This week has been all about poster exam and getting to know more about Laravel but also working on the group project. We had a poster exam Tuesday which means that i spent the most of my monday preparing what i wanted to say and what pictures i wanted to show.

The poster exam went very well and was finished by noon which gave me enough time to work a little bit more with the project. At the moment our group project offers an API which can then be consumed by other applications. The API allows you to GET information about products ( food items / menus ) in the application. The plan is to make POST requests available, so we can make orders from our own applications ( specializations projects ).

Laravel authentication

During this week i learning about how you can make integrate and configure authorization in a Laravel application in just a few seconds. Below is an example of how to do it inclusive the Artisan command:

php artisan make:auth

Views

As mentioned in the previous section, the php artisan make:auth command will create all of the views I need for authentication and place them in the resources/views/auth directory.

The make:auth command will also create a resources/views/layouts directory containing a base layout for my application. All of these views use the Bootstrap CSS framework and can easily be customized for the project.

Authenticating

Now that I have routes and views setup for the included authentication controllers, I am ready to register and authenticate new users for my application! I may access y application in a browser since the authentication controllers already contain the logic (via their traits) to authenticate existing users and store new users in the database.

Retrieving The Authenticated User

It is possible access the authenticated user via the Auth facade as shown below:

use Illuminate\Support\Facades\Auth;

// Get the currently authenticated user...
$user = Auth::user();

// Get the currently authenticated user's ID...
$id = Auth::id();

Alternatively, once a user is authenticated, It’s possible to access the authenticated user via an Illuminate\Http\Request instance. Also type-hinted classes will automatically be injected into the controller methods as shown below:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

class ProfileController extends Controller
{
    /**
     * Update the user's profile.
     *
     * @param  Request  $request
     * @return Response
     */
    public function update(Request $request)
    {
        // $request->user() returns an instance of the authenticated user...
    }
}

During this week i have learned a lot new stuff about how ti implement authorization either on the specific route, but also for a specific method in the Authorization service provider. Here it’s possible to define auth functionality and reference it in the controller.

This makes it possible to add authentication on only specific elements like update, store and delete objects. An example could be that i had a list of projects and each project could contain tasks. I would like to show the projects to all users including guests, but limit access to edit and delete functionality. Using my auth methods from the service provider it’s possible to determine what kind of users should have access to this.

If you got a site where you are the admin or owner of the site, you want access to all functionality. Then it’s possible to make a method on the user profile called let’s say “isAdmin” and then in the boot for authentication skip all authorization if the user got the role isAdmin.

Another way of protecting a controller is by calling the middleware method from the controller’s constructor instead of attaching it in the route definition directly:

public function __construct()
{
    $this->middleware('auth');
}

The test project i made for the authorization was hosted on my server with FastCGI. A thing i noted was that If you are using PHP FastCGI, HTTP Basic authentication may not work correctly out of the box. The following lines should be added to the .htaccess file:

RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Next week will be about cleaner controllers, currently my controllers are a bit messy (but working). I will also be experimenting a bit more with Eloquent Relationships, better Encapsulation and if i got the time some events and listeners.

Leave a Reply