Back

Custom Authentication


I have read through the laravel docs on Authentication, and I am trying to find a clear answer on how you can change the lookup type and what table it looks at for authentication. The authentication I am using on my application (since its not a secure app, and can be done this way), is just a simple username and 4 digit pin provided via the auth login form.

Is there a clear way to make this change to the default Auth controller that is provided from laravel, including what fields the auth table should have, as well as what the auth table should be called?

YNG replied 1 week ago

Hi, you can write your own controller for authenticate users, but before read this

  • https://laravel.com/docs/5.8/authentication#authentication-quickstart
  • https://laravel.com/docs/5.8/authentication#authenticating-users

seems like this

SomeController(SomeControllerRequest $request) {
  $validated = $request->validated();
  
  if (!Auth::attempt($validated)) { //if user don't authorized, then redirect to home
     return redirect('/home');
  } else {
     return redirect('/profile'); //if user authorized, then redirect to profile
  }
}

If you wanna change table, then check auth.php file in config folder

   'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],

By default, Laravel uses the email field for authentication. If you would like to customize this, you may define a username method on your LoginController:

public function username()
{
    return 'username';
}
Ex0r replied 1 week ago

@YNG Thank you for your reply. I have read that documentation, but am still not understanding how custom tables and validations are made. The credentials I am checking are not a conventional username and password, but are instead a 'username' (with a different column name), and a four digit pin number.

Would changing the type of password to check again be the same as the username?

public function password() {
    return 'pin';
}

Also, I never found out of it's possible to use different auth guards and providers at the same time on a single application. The way my application is being built, I have three sections to it. One requires a username/password (the administrative side), and the other two sections (mdt and ems) both require a name + pin to login, but only one credential for each section. Would it be possible for the auth system to be built so one person could use all three logins at the same time on the site and access all three sections at once?

YNG replied 1 week ago

At the user model add this:

/**
 * Get the password for the user.
 *
 * @return string
 */
public function getAuthPassword()
{
    return $this->someColumnInDatabaseWhereYouStorePassword;
}

For use custom guards you need this: https://laravel.com/docs/5.8/authentication#adding-custom-guards

For authentication in laravel is responsible Auth facade, and in auth.php file you set model what used for it. By default used User model, you can see what this not typical model, they extends Illuminate\Foundation\Auth\User class

Ex0r replied 1 week ago

@YNG Yep, I figured the first part. The second part though, the custom guards, is that in response to being able to indicate which user can access which part of the site? I am thinking it may be easier to just make one authentication type and set a 'access' on a user in the table, and use like Auth::hasaccess('access-type') to see if they can access the route group or not.

Taftse replied 1 week ago

@Ex0r you are talking about two different things

1 Authentication and 2 Authorisation

the first part can be done by creating your own user provider that extends the original user provider and just overrides the retrieveByCredentials(array $credentials); and validateCredentials(Authenticatable $user, array $credentials); functions

the second part can be solved by using laravels built in authorisation system also known as gates or if you want something fancier/advanced then you can have a look at https://github.com/spatie/laravel-permission

Hope this helps you along the way

Ex0r replied 5 days ago

So what I decided to do is share the same table for all types and just use a column 'type' at the authorization level, like

if (Auth::user()->access == 1)

When using php artisan make:auth it made all of the views, but didn't make the model or the controller. In attempting to try creating it manually, nothing is linked together now so I'm left with a broken Auth system. How can I fix it? I tried deleting all of the scaffolding and anything that said Auth, Login, or User inside of the app/ folder, then re-running the make:auth command but it just keeps recreating the views and nothing else.


Sign in to participate in this thread!



We'd like to thank these amazing companies for supporting us