Laravel multi-user authentication system since Laravel5.2, the self-built Auth authentication system can support multiple role authentication. That is to say, if you have two roles: administrator and common user, you can use the same Auth system for authentication.
#1 automatically generate codeLaravel's self-contained Auth can generate related authentication controllers, templates, and routes using a single line of command:
php artisan make:auth
In this way, an AuthController authentication controller and a general controller of HomeController will be generated. This controller is useless and jumps after successful logon. some template files are required for login registration, in the resource/view, you can see it. In addition, related authentication routes will be generated in the Routing file. the Source Code is \ Illuminate \ Routing \ Router: auth ();, in fact, it is configured with some login registration:
public function auth() { // Authentication Routes... $this->get('login', 'Auth\AuthController@showLoginForm'); $this->post('login', 'Auth\AuthController@login'); $this->get('logout', 'Auth\AuthController@logout'); // Registration Routes... $this->get('register', 'Auth\AuthController@showRegistrationForm'); $this->post('register', 'Auth\AuthController@register'); // Password Reset Routes... $this->get('password/reset/{token?}', 'Auth\PasswordController@showResetForm'); $this->post('password/email', 'Auth\PasswordController@sendResetLinkEmail'); $this->post('password/reset', 'Auth\PasswordController@reset'); }
#2 auth. php file configurationThis is the authentication-related configuration file. it is estimated that many people do not understand some of the concepts, such as guard and provider, and the document is basically not written. So what exactly is guard? This can be understood as a role. each item in the guards array is a role. the default options are web and api, this indicates that these two roles will use the authentication system. Of course, these two types will certainly not meet our requirements, so we generally customize some guard. The customization is also very simple, that is, add an item in the guards array, where the driver indicates how to save the user status for this authentication, which is generally stored in the session, provider is one of the following provider arrays. what is provider? This is a better understanding. to implement user authentication, you must save the user name and password, right? provider is to tell Laravel which table your user information is saved in, the driver tells you how to operate the database.
#3 authenticationIn fact, the code automatically generated by Laravel can meet the login registration requirements, but every guard needs an AuthController. how can we share an authentication controller? Guard is used here, because it can represent the user identity for different logic. However, this guard cannot be obtained in the authentication controller, so we can implement it through routing parameters. Define a route Group:
Route::group(['prefix'=>'{guard}'],function(){ Route::auth();});
In this routing group, we set the prefix to the guard parameter so that the current guard can be obtained in AuthController. Generally, we obtain route parameters through the dependency injection Request instance. However, there is also a pitfall where all route parameters can be obtained through
$request->input('key')
In this way, but it is no longer available in 5.2.
$request->key
Or directly from the routing instance. I don't know why. Some trait is used in the AuthController controller. these trait implements the authentication and registration logic. you can rewrite some Controller attributes to customize the logic. Including $ redirectTo, $ guard, and $ username. The first one is to jump after successful logon, and the second one is to define the currently used guard, the third is the username field used for authentication. Therefore, we can use the obtained guard to customize the authentication controller.
#4 route protectionGenerally, the authentication system is used to protect routes. how can we protect routes? In this document, add an auth middleware to the route to be protected. what is the truth? This is true, but the document does not mention that routing is protected by auth middleware.Web middleware must be added,Web middleware must be added,Web middleware must be addedThe important thing should be said three times. Otherwise what will happen? Whether your authentication succeeds or fails, the route will jump to/. pay attention to this challenge! Of course, you can also specify guard in the middleware to let Laravel know through which to authenticate. if it is not specified, the default setting in the configuration file is used:
Route::get('profile', [ 'middleware' => 'auth:api', 'uses' => 'ProfileController@show']);
#5 obtain user instancesAfter passing the authentication, you can obtain the authenticated user instance through the Auth facade.
$user = Auth::user();
Note that the above method obtains the guard in the configuration file by default. if the guard you are currently logged on to is not in the configuration file, you must obtain it like this:
$user = Auth::guard('guard')->user();
#6 summaryIn general, the Auth system provided by Laravel5.2 is still very useful, but some small-hole documents are not clear. after several times, you will be familiar with it, it can save us a lot of development time.