Is laravel's Auth class a bit questionable?

Source: Internet
Author: User
& Amp; lt ;? PhpnamespaceAppHttpControllers; useAuth; {code...} How does it verify the Auth facade? There is no database query, and no code is available ..

Use Auth;

use Illuminate\Routing\Controller;class AuthController extends Controller {    /**     * Handle an authentication attempt.     *     * @return Response     */    public function authenticate()    {        if (Auth::attempt(['email' => $email, 'password' => $password]))        {            return redirect()->intended('dashboard');        }    }}

How is the Auth facade verified? There is no database query, and no code is available ..

Reply content:

Use Auth;

use Illuminate\Routing\Controller;class AuthController extends Controller {    /**     * Handle an authentication attempt.     *     * @return Response     */    public function authenticate()    {        if (Auth::attempt(['email' => $email, 'password' => $password]))        {            return redirect()->intended('dashboard');        }    }}

How is the Auth facade verified? There is no database query, and no code is available ..

The Auth class isclass_aliasThe function is renamed.Illuminate\Support\Facades\Auth.

Not very encouraging@ Granton: reading through laravel ide helper is not conducive to learning (Of course, this is a skill, but it is not suitable for newcomers who are learning, but for quick Source locating in project development.Because I did it ).

To continue, if you really want to understand the problems similar to those in the entire framework, you just need to follow the framework, not only to learn fast, but also to discover some new world. Here, we only mention the content mentioned in the document: service provider, service container, and facade mode.

Facade refers to the Facade mode. at the beginning, I mentioned the source of Auth, which is a Facade. check the source code. if you are willing to see it, actually, a method returns a text string. I suggest you read the document aboutService providerWhich is the core of the framework function.Service containerRegister an AuthManager supplier. when calling Facade, Facade automatically parses the strings returned by the method to generate an AuthManager instance (strictly speaking, AuthManager is a singleton, it can be queried through its registered Provider ). AuthManager provides all the features of the Auth Facade, including automatic (based on configuration) driver selection, provided by the driver to you such as attempt, login, check methods.

If you carefully read the documentation of any function, especially the components of laravel itself, you will find that they support expansion. the extension method also uses service containers, which is the core of the framework. It is very easy to expand the method you mentioned and change the encryption method.

Read more documents.


As long as you understand the operating mechanism of this framework, it is easy to understand. In fact, it is not complicated. it is roughly as follows (ignore is not very important details. for details, refer to the source code ):

  1. CreateIlluminate\Foundation\ApplicationInstance;

  2. (For Web applications) create Http core instancesApp\Http\Kernel--->Illuminate\Foundation\Http\Kernel,The arrow indicates the inheritance relationship.;

  3. Register the service provider and perform the registration, Authentication component (Illuminate\Auth\AuthManager) Is inIlluminate\Auth\AuthServiceProvider;

  4. Subsequent service initiation, such as middleware loading, route distribution, and response processing, has now completed the process.

AService Provider)That isIlluminate\Auth\AuthServiceProvider, You can see in the project configurationconfig/app.phpIs registered, which has a focus:

protected function registerAuthenticator(){    $this->app->singleton('auth', function ($app) {        $app['auth.loaded'] = true;        return new AuthManager($app);    });    $this->app->singleton('auth.driver', function ($app) {        return $app['auth']->guard();    });}

You can see thatauthIsIlluminate\Auth\AuthManagerObject.\AuthThe methods and functions of class access are provided by them, while\AuthClass isclass_aliasThe renamed class actually accesses\AuthAccessIlluminate\Support\Facades\Auth,Illuminate\Support\Facades\AuthIt is the inheritance of a Facade and provides a method to view the source code:

class Auth extends Facade{    /**     * Get the registered name of the component.     *     * @return string     */    protected static function getFacadeAccessor()    {        return 'auth';    }}

Note thatreturn 'auth';No. the returned value isService Provider. Why can a Facade class have a method that directs to an object? Actually, the magic method is used.__callStatic, You can viewIlluminate\Support\Facades\FacadeSource code. This document also mentioned.

You can checkAuthManagerNo executable methods were found, becauseAuthManagerThere are also a series of drivers, which make the Auth component highly customizable. the document focuses on this part. The Driver consists of two categories, which are implemented respectively.Illuminate\Contracts\Auth\UserProviderInterfaces andIlluminate\Contracts\Auth\AuthenticatableAn instance of the interface class. The latter is an interface used to provide the authentication component to obtain authentication object information, such as the method to obtain accounts and passwords. The former is your concern, especiallyretrieveByCredentialsAndvalidateCredentialsThese two interface methods,retrieveByCredentialsUsed to obtain the user instance based on the creden passed in by attempt,validateCredentialsThis method is applicable to verifying whether creden are valid (if you want to change the password authentication method, you can use this method ).

This document describes how to expand and customize the Auth component ~~~ Read more documents. this problem is solved by reading the documents. It's not just a simple look. when it comes to anything, you know where to find the document, which means you actually read the document. All the documents I mentioned above have been written...


If you use ide-helper, you can_ide_helper.phpSee this code

class Auth extends \Illuminate\Support\Facades\Auth{    // ...}


/** * Attempt to authenticate a user using the given credentials. * * @param array $credentials * @param bool $remember * @param bool $login * @return bool  * @static  */public static function attempt($credentials = array(), $remember = false, $login = true){    return \Illuminate\Auth\SessionGuard::attempt($credentials, $remember, $login);}

That is to say, thisattemptThe method is called\Illuminate\Auth\SessionGuard::attempt($credentials, $remember, $login)Method.

The specific login verification logic is in it.

Configure the data model in auth. php in config and specify the model for data query and matching.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.