Learning Management Platform for Written Tutorial Series.

Laravel 6 Authentication

Laravel 6 Authentication

Authentication is the processing of proving that you are who you claim to be. This is usually done by providing an email address and a valid password. If the email address and password match what you have in the database, then you are granted access. If they do not match, then access is denied. In cases where you forget your password, you are provided with an option to recover your password. This is done by sending you an email with a link that you have to click.

In this lesson, you will learn how to authenticate users using the built-in features of Laravel framework.

Topics to be covered

In this lesson, we will cover the following topics

  • Authentication in Laravel
  • Authentication Scaffolding
  • Protected Routes

Authentication in Laravel

Laravel framework comes with a tone of features for authenticating users. By default, Laravel ships with migration files for creating the users table and password resets. All you have to do is hook up your application to the database, run php artisan migrate and you will be good to go.

Another cool useful feature that comes with Laravel is an artisan command that automatically generates, authentication routes, controllers and view. As if this isn't sinful enough you can actually customize the views to meet your tastes in design. Enough of the spoiler alerts, let's get to work.

Authentication Scaffolding

Scaffolding allows us to automatically pull a complete authentication system out of the framework. Let's start by creating a new project. Run the following command to create a new project

composer create-project laravel/laravel lauth 6.0.*

HERE,

  • The above command creates a new Laravel project that users the latest version of 6.0

Laravel uses the ui package to provide mechanisms for automatically scaffolding authentication. This package does not come with Laravel by default so we will have to install it separately.

Installing Laravel authentication package

Run the following command to install it

composer require laravel/ui

The above command installs the ui package that has artisan commands for handling authentication scaffolding.

Database configuration

Now we need to create a database and run migration files that support the built-in authentication system

We will use MySQL as the database engine

Run the following command to create a new database

CREATE DATABASE lauth;

Let's now configure our application to communicate with our database

Open the file .env

Update the database connection parameters as follows

DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=lauth
DB_USERNAME=root
DB_PASSWORD=your_password

Saves the changes and run the following command to create the tables that will be needed for authentication purposes

php artisan migrate

Executing the above command creates 3 tables namely users, password_resets and failed_jobs

Generating routes, views and controllers

Next we need to use artisan to scaffold the authentication system like so

php artisan ui:auth

HERE,

  • ui:auth is the artisan command that is used to scaffold authentication in Laravel 6

Open the web route file /routes/web.php

You should be able to see the following URLs automatically added for you

Auth::routes();

Route::get('/home', 'HomeController@index')->name('home');

HERE,

  • Auth::routes(); generates all of the links that we need to login, register logout, reset passwords etc.
  • Route::get('/home', 'HomeController@index')->name('home'); defines a home route where authenticated users will be redirect to after successfully logging in

If you check in the /resources/views directories, then you should be able to see a new directory auth that has the following views

  • login.blade.php this view contains the form that users can use to login
  • register.blade.php this view contains the form that users can use to register new user accounts
  • verify.blade.php this view contains the form that users can user to verify their email address after registration.
  • passwords/email.blade.php this view contains the form that allows users to request a reset the password link if they have forgotten the password.
  • password/reset.blade.php this view contains the form that users can use to reset the password.

Next open /app/Http/Controllers directory

You should be able to see a new controller HomeController.

Open the HomeController

You should be able to see the following code

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class HomeController extends Controller
{
    public function __construct()
    {
        $this->middleware('auth');
    }

    public function index()
    {
        return view('home');
    }
}

HERE,

  • public function __construct(){...} defines a class constructor that loads the auth middleware $this->middleware('auth');. This makes all of the methods defined in this class protected. If a user is not logged in, they are redirected to the login page. But if the user is logged in, they access to granted to the protected areas.

Another thing to notice in the Controllers directory is the new directory Auth that has controllers for registration, login, password resets and account verification.

Run the following command to check the registered authentication routes

php artisan route:list

You should be able to see the following results

Laravel 6 Authentication Routes

Start the built-in server using the following command

php artisan serve

Load the following URL into your web browser

http://localhost:8000/register

You should be able to see the form for registering a new account

Fill in the form details and register for an account

Laravel will create a user account in the database and automatically login you.

If you check the users table in the database you will notice that the user password is a hash value. This is because Laravel automatically encrypts your password using an algorithm called blowfish. This way, even if the database is compromised, the attackers will not have easy access to the users' passwords.

Play around with the registered links and see what you can do. For resetting passwords, you can read the lesson on Laravel email and take it as a challenge to implement sending password reset links via email.

Protected Routes

A protected route is one which is only accessible to authenticated users. Users who are not logged in cannot access this route. Laravel comes with the auth middleware that we can inject into routes that we want to protect.

The following sample code shows you how to protect a route using auth middleware.

Route::get('/web', 'BladeController@page')->middleware('auth');

HERE,*

  • ->middleware('auth'); applies the auth middleware to our route. If the user is not logged in and they try to access the above URL, then Laravel will automatically redirect them to the login page.

Summary

Authentication involves providing that you are who you claim to be. This is done at a basic level using a combination of a valid email address and password. Laravel via the ui package allows us to automatically scaffold authentication. Basic routes, views and controllers are created for us that we can use to build on. Laravel also ships with the auth middleware that we can use to protect routes and controllers.

What next?

If you enjoyed this lesson then show us your appreciation by creating a free accounts on our site. As always we appreciate your comments down below.


...