Laravel study notes (23) laravel6 Authentication and Authorization (web)

Original: https://qianjinyike.com/laravel-%E5%86%85%E7%BD%AE-web-%E8%AE%A4%E8%AF%81/

1. What is a web authentication

User registration is successful (successful landing). In the server generates session file and returns the file name stored in the client session cookie.
Find a user session file with the file name to the server-side session cookie in the middle, found on certification success, otherwise fail

2. Ready to work

Laravel generate default login authentication function, please refer to:
Laravel default login authentication function

PS: If no registration function, can specify routing Auth :: routes ([ 'register' => false]) ;.

3. Redirect

Within the following controller, or if the redirection method attribute definitions are automatically redirected

// LoginController,  RegisterController, ResetPasswordController, ConfirmPasswordController and  VerificationController
protected $redirectTo = '/';

# 方法的优先级高于属性定义
protected function redirectTo()
{
    // 可以写一些逻辑
    return '/path';
    // return route('login');
}

4. Modify authentication

// app/Http/Controllers/Auth/LoginController.php追加
public function username(){
    return 'name';  // 默认 email
}

5. Adding login authentication

Auth increase in certified middleware route

Route::get('profile', function () {
    return '1234'；
})->middleware('auth');

Increase in the constructor middleware

public function __construct()
{
    $this->middleware('auth')->except('create', 'delete');

    $this->middleware('auth')->only('create');
}

6. Logout and login information acquisition

$user = Auth::user();
$id = Auth::id();
$request->user()

if (Auth::check())  // 判断是否登录

Auth::logout();

7. Manual override the login method

# 当你不喜欢自带的控制器去认证用户，你可以移除这些控制器，
# 引入 Auth facade，利用 attempt 手动认证
class LoginController extends Controller
{
    public function authenticate(Request $request)
    {
        $request->validate([
            'email' => 'required|email',
            'password' => 'required|min:5'
        ]);

        if (\Auth::attempt(['email' => $request->email, 'password' => $request->password])) {
            session()->flash('success', '登陆成功');
            return redirect()->route('home');
        } else {
            session()->flash('danger', '登陆失败');
            return back();
        }
	}
}

attempt example, the first array represents To verify the field, the second field represents whether the user in mind (session never expires, has been logged in)

if (Auth::attempt(['email' => $email, 'password' => $password], $remember)) {
    // The user is being remembered... 内置的 LoginController 已经实现 remember
    // $remember的值为bool
}

8. Single Device Login

// 取消登陆在别的设备上的认证
// app/Http/Kernel.php中取消注释：\Illuminate\Session\Middleware\AuthenticateSession::class,
// $password为登录密码，执行这段语句后，将会踢掉正在登录的同一账户
Auth::logoutOtherDevices($password);