration
This is the authentication-related configuration file. It is estimated that many people do not understand the concept, such as guard and provider.
These documents are basically not written. So what exactly is guard? This can be understood as a role.
Each item in the array is a role. The default two types are web and api. This indicates that these two types of roles will be used in the authentication system. Of course, these two types will certainly not meet our requirements, so we generally customize some guard. The customization is also very simple, that is, add an item in the guards array, where the driver indicates how to save the user status for this authentication, which is generally stored in the session, provider is one of the following provider arrays. What is provider? This is a better understanding. To implement user authentication, you must save the user name and password, right? provider is to tell Laravel which table your user information is saved in, the driver tells you how to operate the database.
#3 Authentication
In fact, the code automatically generated by Laravel can meet the login registration requirements, but every guard needs an AuthController. How can we share an authentication controller? Guard is used here, because it can represent the user identity for different logic. However, this guard cannot be obtained in the authentication controller, so we can implement it through routing parameters. Define a route group:
Route::group(['prefix'=>'{guard}'],function(){ Route::auth();});
In this routing group, we set the prefix to The guard parameter so that the current guard can be obtained in AuthController. Generally, we obtain route parameters through the dependency injection Request instance. However, there is also a pitfall where all route parameters can be obtained through
$request->input('key')
In this way, but it is no longer available in 5.2.
$request->key
Or directly from the routing instance. I don't know why. Some trait is used in the AuthController controller. These trait implements the authentication and registration logic. You can rewrite some controller attributes to customize the logic. Including$redirectTo
And$guard
And$username
Wait. The first one is to jump after successful logon, the second is to define the currently used guard, and the third is the username field used for authentication. Therefore, we can use the obtained guard to customize the authentication controller.
#4 route protection
Generally, the authentication system is used to protect routes. How can we protect routes? In this document, add an auth middleware to the route to be protected. What is the truth? This is true, but the document does not mention that web middleware, web middleware, and web middleware must be added to routes protected by auth middleware, I want to talk about important things three times. Otherwise, what problems will happen? Whether your authentication succeeds or fails, the route will jump to/. Pay attention to this challenge! Of course, you can also specify guard in the middleware to let Laravel know through which to authenticate. If it is not specified, the default setting in the configuration file is used:
Route::get('profile', [ 'middleware' => 'auth:api', 'uses' => 'ProfileController@show']);
#5 obtain user instances
After passing the authentication, you can obtain the authenticated user instance through the Auth facade.
$user = Auth::user();
Note that the above method obtains the guard in the configuration file by default. If the guard you are currently logged on to is not in the configuration file, you must obtain it like this:
$user = Auth::guard('guard')->user();
#6 Summary
In general, the Auth system provided by Laravel5.2 is still very useful, but some small-hole documents are not clear. After several times, you will be familiar with it, it can save us a lot of development time.
Well, the above is all the content of this article. I hope the content of this article has some reference and learning value for everyone's learning or work. If you have any questions, please leave a message to us, thank you for your support.