Comments (14)
OK I have tagged v1.2.0 with a more granular approach that I believe will solve your original use case a little easier. The loginThrough
method I noted earlier still works though if you prefer a wider customization.
There is a new authenticateUsing(fn)
method which receives the request and should retrieve the authenticatable user (however you want) using the data from the request and return the user instance or, if there is not a user matching those credentials, you should return null
or false
. Note that you are responsible for validating the password, etc.
This custom callback will be utilized by both RedirectIfTwoFactorAuthenticatable
and AttemptToAuthenticate
.
Fortify::authenticateUsing(function ($request) {
$user = User::where('email', $request->email)->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
return;
}
return $user;
});
from fortify.
from fortify.
@stevebauman cool. my only suggestion is not to use Auth::attempt
there. I would maybe use Auth::validate
instead, which accepts the same arguments.
Reason being is that when authenticateUsing
return a user instance then Fortify will call Auth::login
for you. So you're sort of logging in twice here. Using Auth::attempt
there is also not a good idea if you're using two-factor authentication. Not sure if you are. Because here you would have logged them in before they confirmed their two factor token.
from fortify.
@taylorotwell Ah okay understood - thanks! Here's what I've updated it to:
// app/Providers/AppServiceProvider.php
public function boot()
{
Fortify::authenticateUsing(function ($request) {
$validated = Auth::validate($credentials = [
'mail' => $request->email,
'password' => $request->password
]);
return $validated ? Auth::getProvider()->retrieveByCredentials($credentials) : null;
});
}
In my case, I need to all retrieveByCredentials()
on the provider to retrieve the user instance from the LDAP directory.
from fortify.
Hi @mikeburton220,
The filled status of the login requests remember
field will still be passed into the guard->login()
method, as shown here:
fortify/src/Actions/AttemptToAuthenticate.php
Lines 69 to 80 in 394c707
Simply send the remember
input value with the login request, and you're good to go 👍
from fortify.
Yeah, that looks good!
from fortify.
Perfect, the Fortify::authenticateUsing
callback is exactly what I need. Here's how I'm now able to login using my own authentication provider:
// app/Providers/AppServiceProvider.php
public function boot()
{
Fortify::authenticateUsing(function ($request) {
Auth::attempt([
// "mail" is an LDAP attribute
'mail' => $request->email,
'password' => $request->password
]);
return Auth::user();
});
}
This is the only change I need to make. I didn't need to configure anything at all in Jetstream. I did a complete new Jetstream installation, installed LdapRecord-Laravel, configured it, then added this callback.
Excellent! 👍 🎉
from fortify.
Fortify 1.1.0 has been released with Laravel\Fortify\Fortify::loginThrough
method... this method should return the authentication pipeline array you wish to use - allowing full customization. Could add this to the boot
method of your JetstreamServiceProvider
:
Fortify::loginThrough(function ($request) {
return [
//
];
});
from fortify.
Awesome thanks @taylorotwell! Let me verify this right now on my install and see if I can now use my own auth guard 👍
from fortify.
This is sort of the "bazooka" approach and gives the most flexibility. I think there is probably still room for some more granular customization hooks that don't require customizing the pipeline.
from fortify.
@stevebauman when you have time, i would be curious to know if the new authenticateUsing
method noted above solves your use case.
from fortify.
Yeah, that looks good!
Hi Taylor, is there a way to utilize "remember" using Auth::validate with authenticateUsing, maybe it should return an array, instead of just the User model since it's going to call Auth::login ? [User, $remember]
from fortify.
OK I have tagged v1.2.0 with a more granular approach that I believe will solve your original use case a little easier. The
loginThrough
method I noted earlier still works though if you prefer a wider customization.There is a new
authenticateUsing(fn)
method which receives the request and should retrieve the authenticatable user (however you want) using the data from the request and return the user instance or, if there is not a user matching those credentials, you should returnnull
orfalse
. Note that you are responsible for validating the password, etc.This custom callback will be utilized by both
RedirectIfTwoFactorAuthenticatable
andAttemptToAuthenticate
.Fortify::authenticateUsing(function ($request) { $user = User::where('email', $request->email)->first(); if (! $user || ! Hash::check($request->password, $user->password)) { return; } return $user; });
I still got this problem, I just want to add additional where('is_active', true)
but got
if I didn't checked the remember me box, it will be fine, otherwise it doesn't work :(.
from fortify.
@stevebauman @mikeburton220
'remember' doesn't work at all after adding 'remember: true' to the login request parameter
This is my JS login request code
await axios.get('/sanctum/csrf-cookie').then( () => {
// Login...
axios.post('/api/login', {email, password, remember: true} ).then(response => {
if (response.data) {
window.open(redirectToAfterLogin_url, '_self');
}
}).catch((err) => {
setError(err.response.data.errors[Object.keys(err.response.data.errors)[0]]);
})
});
from fortify.
Related Issues (20)
- difficulties in updating the database schema HOT 1
- Laravel 10.10 - Cast password "hashed" HOT 3
- login limiter doesn't work actually HOT 1
- When Session based Guard is not used Logout fails HOT 3
- Integrate Precognition Into Fortify Route HOT 1
- Route [logout] not defined after changing the app_env from local to production
- Without override the PasswordResetLinkController@store we cannot add reCAPTCHA HOT 1
- Name all routes for Ziggy support when enableViews is false HOT 2
- Paths override with dot in route name does not work HOT 3
- Fortify http request methods for routes requiring multipart/form-data HOT 1
- Support for laravel passport HOT 2
- Provide "Don't ask me again on this computer" feature HOT 3
- Implementation for ActivityLogs HOT 1
- Custom Rate Limiter HOT 1
- Confusion between the username/email field in the database and the username/email field in the request (form) HOT 4
- No error message on expired token HOT 4
- Can we get a way to add additional validation rules to LoginRequest?
- A proposal for Fortify 2.0 HOT 4
- Used password reset link still valid to change password again HOT 1
- RegisterViewResponse is not instantiable. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fortify.