Adding extra conditions in default Laravel Authentication

Different ways to add extra conditions in Laravel 5.2 Authentication

Adding extra conditions in default Laravel Authentication

Laravel comes with a very simple yet powerful authentication system out-of-box. The Authentication system is HIGHLY flexible to meet all different types of requirement for authentication.

In this post we will see about adding extra conditions to default Laravel authentication i.e for example add a check for is_approved when a user login.

First thing we need to know is authentication happens inside AuthController Present in App\Http\Controllers\Auth namespace. This AuthController class uses AuthenticatesAndRegistersUsers and ThrottlesLogins Traits by default. As the name of this trails suggests AuthenticatesAndRegistersUsers is used for Authentication and registration of users, and ThrottlesLogins is used to block a user after multiple failed logins attempt (of course you can remove this trail if throttle is not required).

AuthenticatesAndRegistersUsers trait is present in /vendor/laravel/framework/src/Illuminate/Foundation/Auth/ (check here in laravel github repo) directory and it uses AuthenticatesUsers trait present in same directory. If we look inside this trait it has a method login which does all the heavy lifting of users authentication.

Now in order to add a new condition for login, we have two different ways to do it (you can use the one you feel is the best):

  1.  Defining a authenticated method in AuthController:
    • If we take a deeper look inside login method, we will find that after the user credentials has been validated, handleUserWasAuthenticated method is called.
    • handleUserWasAuthenticated method checks if there is any authenticated method defined by user which needs to be called after validating the credentials.
    • So, simply define authenticated method in AuthController Class with all different checks which is required.

    So that’s all. Now the authentication system works the way you want it to. 🙂

  2. Override ‘getCredentials’ method present in ‘AuthenticatesUsers’ trait :
    • Create a getCredentials method in AuthController
    • This ‘getCredentials’ gets all the values which need to be check for validating. So add is_approved = 1 along with username and password.

    • So that’s all with this way of doing. Now, Auth attempt method will check for username/password/is_approved before authenticating any user.

While both ways work perfectly, I preferred solution 1, just because it gives a more accurate error message to user i.e “not yet approved”. With solution 2, it is not possible to get a accurate error message, only message we can display is “These credentials do not match our records”.

Hope it made you understand process of adding some extra conditions in Laravel authentication.

Feel free to ask any question and share your view/suggestions.

Thank you 🙂

2 Comments

  • Bole Reply

    When I tried this method I get error saying "Argument 1 passed to App\Http\Controllers\Auth\AuthController::authenticated() must be an instance of Request, instance of Illuminate\Http\Request given, called in C:\wamp64\www\utrosenost2016\vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php on line 115 and defined".

    2016-07-14 00:29:07
    • Nikhil Agrawal

      Hi Bole,
      In AuthController for importing Request library use
      use Illuminate\Http\Request;
      Let us know if it help.

      2016-07-14 10:28:37

Leave a comment

Your email address will not be published. Required fields are marked *