Skip to content

codebar-ag/laravel-auth

Repository files navigation

Latest Version on Packagist GitHub-Tests GitHub Code Style Total Downloads

This package was developed to give you a quick start to authenticate in laravel. It is opinionated and uses the following packages:

πŸ’‘ What is Laravel Auth?

Laravel Auth is an internal Laravel Nova Authentication replacement to gain more control over authorizing into Laravel Nova.

πŸ›  Requirements

> = v1.0

  • PHP: ^8.2
  • Laravel: ^10.*
  • Microsoft SSO

βš™οΈ Installation

You can install the package via composer:

composer require codebar-ag/laravel-auth

Add the following script to your composer.json file:

"scripts": {
    "post-update-cmd": [
      "@php artisan vendor:publish --tag=auth-assets --ansi --force"
    ],
}

Add configuration to your config/services.php file:

'microsoft' => [
    'client_id' => env('MICROSOFT_CLIENT_ID'),
    'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
    'redirect' => env('MICROSOFT_REDIRECT_URI'),
    'tenant' => env('MICROSOFT_TENANT_ID'),
    'include_tenant_info' => true,
],

Add the following environment variables to your .env file:

MICROSOFT_CLIENT_ID=your-client-id
MICROSOFT_CLIENT_SECRET=your-client-secret
MICROSOFT_REDIRECT_URI="${APP_URL}/auth/service/microsoft/redirect"
MICROSOFT_TENANT_ID=your-tenant-id

⚠️ You need to provide a publicly accessible URL for the MICROSOFT_REDIRECT_URI environment variable. You can use expose or ngrok for local development.

APP_URL=https://your-expose-or-ngrok-url.com

# βœ… This is recommended for production as well:
MICROSOFT_REDIRECT_URI="${APP_URL}/auth/service/microsoft/redirect"

Add the following trait to your User model:

use CodebarAg\LaravelAuth\Traits\HasAuthProviders;

Update your App\Http\Middleware\Authenticate middleware:

...
protected function redirectTo(Request $request): ?string
{
-    return $request->expectsJson() ? null : route('login');
+   return $request->expectsJson() ? null : route('auth.login');
}

Finally, run the following command:

php artisan auth:install

πŸ’‰ Tests

If you wish to add pest tests, run the following command:

php artisan auth:install-tests

Next add the following to your phpunit.xml file:

<testsuite name="Auth">
    <directory>tests/Auth</directory>
</testsuite>

You will also need to add Auth to your Pest.php file:

uses(Tests\TestCase::class)->in('Feature', 'Auth');

🚏 Routes

Below are the following routes provided by this package:

Method URI Name Middleware
GET | HEAD /auth/login auth.login web
POST /auth/login/store auth.login.store web
ANY /auth/logout auth.logout web
GET | HEAD /auth/password auth.request-password web
POST /auth/password/store auth.request-password.store web
POST /auth/password/reset auth.reset-password web
GET | HEAD /auth/password/token/{token} auth.reset-password.store web
GET | HEAD /auth/service/{service} auth.provider web
GET | HEAD /auth/service/{service}/redirect auth.provider.redirect web
GET | HEAD /auth/email/verify auth.verification.notice web
GET | HEAD /auth/email/verify/{id}/{hash} auth.verification.verify web
POST /auth/email/verification-notification auth.verification.send web

πŸͺ Nova Adjustments

Add the user menu for logout to your NovaServiceProvider boot method:

use Illuminate\Http\Request;
use Laravel\Nova\Menu\Menu;
use Laravel\Nova\Menu\MenuItem;

class NovaServiceProvider extends NovaApplicationServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        parent::boot();

        Nova::userMenu(function (Request $request, Menu $menu) {
            return $menu
                ->append(MenuItem::externalLink('Logout', route('auth.logout')));
        });

Next in your nova.php config add the following:

/*
|--------------------------------------------------------------------------
| Nova Routes
|--------------------------------------------------------------------------
|
| These are the routes that are used by Nova to authenticate users.
|
*/

'routes' => [
    'login' => 'auth/login',
],

Next in your NovaServiceProvider replace the routes method with the following:

Note: you can not register routes for ->withAuthenticationRoutes() or ->withPasswordResetRoutes() as this will override the changes we made in the nova.php config to routes.

    /**
     * Register the Nova routes.
     *
     * @return void
     */
    protected function routes()
    {
-        Nova::routes()
-            ->withAuthenticationRoutes()
-            ->withPasswordResetRoutes();
+        Nova::routes();
    }

πŸ”§ Configuration file

You can publish the config file with:

php artisan vendor:publish --tag=auth-config

This is the contents of the published config file:

<?php

// config for CodebarAg/LaravelAuth

use CodebarAg\LaravelAuth\Enums\ProviderEnum;

return [
    /*
    |--------------------------------------------------------------------------
    | Redirect Settings
    |--------------------------------------------------------------------------
    | You may like to define a different route once the user is
    | logged in or out. If no redirects are defined, the package will redirect to the
    | intended route. (This is the normal Laravel behaviour)
    |
    | Use the route name as defined in your routes file.
    |
    | If password-reset is not defined, the package will redirect to the login redirect route.
    |
    */
    'redirect' => [
        // 'login' => 'dashboard',
        // 'logout' => '',
        // 'password-reset' => '',
    ],
    
    /*
    |--------------------------------------------------------------------------
    | Logo Settings
    |--------------------------------------------------------------------------
    | You may like to define a different logo for the login page.
    | You can pass either a path relative to the public folder or a full url.
    |
    */
    'logo' => [
        'path' => 'vendor/auth/images/lock.svg',
        // 'path' => 'https://example.test/images/logo.png',
        'width' => '25%',
    ],

    /*
    |--------------------------------------------------------------------------
    | Middleware Settings
    |--------------------------------------------------------------------------
    | By default, the package will use the web middleware group.
    | You may define them the same way you would in your routes file.
    |
    */
    'middleware' => [
        //
    ],

    /*
    |--------------------------------------------------------------------------
    | Link  Settings
    |--------------------------------------------------------------------------
    | By default, the package will use 60 minutes as the expiration time for
    | the signed links used in the email verification process.
    | You may define a different value here.
    |
    */
    'link_expiration_in_minutes' => 60,

    /*
    |--------------------------------------------------------------------------
    | Toast Settings
    |--------------------------------------------------------------------------
    | By default, the package will use 5000 milliseconds as the time to fade
    | out the toast messages.
    | You may define a different value here.
    |
    */
    'toast_fade_time_in_milliseconds' => 5000,
    
    /*
    |--------------------------------------------------------------------------
    | Password Reset Settings
    |--------------------------------------------------------------------------
    | By default, the package will use the password_resets table.
    | You may define a different table name here.
    |
    */
    'password_reset_table' => 'password_resets',
    
    /*
    |--------------------------------------------------------------------------
    | Provider Settings
    |--------------------------------------------------------------------------
    | Add the providers you want to use here.
    | e.g ProviderEnum::MICROSOFT_OFFICE_365,
    |
    */
    'providers' => [
         ProviderEnum::MICROSOFT_OFFICE_365,
    ],
    
    
    /*
    |--------------------------------------------------------------------------
    | Feature Settings
    |--------------------------------------------------------------------------
    | By default, all features are enabled.
    | You may disable a provider by adding changing the value to false.
    |
    */
    'features' => [
        'basic' => true,
        'sso' => true,
        'password_reset' => true,
        'email_verification' => true,
    ],
];

πŸ” Verify

If you wish to use email verification, you can add the following to your User model:

use Illuminate\Contracts\Auth\MustVerifyEmail;

class User extends Authenticatable implements MustVerifyEmail

Then you can use the following middleware to protect your routes:

Illuminate\Auth\Middleware\EnsureEmailIsVerified::redirectTo('auth.verification.notice'),

You use verification in nova, add the middleware into in your nova.php config:

/*
|--------------------------------------------------------------------------
| Nova Route Middleware
|--------------------------------------------------------------------------
|
| These middleware will be assigned to every Nova route, giving you the
| chance to add your own middleware to this stack or override any of
| the existing middleware. Or, you can just stick with this stack.
|
*/

'middleware' => [
    'web',
    EnsureEmailIsVerified::redirectTo('auth.verification.notice'),
    HandleInertiaRequests::class,
    DispatchServingNovaEvent::class,
    BootTools::class,
],

🎨 Customisation

You can publish the views using:

php artisan vendor:publish --tag=auth-views

You can publish the assets using:

php artisan vendor:publish --tag=auth-assets

You can publish the config using:

php artisan vendor:publish --tag=auth-config

You can publish the migrations using:

php artisan vendor:publish --tag=auth-migrations

You can publish the translations using:

php artisan vendor:publish --tag=auth-translations

This package uses Laravel Honeypot to prevent spam.Check out the documentation to learn how to customise it.

🚧 Testing

Copy your own phpunit.xml-file.

cp phpunit.xml.dist phpunit.xml

Run the tests:

./vendor/bin/pest

πŸ“ Changelog

Please see CHANGELOG for more information on what has changed recently.

✏️ Contributing

Please see CONTRIBUTING for details.

πŸ§‘β€πŸ’» Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

πŸ™ Credits

🎭 License

The MIT License (MIT). Please see License File for more information.