Authentication methods
These are the main functionality provided by leaf auth.
New in v2.1
Following the addition of the DB_TABLE config, the table parameter has been removed from leaf auth. This means that you can now pass in only the credentials on a user login, register or update.
login
Login is used to create a simple, secure user login.
It takes in a set of parameters for the login.
$user = auth()->login([
'username' => 'mychi.darko',
'password' => 'test'
]);
If the user is successfully found, the user data is returned, if not, null is returned. You can get any error by calling the errors method.
$user = auth()->login([
'username' => 'mychi.darko',
'password' => 'test'
]); // returns null if failed
if (!$user) {
response()->exit(auth()->errors());
}
example success response: Note that the password and id fields are removed. You can control whether fields should be hidden from the returned value in the Auth settings.
[
"user" => [
"username" => "mychi.darko",
"email" => "mychi@leafphp.dev",
"created_at" => "2019-09-20 13:47:48"
],
"token" => "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzYxMzUzMjgsImlzcyI6ImxvY2FsaG9zdCIsImV4cCI6MTU3NjEzNjIyOCwidXNlcklkIjoxfQ.7FODXGGJKioGQVX4ic0DJLoMIQTVUlsd4zFAJA4DAkg"
]
session support
Login now has session support which allows login to create a session instead of returning a JWT as done by default. To get started with session, just set the USE_SESSION setting or call the useSession method.
auth()->useSession();
auth()->login([
'username' => $username,
'password' => $password
]);
When the login succeeds, you'll be redirected to GUARD_HOME. You can configure the GUARD_HOME route to match the needs of your app.
In case there's something wrong and Auth can't sign the user in, it returns a falsy value.
auth()->useSession();
$user = auth()->login([
'username' => $username,
'password' => $password
]);
if (!$user) {
// you can pass the auth errors into a view
return $blade->render('pages.auth.login', [
'errors' => auth()->errors(),
'username' => $username,
'password' => $password,
]);
}
Password Encoding
Leaf auth has a very simple and straightforward implementation for password encoding. You can use default password protection with the leaf password helper or use your own method for hashing. All of this can be configured with auth settings
Validation
This version of leaf auth has separated validation into it's own method. This allows you to have cleaner methods which are more readable. Validation uses leaf form under the hood, which makes it simple and easy to use. You can find more about form rules in the leaf form validation docs.
$validation = auth()->validate(['firstname' => 'noSpaces']);
if (!$validation) {
response()->exit(auth()->errors());
}
$user = auth()->login($loginData);
if (!$user) {
response()->exit(auth()->errors());
}
register
Register is a simple method used to create simple, secure user registrations. It takes in the params(array) to save and any items which should be unique.
auth()->register([
'username' => 'mychi.darko',
'email' => 'mychi@leafphp.dev',
'field' => 'value'
]);
If the user is successfully saved, the user data is returned, if not, null is returned. You can get any error by calling the errors method.
$user = auth()->register([
'username' => 'mychi.darko',
'email' => 'mychi@leafphp.dev',
'field' => 'value'
]); // returns null if failed
if (!$user) {
response()->exit(auth()->errors());
}
Uniques
Let's say you want to check whether the username a user just entered has been taken, you'd have to write a bunch of conditional code, making the code count larger and more error prone, right?
Well, register solves this problem smoothly. register has a 2nd parameter: an array of unique values which makes sure that the same value can't be saved twice.
auth()->register(
['name' => 'mychi', 'email' => 'm@m.com', 'pass' => '1234'],
['name', 'email']
);
We are telling register to alert us if someone has already registered with the name mychi or the email m@m.com. This is because we passed ['name', 'email'] as the 2nd param to register.
With uniques, you can cut down on your whole app: For instance, if you know the exact data you'll be receiving in your app, let's say a username, email and password from a register form, you can do something like this:
app()->post('/register', function () {
auth()->register(request()->body(), ['username', 'email']);
});
So, we pass in the entire request body, which contains the username, email and password. Simple right?
For an even better way, you can make sure that only the data you need is going into the database. You can do this to retrieve only the fields you need.
// select only the username, email and password from the request body
$data = request()->get(['username', 'email', 'password']);
auth()->register($data);
register session support
Just as with login, register now integrates with session. To turn this feature on, just set the USE_SESSION setting or call the useSession method.
auth()->useSession();
auth()->register($credentials, [
'username', 'email'
]);
After a successful registration, you can redirect to GUARD_HOME or rather GUARD_LOGIN if you want the user to login after registration.
// set your login route...default is /auth/login
auth()->config('GUARD_LOGIN', '/login');
// Redirect to login after auth
auth()->config('SESSION_ON_REGISTER', false);
// Login automatically after registration
auth()->config('SESSION_ON_REGISTER', true);
In case there's something wrong and Auth can't register the user, it returns a falsy value.
$user = auth()->register($credentials, [
'username', 'email'
]);
if (!$user) {
// you can pass the auth errors into a view
return $blade->render('pages.auth.register', [
'errors' => auth()->errors(),
'username' => $username,
'email' => $email,
'password' => $password,
]);
}
update
There's a login method, a register method, so why not a user update method? This method takes the stress out of updating a user's information. Update takes in 2 parameters:
- The data to update
- Unique values (optional)
Changes in update
The update method has been rewritten completely from the ground up. The biggest change is that you no longer need to pass in a condition for locating th user to update, but it also means that there needs to be a logged in user. update will now search for a JWT or user session to find the user to be updated.
// data to update
$data = request()->get(['username', 'email']);
// unique data
$uniques = ['username', 'email'];
$user = auth()->update($data, $uniques);
Something little
Uniques in update work a bit different from register, in update, Leaf tries to find another user which isn't the current user that has the same credentials. So if there's no other user with that same param value, the unique test passes. In short, the current user is excluded from the users to check for same credentials
update session support
When a user is updated, the user is updated in the session and the updated user is also returned.
$user = auth()->update($data, $uniques);
user
This is a method which allows you to get the user who is currently logged in. This method expects either a JWT or a session to exist on the request. user finds the user id and queries the user from the database linked to leaf auth. In the case of JWTs, it also validates the JWT and makes sure that it is valid and hasn't expired.
$user = auth()->user();
return $user['name'];
As mentioned, user queries your database for the full user information. You can specify your custom table using the DB_TABLE config like this:
$user = auth()->config('DB_TABLE', 'all_users');
We can catch any errors that occur, from fetching the user, working with the token...
$user = auth()->user() ?? $request->exit(auth()->errors());
user also allows you to pass an array of items to hide from the returned user array.
$user = auth()->user(['id', 'password']);
id
This method returns the id of the currently logged in user. In the case of JWTs, it decodes and validates the token and returns the user_id field encoded in it.
$userId = auth()->id();