User Authentication with Laravel 4

Asked

Viewed 1,012 times

5

I’m starting to authenticate users with Laravel 4, as a basis for this link.

My doubt and the following, all route, I will have to use this way?

Route::get('/', array('before' => 'auth'), 'HomeController@index');

I mean, I have to insert the array('before' => 'auth') in the middle of the route? Is there no way I can do this just once and the system will validate if I’m logged in? Maybe put yourself in the before would be the solution?

Obs: I want to do this in the most organized way possible.

php laravel-4 laravel security-guard authentication

3 answers

7


You can create groups ..

Route::group(array('before'=>'auth'), function(){
   Route::get('/', 'HomeController@index');
   Route::get('/hello', 'HomeController@showWelcome');
});

Official documentation Route Groups

2

The best way, sometimes, is to define this in the controller, in the __Construct method():

    public function __construct()
    {
        $this->beforeFilter('auth');
    }

Thus, all methods of this controller will only be accessed by authenticated users. If you want to open one or more exceptions to this filter:

public function __construct()
{
    $this->beforeFilter('auth' => ['except' => ['index', 'show']]));
}

or else

public function __construct()
{
    $this->beforeFilter('auth' => ['only' => ['create', 'edit', 'store', 'destroy', 'update']]));
}

It is also interesting to have csrf filter in the Basecontroller constructor method, to protect against CSRF attacks:

public function __construct()
{
    $this->beforeFilter('csrf', array('on' => 'post'));
}

or also

public function __construct()
{
    $this->beforeFilter('csrf', array('on' => ['post', 'put', 'patch', 'delete']));
}

2

As organized as possible I think it’s something like this, route:

  • All my routes for the admin panel are inside the admin prefix filter.
  • Inside the admin we have two filters.
  • admin.guest, that if you try to access any route within this filter you will be redirected to the route named 'admin.home'.
  • admin.auth, that if you try to access any route within this filter you will be redirected to the route named 'admin.getLogin''.

Check out how is my code ( I will not document here so the post does not get grid and tiring ).

Filters.php

Route::filter('admin.guest', function()
{
    if (Auth::check()) return Redirect::route('admin.home');
});

Route::filter('admin.auth', function()
{
    if (Auth::guest())
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 401);
        }
        else
        {
            return Redirect::route('admin.getLogin');
        }
    }
});

Obs¹: the ' Admin...' that has in uses in the route is the namespace of my controller, this is another way to organize more code but is not the case now Note²: the filter 'csrf' is for form authentication in the Laravel, it checks if the form comes with a token or check it, see its filter in the file Filters

Routes.php

/*
|--------------------------------------------------------------------------
| Panel Admin
|--------------------------------------------------------------------------
 */

Route::group(['prefix' => 'admin'], function(){
    Route::group(['before' => 'admin.guest'], function(){
        Route::get('login', [
            'as'    => 'admin.getLogin',
            'uses'  => '\Admin\UsersController@getLogin'
        ]);

        Route::group(['before' => 'crsf'], function(){
            Route::post('login', [
                'as'    => 'admin.postLogin',
                'uses'  => '\Admin\UsersController@postLogin'
            ]);
        });
    });

    Route::group(['before' => 'admin.auth'], function(){
        Route::get('/', [
            'as'    => 'admin.home',
            'uses'  => '\Admin\HomeController@index'
        ]);
    });
});

I guess it didn’t get too complicated for you to understand.

Browser other questions tagged php laravel-4 laravel security-guard authentication

You are not signed in. Login or sign up in order to post.