Since Laravel5.2, the built-in Auth authentication system now supports multiple character authentication. That is to say you than if there are administrators, ordinary users of these two roles, can be through the same Auth system to achieve authentication.

Laravel Auth can generate authentication controllers, templates, and routes with a single command:

php artisan make:auth
Copy the code

This will generate an AuthController authentication controller and HomeController general controller, this controller is not useful, is the login after the jump; There are also some login template files required by the registration, in the resource/view to see; The authentication routes are also generated in the Routing file, and the source code is displayed at \Illuminate\Routing\Router::auth(); , in fact, is configured with some login registration use:

public function auth(a) {  
    // Authentication Routes... 
    $this->get('login'.'Auth\AuthController@showLoginForm'); 
    $this->post('login'.'Auth\AuthController@login'); 
    $this->get('logout'.'Auth\AuthController@logout');  

    // Registration Routes... 
    $this->get('register'.'Auth\AuthController@showRegistrationForm'); 
    $this->post('register'.'Auth\AuthController@register');  

    // Password Reset Routes... 
    $this->get('password/reset/{token? } '.'Auth\PasswordController@showResetForm'); 
    $this->post('password/email'.'Auth\PasswordController@sendResetLinkEmail'); 
    $this->post('password/reset'.'Auth\PasswordController@reset'); 
}
Copy the code

This is a configuration file related to authentication. Some concepts in it, such as guard and provider, are probably not understood by many people. So what exactly is guard? This can be understood as a role, and each item in the Guards array is a role. The default is Web and API, which means that these two roles can use the authentication system at present. Of course, these two types will definitely not meet our requirements, so we will generally customize some guard. Customization is also very simple, that is, add an item in the Guards array, where driver is to indicate how this authentication will save the user state, generally stored in the session, and provider is one of the following provider array, so what is provider? Provider tells Laravel which table your user information is stored in. Driver tells Laravel which table your user information is stored in. Provider tells Laravel which table your user information is stored in.

Laravel automatically generates code for login and registration, but each Guard requires an AuthController. How to share an AuthController? This is where guard comes in, because you can represent the identity of the user for different logic. However, the guard is not available in the authentication controller, so we can implement it by routing parameters. Define a routing group:

Route::group(['prefix'= >'{guard}'].function(a){ Route::auth(); });Copy the code

In this routing group we set the prefix to guard so that we can get the current Guard in the AuthController. Normally we get route parameters from the dependency injection Request instance, but there is a pitfall that I can get route parameters through prior to version 5.1

$request->input('key')
Copy the code

This is not possible in 5.2 and must be passed

$request->key
Copy the code

Or just get it directly from a routing instance for whatever reason. The AuthController controller uses traits that implement the logic for authentication registration, which you can customize by overriding some controller properties. $guard; $username; $guard; $guard; $guard; So we can customize the guard we get in the authentication controller.

#4 Route protection Generally do authentication systems, are to protect the route, so how to protect the route? The documentation says to add an Auth middleware to the route that needs to be protected, so what is the reality? That’s true, but what the documentation doesn’t say is that routes protected by Auth middleware must also include Web middleware, must also include Web middleware, must also include Web middleware, must also include Web middleware, important things to say three times, otherwise what could go wrong? Regardless of your authentication success or failure, you will jump to/this route, this big pit to pay attention to! Of course, you can specify guard in the middleware to let Laravel know which guard is used for authentication. If you do not specify guard, use the default in the configuration file:

Route::get('profile'['middleware'= >'auth:api'.'uses'= >'ProfileController@show']);
Copy the code

After passing the authentication, you can obtain the current authenticated user instance through the Auth facade.

$user = Auth::user();
Copy the code

Note that this method is used to obtain the guard from the configuration file by default. If the guard you are currently logged in to is not in the configuration file, you must obtain it like this:

$user = Auth::guard('guard')->user();
Copy the code

Overall, the Auth system in Laravel5.2 works pretty well, but there are a few bugs that aren’t well documented, and it should be familiar after a few tries, saving us a lot of development time.