Authorization & Authentication | Login & Register System In Laravel | Laravel 8 For Beginners

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up guys my name is dari and i hope that you have a great day because today i'm going to talk about user authentication and authorization in many programming languages setting up a basic user authentication system with registration login sessions password resets and access permissions consumes a lot of time laravel found a way to make authentication very easy to use and to understand whether you have a freshly installed larval project or the project that we're running right now laravel projects always have a create user table migration and a user model there are a lot of different ways how you could pull in a login and register system ui this can be done through bootstrap tailwind and way more and since we use tailwind in this course let's go to the cli and write down php artisan ui so create me a ui of tailwind css space double dash art of authentication let's hit enter and this will create the ui from us and as you can see please run npm to compile your fresh scaffolding so let's copy it paste it right here and this might take a second so we'll edit it out all right as you can see npm is running so let's open a new tab let me zoom in let's go to the desktop workspace cars all right and we will get to the ui in a second but first i want to start off with the user model and user migration now for the migration let's open the database folder migrations and let's see which one it is it is the create users table so the first one now in here you can see that we're creating our table users with an id name a unique email the timestamp where the email has been verified a password the remember token and timestamps this covers everything you need to handle basic user authentication in most applications right now like i said the first migration that larva automatically created for us is the users table it also has a model called user so let's open our models let's open user.php now in here you can see a bit more code than we had previously or what we have created before and honestly it's a little bit more complex since we've talked about the protected fillable we're saying that the name email and password needs to be fillable and the password and remember token needs to be hidden before we continue on i want to make sure that you guys know what the difference is between authentication and authorization since it's something that could confuse you now whenever you want to authenticate you're basically verifying what someone is and then you will allow them to act as a person inside your application think about the login and log out process it allows the user to identify themselves during the time they use your application now authorization means that you're going to determine whether the authenticated user is allowed so authorized to perform specific behavior in your application a good example might be adding an access type to your application which makes a user enter specific pages on your application if we go back to our user model we can obviously conclude that this data will be picked up from the users table the name email and password needs to be filled in and the password and remember token properties are excluded when you output the data as json which is good right because you don't want to show your password and you remember token so let's scroll up what is this authentic cable that's extended by the user class so let's command click on it and if you're new to coding you might think that this isn't very important but it actually is this file implements three different files the first one is the authenticable contract requires important methods that allows the framework to authenticate instances of this model to the authentication system now if we scroll back up open the user php now if we click on authorizable contract you can see a method right here named can which allows the framework to authorize instances of this model for their access permission in different contexts and finally we have the can research password contract and if we open that one as well you can see two methods the get email for password reset and the send password reset notification this allows the framework to reset the password of an entity that satisfies this contract now since we have required the authentication ui let's open it right now and see what just happened first let's close off these pages and let me scroll up i don't need a vendor anymore and we don't need the database but let's open routes and the web.php file if we go to the cli first and write down php artisan route list to see all the routes i made a typo route collin list excuse me let me zoom out you still can't see the login register and all the other routes this is happening because we need to clear our routes and optimize it once so let's write down php artisan route colon clear to clear the route and then let's perform php artisan optimize and if we perform php artisan route calling list one more time you can see all the routes that has been created for us including the login register password reset and way more let me zoom out all right this looks better i won't go over all these routes but most of them make sense if you followed my php course up until this point so if we go back to our web.php file you can see that we use odd column column routes and this is basically the same as route column call and resource this bundles up all predefined routes so you don't need to define them manually again and a new get route has been created for us right here which will require the home controller class but we will cover these in a bit if we go to the browser and remove the endpoint you can see that we've been redirected to a new login page and that has been done with a total of three lines of code in our ui and we didn't even created this login page this is pretty cool isn't it you might wonder how this process work it all happens in the authentication namespace controllers so let's go to our controller let's close off the model http controllers and you can see a new folder called art let's open it and let me make it a little bit bigger alright right here you can see a confirmed password forgot password login register reset password and a verification controller i want to go over these files to show you what actually happens behind the scenes and first off i want to start with the register controller and here you can see some basic uses so the controller register uses the hash and the validator and the class register controller extends the default controller it has a property or better called a trait called register user and then it has a redirect so a protected redirect to the route service provider colin collin home and this will define where users will be redirected to after the registration if you want to change it press command and click on home and you will be redirected to a constant where you could change the values but we won't do it right now let's open the register controller again now if we scroll down a little bit more you can see your constructor which i won't cover right now because it's the middleware and we haven't talked about that yet but we have two methods a validator and a create method the validator method accepts a data array as you can see with the data from the input fields then it will validate it as we did a couple videos back right here and then it will make a new user now there's also a create method which defines how to create a new user based on the incoming registration so right here you will hash the current password right here now for the login controller let's open it you obviously know that it will allow users to log in and i think it pretty much speaks for itself right it will bring in the authentication users so a trade same as in the register controller and it has a redirect to home again and it has its own middleware we also have the reset which will simply pull in the reset password straight right here that provides validation and access to basic password reset views a password broker class of larval will be pulled in to handle sending password reset emails we have a forgot password controller that simply pulls in the send password reset email create and it will show the password email form we have a verification controller that will pull in the verified email trade right here it will verify the emails and it will sign up users so up until this point we talked about migrations models controllers and routes and most of these were also created within the cli so what about the actual ui since laravel 5.2 laravel provides an authentication scaffold for us that gives you a skeleton code and well i actually showed it to you when we entered our ui because this is completely new to us and the cool thing about it is the fact that it takes care of the authentication in the web.php file or the art excuse me right here it will create the routes for us so we don't need to do anything so if we go to our app that blades the php inside our resources views layouts you can see a lot of new code that we didn't wrote ourselves but the most important one is right inside of the nav right here this part right here we have an if statement well first we have a guest so whenever a user is not logged in or not registered show a login button and a register button else print out the name and create a log out button now i don't want this video to be me talking all the time so i want to code a little bit what my goal eventually is is well let's go to forward slash cars as an endpoint is to remove the add new car whenever a user is not logged in and if a user logs in it can edit and delete its own post so not someone else's this can be done with the user interface so let's go to our contours index.blade.php and before we write any code let's write down or dd our odd column colon user save it go to google chrome refresh it and right now it's no so there is no data of a user so what we could do is to go to forward slash register create a new user so let's say code with dory info at nice and let me add my password let's register a user and as you can see we're logged in right now because the endpoint is forward slash home so this is the redirect to in every controller that we have if we go to forward slash cars we still have our dd and we have a lot of information regarding the user so now we're able to tell the application if it should allow users what type of button needs to be available for them so let's create that so let's rewind for one second in order to show the edit and delete button of a specific post we need to make sure that we add a user id inside the cars table because if we go to our mysql right now let's write down select all from cars i mean desk cars you can see that we have nothing which links the users table to our cars table so let's go to the other tab because we need to create a new migration called php artisan and let me zoom in a little bit alright make me a migration called add underscore user underscore id underscore 2 underscore cars underscore table enter our migration has been created for us so let's go and open it migrations it's the last one and in here we only need to add a new table which is an integer and the name is user underscore id let's also add the down method so table drop column with the name user underscore id right now we are ready to migrate it so save it i turn php artisan migrate all right now we need to somehow add our user id inside the create a car method so let's do that let's open the controller so the cars controller let's go to the store method and right below image pad let's say then we won't have the user underscore id and then we want to pull in the odd user and the specific id save it but before we test it out we need to add a user underscore id inside our fillable in their model let's open the card.php and in the fillable right here let's add user underscore id save it let's go to google chrome well let's remove our dd first save it refresh the page we're logged in and the add a new car button is still available but if we log out and go to forward slash cars add a new car is still available so let's go to our ui and let's say right above our div create an if statement because we're ready to show the add a new car button for users that are logged in so what we want to check is if aud user has been set if it is copy the entire div paste it right inside of the if statement now let me align it save it google chrome refresh it and the button is gone so let's log in all right log in go to forward slash cars and add a new car button has been added now we could add an else statement right here but it's optional so let's say add else on the line below paragraph please log in to add a new car let's give our paragraph a class of py-12 and it's italic save it go to google chrome well please log in to add a new car will not be visible because we're logged in right now and i don't want to log out because if we add a new car so choose the file i've got an image right there the brand name is audi or well this is mercedes 1918 description this is my mercedes submit it and you can see that mercedes has been added but if we log out right now go to forward slash cars you can see the edit and delete button still available so to change this we need to somehow check for the user id of the aud and the user id inside the cars table that we just added so let's go to our code scroll down right inside of our loop below the div class margin auto create a new if statement where we want to check if it is set so our odd column column user id has been set and we want to see if the odd color colon user id is equal to car user underscore id so the user that has been set needs to be equal to this specific car of the user id so let's copy the entire div paste it inside the if statement and let's align it again save it go to chrome refresh it and the buttons are gone let's log in one more time let's change the end points to cars and the edit and delete button are still available now the last thing that i want to show you is how we could redirect a user after accessing some page that they are not allowed to from the url well let's log out for one more time let's go to forward slash cars but if we add forward slash create to it we're still able to create a car so how are we going to block this there are many different ways how you could do that we could set it inside the web.php we could do it inside controllers but what i like to do is to use middleware and i know that i really haven't talked about the middleware but in this case it's so important and it's so much better than all the different methods that i want to show it to you so let's go to our cars controller right here right above our public index let's create a constructor so public function double underscore construct and what we want to say is that this middleware in here we need to pass in two params the first one is called odd in single quotes comma array in here we want to say accept so the methods that we do want to show people or users is another array and in here we need to pass in the methods so we want to show a user the index page without being logged in and the show page so we don't want to show them the store page or the create page save it google chrome refresh the page and we have been redirected to the login page so let's try to go to cars again we can access the show method so number 23 and if we log in for the last time you can see that we are allowed to enter the cars forward slash create alright this was it for this video we covered most of the authorization and authentication in laravel and if you do like my content and you want to see more leave this video a thumbs up and if you're new to this channel please hit that subscribe button

Info

Channel: Code With Dary

Views: 48,193

Rating: undefined out of 5

Keywords: laravel, laravel 8, laravel php framework tutorial - full course for beginners 2020, laravel 8 tutorial for beginners, laravel php framework tutorial full course for beginners, learn laravel for beginners, learn laravel step by step, laravel full course, php laravel youtube, laravel tutorial youtube, how to learn laravel, laravel tutorial 2020 - the complete developer course, laravel tutorials from scratch to advanced, login system laravel, authentication laravel

Id: XCrmk1bKxf4

Channel Id: undefined

Length: 20min 3sec (1203 seconds)

Published: Mon Feb 08 2021