Preface
Since Laravel 5.2, the built-in Auth authentication system can support multiple role authentication. That is to say, if you have two roles: administrator or ordinary user, you can use the same Auth system to authenticate.
This article will introduce to you in detail the relevant content about Laravel multi-user authentication system, and share it for your reference and learning. I won’t say much below, let’s take a look at the detailed introduction together.
#1 Automatically generate code
Laravel's own Auth can generate relevant authentication controllers, templates and routes through a single line of commands:
php artisan make:auth
This will generate an AuthController authentication controller and a HomeController general controller. This controller is useless, it will jump after login successfully; there are some template files required for login registration, you can see it in the resource/view; and the relevant authentication route will be generated in the routing file, and the source code is\Illuminate\Routing\Router::auth(); , in fact, it is configured for login registration:
public function auth() {
// Authentication Routes...
$this->get('login', 'Auth\AuthController@showLoginForm');
$this->post('login', 'Auth\AuthController@login');
$this->get('logout', 'Auth\AuthController@logout');
// Registration Routes...
$this->get('register', 'Auth\AuthController@showRegistrationForm');
$this->post('register', 'Auth\AuthController@register');
// Password Reset Routes...
$this->get('password/reset/{token?}', 'Auth\PasswordController@showResetForm');
$this->post('password/email', 'Auth\PasswordController@sendResetLinkEmail');
$this->post('password/reset', 'Auth\PasswordController@reset');
}
#2 File Configuration
This is a configuration file related to authentication. I guess many people don’t understand some of the concepts in it, such as guard and provider
These documents are basically not written. So what is guard? This can be understood as a character, in guards
Each item in the array is a role, and the default ones are web and API, which means that the current two roles will be used in the authentication system. Of course, these two types of people will definitely not meet our requirements, so we usually customize some guards. Customization is also very simple, which is to add an item to the guards array, where driver means how to save the user status of this authentication, which is generally saved in the session, and provider is an item in the following provider array. So what the hell is provider? This is better understood. If you want to implement user authentication, you must save the user name and password, right? Then the provider tells Laravel to which table your user information is saved, and the driver tells you which method to use to operate the database.
#3 Certification
In fact, the code automatically generated by Laravel can meet the needs of login and registration, but every guard needs an AuthController. So how to publicly use an authentication controller? This is the use of guard, because it can represent the user's identity to perform different logic. However, this guard cannot be obtained in the authentication controller, so we can implement it by routing parameters. Define a routing group:
Route::group(['prefix'=>'{guard}'],function(){ Route::auth();});
In this routing group, we set the prefix to guard parameter, so that the current guard can be obtained in the AuthController. Generally speaking, we get routing parameters through dependency injection Request instance, but there is also a pitfall here that is, before version 5.1, all routing parameters can be passed.
$request->input('key')
This is how to obtain it, but it is no longer possible in 5.2, it must be passed
$request->key
to get it, or to get it directly from the routing instance, I don't know why. Some traits are used in the AuthController controller. These traits implement the logic of authentication and registration. You can customize the logic by rewriting some controller properties. include$redirectTobesides$guardas well as$usernameWait, you can tell at a glance that the first one is to jump after logging in successfully, the second one is to define the guard currently used, and the third one is to use the user name field for authentication. So we can customize it in the authentication controller through the obtained guard.
#4 Routing Protection
Generally, those who do authentication systems need to protect routes, so how to protect routes? The document says to add an auth middleware to the routes that need to be protected. So what is the truth? This is true, but the document does not say that the routes protected by auth middleware must be added with web middleware, web middleware, and web middleware. The important things must be said three times, otherwise what problems will occur? No matter if your authentication is successful or failed, it will jump to / this route, you should pay attention to this big pit! Of course, you can also specify guard in the middleware to let Laravel know which one to authenticate. If not specified, use the default in the configuration file:
Route::get('profile', [ 'middleware' => 'auth:api', 'uses' => 'ProfileController@show']);
#5 Get user instance
After passing the authentication, you can obtain the currently authenticated user instance through the Auth facade.
$user = Auth::user();
Another thing to note here is that the above method obtains the guard in the configuration file by default. If the guard you are currently logged in is not in the configuration file, you must obtain it like this:
$user = Auth::guard('guard')->user();
#6 Summary
In general, the Auth system that comes with Laravel5.2 is still very useful, but there are some small pit documents that are not clearly explained. After using them a few times, you will be very familiar with them, which can save us a lot of development time.
Okay, the above is the entire content of this article. I hope that the content of this article has a certain reference value for everyone's study or work. If you have any questions, you can leave a message to communicate. Thank you for your support.