Home> PHP Framework> Laravel> body text

Share 9 tips related to Laravel Auth scaffolding

藏色散人
Release: 2020-08-27 13:47:00
forward
2997 people have browsed it

The following is theShare 9 tips related to Laravel Auth scaffoldingtutorial column to share with you 9 tips related to Share 9 tips related to Laravel Auth scaffolding Auth scaffolding, I hope it will be helpful to friends in need!

Share 9 tips related to Laravel Auth scaffolding

#Share 9 tips related to Laravel Auth scaffolding has a great ready-made user authentication system, of course we also need to customize some configurations in some places. For some custom configurations, we don't need to find an extension pack or write a lot of code. Let’s take a look at the interesting features hidden behind this authentication system.

Tip 1. Auth::routes() parameters

We should all know the methodAuth::routes()comes fromShare 9 tips related to Laravel Auth scaffolding UI package(Before Share 9 tips related to Laravel Auth scaffolding 7, it was included in the kernel).

But did you know it can accept an array to enable/disable specific authentication routes?

For Share 9 tips related to Laravel Auth scaffolding 7, here are the available parameters and their default values:

Auth::routes([ 'login' => true, 'logout' => true, 'register' => true, 'reset' => true, // 用于重置密码 'confirm' => false, // 用于额外的密码确认 'verify' => false, // 用于邮箱认证 ]);
Copy after login

These parameters only enable or disable certain routes.

To understand how they work, you can check out the documentationAuthRouteMethods in Share 9 tips related to Laravel Auth scaffolding UI:

return function ($options = []) { // 登录路由... if ($options['login'] ?? true) { $this->get('login', 'Auth\LoginController@showLoginForm')->name('login'); $this->post('login', 'Auth\LoginController@login'); } // 登出路由... if ($options['logout'] ?? true) { $this->post('logout', 'Auth\LoginController@logout')->name('logout'); } // 注册路由... if ($options['register'] ?? true) { $this->get('register', 'Auth\RegisterController@showRegistrationForm')->name('register'); $this->post('register', 'Auth\RegisterController@register'); } // 密码重设路由... if ($options['reset'] ?? true) { $this->resetPassword(); } // 密码确认路由... if ($options['confirm'] ?? class_exists($this->prependGroupNamespace('Auth\ConfirmPasswordController'))) { $this->confirmPassword(); } // 邮箱验证路由... if ($options['verify'] ?? false) { $this->emailVerification(); } };
Copy after login

Tip 2. Share 9 tips related to Laravel Auth scaffolding UI: Generate Controllers Only

The official documentation specifies the main ways to use Share 9 tips related to Laravel Auth scaffolding UI:

php artisan ui vue --auth
Copy after login

But what if you don't need a visual UI? What if you create an API-only project without any frontend in the framework?

You can still use Share 9 tips related to Laravel Auth scaffolding Auth and its controllers. Install Share 9 tips related to Laravel Auth scaffolding UI and run the following command:

php artisan ui:controllers
Copy after login

It will only generateapp/Http/Controllers/Auth, so you don't need Blade or Vue files to use them.

See the implementation of this Artisan command in theGithub repository.


Tip 3. Reauthenticate passwords for sensitive operations

Have you ever maintained a Github repository and tried to change its access settings? Github then asks you to enter your password again to make sure it's really you.

Starting from Share 9 tips related to Laravel Auth scaffolding 6.2, this feature is also integrated in the framework.

Share 9 tips related to Laravel Auth scaffolding

You only need to add a middleware calledpassword.confirmto the route you want to protect.

Route::get('/secrets', 'SecretsController@show')->middleware('password.confirm');
Copy after login

Dries VintsQuoted from the officialfeature release article:

If you try to access this route, you will be prompted to confirm your password, and Same as seen on other applications like GitHub.

After confirming the password, a timestamp is stored in the user session by default. The timestamp lasts for3 hours, so the user does not have to enter their password again during this time.

You can customize this duration using thepassword_timeoutconfiguration option in theauthconfiguration file.


Tip 4. Sign out of other devices

As of Share 9 tips related to Laravel Auth scaffolding 5.6, we provide a separate method to automatically sign out of any other device logged in with our account or Browser:

Auth::logoutOtherDevices($password);
Copy after login

Typical usage is to log out of other devices after successfully logging in to the current device. To do this, we override methodauthenticated()from TraitAuthenticatesUsers.phpand put it intoapp/Http/Controllers/Auth/LoginController.php中:

protected function authenticated(Request $request, $user) { \Auth::logoutOtherDevices(request('password')); }
Copy after login

Also, don’t forget to activate the middlewareAuthenticateSessionin theapp/Http/Kernel.phpfile, which is commented out by default :

protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ],
Copy after login

Redirect after login/registration: Custom logic

By default, Share 9 tips related to Laravel Auth scaffolding's LoginController and RegisterController have the same properties:

class RegisterController extends Controller { protected $redirectTo = RouteServiceProvider::HOME;
Copy after login

So , you can specify the URL to redirect to after successful login/registration. The default value is inapp/Providers/RouteServiceProvider.php:

class RouteServiceProvider extends ServiceProvider { public const HOME = '/home';
Copy after login

How to customize it?

First, you can specify other values for the$redirectToproperties of the login and registration controllers respectively.

But what if you have more complexdynamicredirection logic that needs to be judged based on user role, for example?

您可以在身份验证控制器中创建一个redirectTo()方法,然后在其中指定条件。该方法将覆盖$ redirectTo属性的任何值。

参见示例:

class RegisterController extends Controller { protected $redirectTo = RouteServiceProvider::HOME; protected function redirectTo() { if (auth()->user()->role_id == 1) { return '/admin'; } return '/home'; }
Copy after login

技巧 5. 快速创建新用户

如果您需要创建一个新用户,但还没有准备好注册页面该怎么办?

只需在您的终端中打开Share 9 tips related to Laravel Auth scaffolding Tinker

php artisan tinker
Copy after login

如果您不熟悉 Tinker,需要知道它是能够执行任何 Share 9 tips related to Laravel Auth scaffolding / PHP 代码的命令行工具。因此,在其中,您可以轻松创建用户,键入此 Eloquent 命令并按 Enter:

\App\User::create(['name' => 'Admin', 'email' => 'admin@admin.com', 'password' => bcrypt('somesecurepassword')]);
Copy after login

但是,如果您需要创建许多用户进行测试,例如10、100或1000,该怎么办?没问题,我们可以在database / factories / UserFactory.php中使用 Share 9 tips related to Laravel Auth scaffolding 默认提供的 Factory 类:

$factory->define(User::class, function (Faker $faker) { return [ 'name' => $faker->name, 'email' => $faker->unique()->safeEmail, 'email_verified_at' => now(), 'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // 密码 'remember_token' => Str::random(10), ]; });
Copy after login

这些是我们创建的“假”用户的默认值。为此,我们将生成一个 Seeder 文件:

php artisan make:seeder UsersSeeder
Copy after login

然后,我们打开生成的文件database / seeds / UsersSeeder.php,并用以下代码填充run()方法:

public function run() { // This will create 100 users factory(App\User::class, 100)->create(); }
Copy after login

要运行它,我们需要执行以下命令:

php artisan db:seed --class=UsersSeeder
Copy after login

您可以在Share 9 tips related to Laravel Auth scaffolding官方文档中了解更多有关数据库种子的信息。


Tip 6. 使用邮箱和/或用户名登录

默认情况下,Share 9 tips related to Laravel Auth scaffolding用户使用邮箱密码进行身份验证。但是,如果您的用户标识不使用邮箱怎么办?例如,使用用户名作为标识。

您可以通过覆盖 traitAuthenticatesUsers.php中的一种方法来轻松更改它。

这是默认值:

trait AuthenticatesUsers { // ... 其他方法 public function username() { return 'email'; }
Copy after login

您可以将其复制到您的LoginController.php中,只需更改值即可:

class LoginController extends Controller { use AuthenticatesUsers; // ... 其他方法 public function username() { return 'username'; } }
Copy after login

让我们更进一步。如果您想让用户可以使用邮箱或用户名登录怎么办?这样的话,用户可以在“邮箱/用户名”字段中选择其中一个填写。

让我们向上面的username()方法添加一个判断。我们检查输入的字符串是否是电子邮件,若不是,则将其视为用户名。这是一个 PHP 函数,甚至不是 Share 9 tips related to Laravel Auth scaffolding 函数。

class LoginController extends Controller { // ... public function username() { return filter_var(request('email'), FILTER_VALIDATE_EMAIL) ? 'email' : 'username'; } }
Copy after login

注意: 别忘了把登录表单的input type="email"改成type="text"


Tip 7.登录请求频繁:自定义参数

如果您尝试在同一分钟内使用无效凭据登录五次以上,则请求会被拦截,并显示一条消息尝试登录的次数过多。 请在X秒后重试。

该拦截操作将持续1分钟,并且对于用户的用户名/电子邮件及其IP地址是唯一的。

您可以自定义这些参数:

  • 一分钟内的无效尝试次数(默认为五次尝试)
  • 阻止登录的分钟数(默认为1分钟)

这两个参数在TraitThrottlesLogins内部:

trait ThrottlesLogins { // ... other methods /** * Get the maximum number of attempts to allow. * * @return int */ public function maxAttempts() { return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5; } /** * Get the number of minutes to throttle for. * * @return int */ public function decayMinutes() { return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1; } }
Copy after login

因此,要覆盖这些属性,可以在LoginController内部指定属性:

class LoginController extends Controller { protected $maxAttempts = 3; // Default is 5 protected $decayMinutes = 2; // Default is 1 // ... }
Copy after login

Tip 8. 注册: 禁用自动登录

默认情况下,新注册的用户将自动登录并重定向到主页。

如果您需要禁用该功能并改为显示注册成功页面,而不自动登录的话,可以执行以下操作。

原始注册方法位于 TraitRegistersUsers的内部:

trait RegistersUsers { public function register(Request $request) { $this->validator($request->all())->validate(); event(new Registered($user = $this->create($request->all()))); $this->guard()->login($user); if ($response = $this->registered($request, $user)) { return $response; } return $request->wantsJson() ? new Response('', 201) : redirect($this->redirectPath()); }
Copy after login

因此,您的目标是在RegisterController中覆盖它,然后重定向到新页面,而不是登录:

class RegisterController extends Controller { use RegistersUsers; public function register(Request $request) { $this->validator($request->all())->validate(); event(new Registered($user = $this->create($request->all()))); return redirect()->route('your_success_page_route_name'); }
Copy after login

Tip 9. 登录: 通过电子邮件/密码进行附加检查

如果除了默认的电子邮件和密码外,还需要进行其他检查,该怎么办? 例如,您要检查用户是否处于活动状态或未被禁止。

您可以添加额外的字段credentials到定义在AuthenticatesUserstrait 的鉴权数组中:

trait AuthenticatesUsers { // ... protected function credentials(Request $request) { return $request->only($this->username(), 'password'); }
Copy after login

然后只需要重写LoginController即可:

class LoginController extends Controller { // ... protected function credentials(Request $request) { return $request->only($this->username(), 'password') + ['is_active' => 1]; }
Copy after login

注意: 这是一个很有趣的便捷提示,但是我建议您在单独的中间件中执行这种额外的检查,然后向用户提供更明确的错误消息,而不是默认的凭证错误。


就是这些,都是一些便捷提示,但是自定义代码和外部扩展包还有很多可以发挥的地方。 因此,可以继续关注有关该主题的更多文章!

原文地址:https://laravel-news.com/laravel-auth-tips

译文地址:https://learnku.com/laravel/t/48905

The above is the detailed content of Share 9 tips related to Laravel Auth scaffolding. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:learnku.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!