Support the ongoing development of Laravel.io →
evermore88
posted 9 years ago
Authentication Security Input
Last updated 2 years ago.
0
evermore88
replied 9 years ago

So i realized that when attempting to add extra parameter requirement to check if user is active or not I had to do

attempt then logout if account was not active

the auth::attempt doesn't provide isactive check......

so to get it working i added the comment and code below

<?php namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Auth\Registrar;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request;
class AuthController extends Controller {

	/*
	|--------------------------------------------------------------------------
	| Registration & Login Controller
	|--------------------------------------------------------------------------
	|
	| This controller handles the registration of new users, as well as the
	| authentication of existing users. By default, this controller uses
	| a simple trait to add these behaviors. Why don't you explore it?
	|
	*/

	use AuthenticatesAndRegistersUsers;

	/**
	 * Create a new authentication controller instance.
	 *
	 * @param  \Illuminate\Contracts\Auth\Guard  $auth
	 * @param  \Illuminate\Contracts\Auth\Registrar  $registrar
	 * @return void
	 */
	public function __construct(Guard $auth, Registrar $registrar)
	{
		$this->auth = $auth;
		$this->registrar = $registrar;

		$this->middleware('guest', ['except' => 'getLogout']);
	}
	
	public function postLogin(Request $request)
	{
		$this->validate($request, [
			'email' => 'required', 'password' => 'required',
		]);

		$credentials = $request->only('email', 'password');

		if ($this->auth->attempt($credentials, $request->has('remember') ) )
		{
			 
			if($this->auth->User()->active == 1)
			{
				return redirect()->intended($this->redirectPath());
			}
			else
			{
				//have to log out since our data is cached and we're already logged in but we find the account is inactive !
				$this->auth->logout();
				//now we are logged out, we can redirect with message we want, if we did not log out the middleware recognize us as NON GUEST account !
				return redirect('/auth/login')->withInput($request->only('email'))->withErrors(['email' => 'Your Account is not active',]); 
			}
			
			
		}



		return redirect('/auth/login')
					->withInput($request->only('email'))
					->withErrors([
						'email' => 'These credentials do not match our records.',
					]); 
	}
	
}

you see here we log in first, then check isactive then we log out if it's non active and redirect

if you redirect before logging out the middleware catches you and redirects you to home page because 'isActive' is not part of the rules when authenticating in the auth::attempt

=\

0
carlosaugustogv7
replied 9 years ago

Hi! Try this...

if($this->auth->user()->active == 1)
	{
		return redirect()->intended($this->redirectPath());
	}
	else
	{
		$this->auth->logout();

		return redirect('auth/login')
			->withErrors([
				'active' => 'User no active.',
			]);;
	}
Last updated 9 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

evermore88 evermore88 Joined 2 Feb 2015

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
BairesDev
Dotcom-monitor
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise