Customizing the Auth Scaffolding

There is probably a simple solution.

Updated on April 14, 2017 Posted by lagbox on April 14, 2017 authentication laravel tricks

The auth scaffolding Laravel comes with gives you a very nice login/registration/password reset system for your application to get started. You get a fully functioning example of how to use the Authentication system. The traits that the auth controllers use were designed with the ability to be able to change some of the functionality/defaults easily. There are many changes you can make by overriding methods that don't require you to repeat the actual logic.

Some of this is in the docs Laravel 5-4 - Authentication so make sure to take a look.

Login

The trait AuthenticatesUsers, that the LoginController uses, calls other methods so you can override smaller pieces of the functionality easier; which is common across the traits used by the Auth controllers.

Fields

You can customize the fields used as the credentials from the form and what credentials end up being used to attempt to login the user.

Username

Adjusting the field used for username/email is as simple as overriding the username method.

public function username()
{
    return 'email';
}

Password

To validate the credentials it is required that there is a field named password passed to the authentication system by default. This particular field has to be named password and does not have to directly correlate to the name of the field in the database. As the credentials are where conditions we need to know which field is the password to exclude it from the query and to run a hash_check against.

Form Password

For adjusting the field used in the form for password you can override these methods:

protected function credentials(Request $request)
{
    return $request->only($this->username()) +
        ['password' => $request->input($this->password())];
}
	
protected function validateLogin(Request $request)
{
    $this->validate($request, [
        $this->username() => 'required|string',
        $this->password() => 'required|string',
    ]);
}

and add this new method:

public function password()
{
    return 'your_password_form_field';		
}

Keep in mind the credentials used to login the user are where conditions on a query, except password. This means you can adjust the credentials passed to use as additional where conditons. Ex: have the credentials method return an additional values in the array, active => true

Database Password

Your models used for authentication implement a nice contract and implement a method to return the password fields value, Illuminate\Contracts\Auth\Authenticatable@getAuthPassword. You can override this on your model.

public function getAuthPassword()
{
    return $this->password;
}

After Login

To alter the response that is returned after a user has been authenticated you can override the authenticated method. This method by default does nothing and returns nothing.

protected function authenticated(Request $request, $user)
{
    //
}

sendLoginResponse will call authenticated and return a response if authenticated returns something truthy. If not there will be a redirect()->intended($this->redirectPath()) response returned.

protected function sendLoginResponse(Request $request)
{
    ...

    return $this->authenticated($request, $this->guard()->user())
            ?: redirect()->intended($this->redirectPath());
}

See about RedirectsUsers@redirectPath below.

After Logout

If you want to adjust where someone is redirected to after logout you would have to override the logout method. Instead of having to define everything in that method we can just rename that method when we use the trait.

class LoginController ...
{
    use AuthenticatesUsers {
        logout as traitLogout;
    }
    
    public function logout(Request $request)
    {
        // call the logout method from the trait
        // we don't need the response returned from it
        $this->traitLogout($request);
        
        // return our new redirect
        return redirect(...);
    }
}

Register

After Register

Similar to LoginController@authenticated there is a RegisterController@registered from RegistersUsers.

protected function registered(Request $request, $user)
{
    //
}

The register method will call registered and if it returns a truthy response, use it, if not return a redirect to the redirect path.

public function register(Request $request)
{
    ...
			
    return $this->registered($request, $user)
                    ?: redirect($this->redirectPath());
}

RedirectsUsers Trait

There is a RedirectsUsers trait being used by the traits these controllers use. The redirectPath method is used so we can define the redirect in different ways. The property redirectTo can be used or a method redirectTo can be defined to return the redirect path. (redirectTo() > $redirectTo)

protected $redirectTo = '/home';

protected function redirectTo()
{
    return route('home');
}

Cake

This is a small list of some common things people will want to customize with this scaffolding and some things that may not seem so obvious. Since the functionality for these controllers comes from traits you are free to override what you would like. All the changes you would need to make are in your application space.