I'm having a problem with authentication in my Laravel 5.8.10 project. I am not using the default form that Laravel creates for authentication. When I access the URL/dashboard in a browser, typically the user would get redirected redirect upon login. The application allows it anyway. Also when I give use Auth::user()
it returns null.
When I type an invalid username and password, it's not passed from the login screen. When I type invalid credentials it redirects to the dashboard. The problem of accessing the URL through the dashboard view also continues. It's as if you do not need authentication to access the route.
Note: I have in my .env file a variable PASSWORD_HASH
to enable or disable password encryption.
User model
namespace App\Entities;
use Illuminate\Notifications\Notifiable;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Database\Eloquent\SoftDeletes;
class User extends Authenticatable
{
use Notifiable;
use SoftDeletes;
protected $table = "users";
public $timestamps = true;
protected $fillable = [
'cpf', 'name', 'phone', 'birth', 'gender', 'notes', 'email', 'password', 'status', 'permission'
];
protected $hidden = [
'password', 'remember_token',
];
public function groups()
{
return $this->belongsToMany(Group::Class, 'user_groups');
}
public function setPasswordAttribute($value)
{
$this->attributes['password'] = env('PASSWORD_HASH') ? bcrypt($value) : $value;
}
}
config/auth.php
return [
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Entities\User::class,
],
],
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
],
];
DashboardController
public function auth(Request $request)
{
$data = [
'email' => $request->get('username'),
'password' => $request->get('password')
];
try {
if (env('PASSWORD_HASH')) {
Auth::attempt($data, false);
} else {
$user = $this->repository->findWhere(['email' => $request->get('username')])->first();
if (!$user)
throw new Exception("O e-mail informado é inválido. PEEEEN!");
if ($user->password != $request->get('password'))
throw new Exception("A senha informada é inválida. PEEEEN!");
Auth::login($user);
}
return redirect()->route('user.dashboard');
} catch (Exception $e) {
return $e->getMessage();
}
}
Routes
Route::get('/login', ['uses' => 'Controller@fazerlogin']);
Route::post('/login', ['as' => 'user.login', 'uses' => 'DashboardController@auth']);
Route::get('/dashboard', ['as' => 'user.dashboard', 'uses' => 'DashboardController@index']);
View login
<section id="conteudo-view" class="login">
<h1>Investindo</h1>
<h3>O nosso gerenciador de investimento</h3>
{!! Form::open(['route' => 'user.login', 'method' => 'post']) !!}
<p>Acesse o sistema</p>
<label>
{!! Form::text('username', null, ['class' => 'input', 'placeholder' => "Usuário"]) !!}
</label>
<label>
{!! Form::password('password', ['placeholder' => 'Senha']) !!}
</label>
{!! Form::submit('Entrar') !!}
{!! Form::close() !!}
</section>
.env
PASSWORD_HASH=false
The idea is that when it's false when registering a user it stops encrypting the password, and when true, do the encryption. This is working.
Database User