[v1.0] Extensibility of Actions using Authentication User Providers about fortify HOT 14 CLOSED

OK I have tagged v1.2.0 with a more granular approach that I believe will solve your original use case a little easier. The loginThrough method I noted earlier still works though if you prefer a wider customization.

There is a new authenticateUsing(fn) method which receives the request and should retrieve the authenticatable user (however you want) using the data from the request and return the user instance or, if there is not a user matching those credentials, you should return null or false. Note that you are responsible for validating the password, etc.

This custom callback will be utilized by both RedirectIfTwoFactorAuthenticatable and AttemptToAuthenticate.

Fortify::authenticateUsing(function ($request) {
    $user = User::where('email', $request->email)->first();

    if (! $user || ! Hash::check($request->password, $user->password)) {
        return;
    }

    return $user;
});

from fortify.

from fortify.

@stevebauman cool. my only suggestion is not to use Auth::attempt there. I would maybe use Auth::validate instead, which accepts the same arguments.

Reason being is that when authenticateUsing return a user instance then Fortify will call Auth::login for you. So you're sort of logging in twice here. Using Auth::attempt there is also not a good idea if you're using two-factor authentication. Not sure if you are. Because here you would have logged them in before they confirmed their two factor token.

from fortify.

@taylorotwell Ah okay understood - thanks! Here's what I've updated it to:

// app/Providers/AppServiceProvider.php

public function boot()
{
    Fortify::authenticateUsing(function ($request) {
        $validated = Auth::validate($credentials = [
            'mail' => $request->email,
            'password' => $request->password
        ]);

        return $validated ? Auth::getProvider()->retrieveByCredentials($credentials) : null;
    });
}

In my case, I need to all retrieveByCredentials() on the provider to retrieve the user instance from the LDAP directory.

from fortify.

Hi @mikeburton220,

The filled status of the login requests remember field will still be passed into the guard->login() method, as shown here:

Simply send the remember input value with the login request, and you're good to go 👍

from fortify.

Yeah, that looks good!

from fortify.

Perfect, the Fortify::authenticateUsing callback is exactly what I need. Here's how I'm now able to login using my own authentication provider:

// app/Providers/AppServiceProvider.php

public function boot()
{
    Fortify::authenticateUsing(function ($request) {
        Auth::attempt([
            // "mail" is an LDAP attribute
            'mail' => $request->email,
            'password' => $request->password
        ]);

        return Auth::user();
    });
}

This is the only change I need to make. I didn't need to configure anything at all in Jetstream. I did a complete new Jetstream installation, installed LdapRecord-Laravel, configured it, then added this callback.

Excellent! 👍 🎉

from fortify.

Fortify 1.1.0 has been released with Laravel\Fortify\Fortify::loginThrough method... this method should return the authentication pipeline array you wish to use - allowing full customization. Could add this to the boot method of your JetstreamServiceProvider:

Fortify::loginThrough(function ($request) {
    return [
        //
    ];
});

from fortify.

Awesome thanks @taylorotwell! Let me verify this right now on my install and see if I can now use my own auth guard 👍

from fortify.

This is sort of the "bazooka" approach and gives the most flexibility. I think there is probably still room for some more granular customization hooks that don't require customizing the pipeline.

from fortify.

@stevebauman when you have time, i would be curious to know if the new authenticateUsing method noted above solves your use case.

from fortify.

Yeah, that looks good!

Hi Taylor, is there a way to utilize "remember" using Auth::validate with authenticateUsing, maybe it should return an array, instead of just the User model since it's going to call Auth::login ? [User, $remember]

from fortify.

OK I have tagged v1.2.0 with a more granular approach that I believe will solve your original use case a little easier. The loginThrough method I noted earlier still works though if you prefer a wider customization.

There is a new authenticateUsing(fn) method which receives the request and should retrieve the authenticatable user (however you want) using the data from the request and return the user instance or, if there is not a user matching those credentials, you should return null or false. Note that you are responsible for validating the password, etc.

This custom callback will be utilized by both RedirectIfTwoFactorAuthenticatable and AttemptToAuthenticate.

Fortify::authenticateUsing(function ($request) {
    $user = User::where('email', $request->email)->first();

    if (! $user || ! Hash::check($request->password, $user->password)) {
        return;
    }

    return $user;
});

I still got this problem, I just want to add additional where('is_active', true) but got

if I didn't checked the remember me box, it will be fine, otherwise it doesn't work :(.

from fortify.

@stevebauman @mikeburton220
'remember' doesn't work at all after adding 'remember: true' to the login request parameter

This is my JS login request code

await axios.get('/sanctum/csrf-cookie').then( () => {
    // Login...
    axios.post('/api/login', {email, password, remember: true} ).then(response => {
        if (response.data) {
            window.open(redirectToAfterLogin_url, '_self');
        }
    }).catch((err) => {
        setError(err.response.data.errors[Object.keys(err.response.data.errors)[0]]);
    })
});

from fortify.