Oct
22
2019
  • As an aspiring web artisan developing on Laravel, the responsibility for knowing how authentication works the framework. 

Authentication Within the Laravel Request Lifecycle

    • After your application has been bootstrapped and before a given request hits your controller logic, every Laravel request goes through a middleware pipeline. Though you’ve probably encountered middleware in your applications. 
    • Probably when takeoff for the launch of your application, and you have a good idea of how the Laravel request lifecycle works. Your request goes through various middleware checkpoints, some of which transform the request and some of which can reject the request entirely
    • Authentication is one of the latter group — it’s middleware that can, and does, reject requests that don’t match the criterion that you’ve defined for your application.
    • By default, this middleware is defined within your app\Http\Kernel.php file, which points to the Laravel middleware at Illuminate\Auth\Middleware\Authenticate
    • From here, as you might know already, you can assign the authentication middleware to any route in your application.
    • By default, Laravel development includes an App\User Eloquent model in your app directory. This model may be used with the default Eloquent authentication driver. If your application is not using Eloquent, you may use the database authentication driver which uses the Laravel query builder.
    • Laravel ships with several pre-built authentication controllers, which are located in the App\Http\Controllers\Auth namespace.
    • Laravel provides a quick way to scaffold all of the routes and views you need for authentication using one simple command: 
php artisan make:auth 
  • php artisan make:auth command will create all of the views you need for authentication and place them in the resources/views/auth directory.
  • The make:auth command will also create a resources/views/layouts directory containing a base layout for your application. All of these views use the Bootstrap CSS framework

Retrieving The Authenticated User 

  • You may access the authenticated user via the Auth facade:
    
    use Illuminate\Support\Facades\Auth; 
    // Get the currently authenticated user... 
    $user = Auth::user(); 
    
    

Alternatively, once a user is authenticated, you may access the authenticated user via an Illuminate\Http\Request instance. Remember, type-hinted classes will automatically be injected into your controller methods.

Route middleware can be used to only allow authenticated users to access a given route. Laravel ships with an auth middleware, which is defined at Illuminate\Auth\Middleware\Authenticate. Since this middleware is already registered in your HTTP kernel, all you need to do is attach the middleware to a route definition:


Route::get('profile', function () { // Only authenticated users may enter... })->middleware('auth'); 

  • If you are using controllers, you may call the middleware method from the controller’s constructor instead of attaching it in the route definition directly:
    public function __construct() { $this->middleware(‘auth’); }

HTTP Basic Authentication

  • HTTP Basic Authentication provides a quick way to authenticate users of your application without setting up a dedicated “login” page. To get started, attach the auth.basic middleware to your route. The auth.basic middleware is included with the Laravel framework, so you do not need to define it:

Route::get('profile', function () { // Only authenticated users may enter... })->middleware('auth.basic');  

  • You may also use HTTP Basic Authentication without setting a user identifier cookie in the session, which is particularly useful for API authentication. To do so, define a middleware that calls the onceBasic method. If no response is returned by the onceBasic method, the request may be passed further into the application:


namespace App\Http\Middleware; 
use Illuminate\Support\Facades\Auth; 
class AuthenticateOnceWithBasicAuth { 
/** 
* Handle an incoming request. 
* 
* @param \Illuminate\Http\Request $request 
* @param \Closure $next 
* @return mixed 
*/ 
public function handle($request, $next) 
{ 
return Auth::onceBasic() ?: $next($request); 
} 
 
} 

  • You may define your own authentication guards using the extend method on the Authfacade. You should place this call to extend within a service provider. Since Laravel already ships with an AuthServiceProvider.