(Part 2) Logging In Multiple Users - Native Multi Auth in Laravel 5.4

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everybody and welcome back to the deaf marketer Channel in this video we're going to continue our little mini series about multi authentication multiple authentication for level five point four the previous video video we really set up all the multi authentication we got our new guard setup so we can now reference our new admins authentication by just using the admin guard alright so that was kind of the bulk of what super important about this series but of course like all my videos I want to walk you guys through the rest of steps just in case you don't know how to do those other parts some of you guys might be familiar with how to kind of finish this off and just kind of clean it up once you understood the guards section so that's why I broke it up into multiple videos but today's video we're going to kind of take one more step into what you need to really complete the whole process and that's to make a working login form so by default you come over here and take a look at the login form that we created this login form actually will only log you in for users it will not log you in for admins remember we have two different types of users we have admins and customer slash users right so our customers this is only going to log us in for our users model but not our admins model okay so the question now is how what do we do from here how do we log in as a admin because I can currently log in as a user and we know this we know we're at the user dashboard now and if I try to go to the admin section I can't right it puts me back over here so we know the authentication is working we just need to find a way that we can log in as an admin and that's we're going to be doing in this video today now you might wonder why you can't just use the existing contact form why can't you just use the same contact form well the reason is because the these login forms are tied to a specific model it's trying to log you in as a user and it has to kind of have a good idea for which proble to do of course there are ways you could get creative if you really want to use the same contact form you could have some sort of select box three or something but I would really question why you would want that really think about that because truthfully if you have to uniquely David types of users you don't want to confuse them with having to choose what kind of user they are most of the time like in this example here that's why we put the users but you know generic users at the slash login is because most these customers aren't even concerned about the fact that you also have admin users ok so they just want the ability to log in your admin users or your employees then have you know another login they go to to log in to the backend and that's pretty normal no one really thinks much of that so I would recommend following that same paradigm ok so let's go ahead let's get up our login form setup in order to get the login form working we're going to actually be creating another controller for managing all of the logins we need to display a login and we need to just but we actually need to perform the login function so I'm going to go through both those steps obviously showing the form is pretty easy actually registering or logging someone in it's going to be relatively simple as well we're going to be using the off facade so this is stuff that's already built into label and because we're using native authentication this is going to be something that is pretty easy out of the box level handles most of it but I'm just going to show you how to connect the pieces so let's go ahead and let's start by creating that login controller that we can use to manage everything actually before that I just want to show you guys the demonstration I want to run a PHP artisan route list and this is obviously listing all of our routes I just want to show you guys what is here so we've got a couple difference we've got two different login URLs we've got one at the get HTTP type and then one is a post and obviously this one here shows the login form as you can see it uses login controller show login form and then the other one is actually performing the login now we also have a log out function and I'm actually just going to use the same logout function for both of these you can the logout actually works universally so it logs you out of both guards so you can just use the one logout you don't need to create a second one so we're just going to maintain the same logout this slash logout posting to slash logout it's got a named logout and goes to this logout function if you go look at the controller code that actually comes with level you'll see that it just logs you out of all the guards resets the it clears out the session and then sets up a brand new clean session and then redirect you home so that's it's those four lines and that's all the logout does of course you want to duplicate it for your admins you could do that and set it specific to the guard but for this purpose I'm just going to I just going to let it when you use logout its logs you out of everything it just resets the entire session okay so we just need to be making these two log informs the rest of this you can see is managed pretty well we're going to talk about password resets in not the next video but the one after that and then registration forms I'm not going to worry about generally with your admins if you're doing something like user in admins we already can allow users to register that comes out-of-the-box for registering admins that's a little weird I usually are not going to want to register have admin you know the ability to register themselves so you'll generally setup a super admin and then from the backend interface the super admin can create new admins and invite them to your app but you're generally not going to have like a forward-facing registration form and if you did want a forward-facing registration form all you're doing is you're just creating a form and when they submit it you're going to do abnormal like read crud resource create function it's nothing new you don't really need to worry about the guards you don't need to worry about anything it's no different than creating a blog post or creating a wish list item or whatever else you're creating it's no different than that you're just going to do a normal create and fill in the items in the database and you're good to go so that's all it takes to do register so it's not really worth showing because it's just a basic crud create function okay so we're going to focus today on these two you can see that in our controller in the off login controller we have two functions show login form and login so let's just take a look at those real quick and then we're going to create our own so HTTP controller's off and then we have our login controller now you'll notice most they don't really see anything here and the reason is it's because everything's getting inherited from authenticated users so we can find that by following this up here if we go to vendor level framework source and then you can follow illuminate foundation so illuminate Foundation and then off and authenticates users oops trying to clean up this okay off authenticates users so this here is let's open both of these so often to kiss users and then come back up here and do logging the drawer okay so as you can see over here on the side authentic its users is what is actually basically most of the logic for this login controller you can see here we got our show login form it just returns a view pretty basic and then here's the actual login function so the one thing in here that we're not going to be implementing is is the timeout events or the the lockout events for throttling logins of course you could create that pretty easily and you can see how it's done here it's pretty basic but I'm not going to focus on that today I'm just going to show you guys how to log in if you want to add that functionality I'm sure that you guys can figure that out alright so first of all we need to do is we need to validate the information that's coming in make sure that the information is valid from the forum and then here we actually check to see if they've currently have too many login attempts so we don't need that part in our function if they do then obviously it fires a lockout event and sends them to lockout response that they're locked out but we don't need to worry about that that's only if you're counting you're throttling logins then you can see here it attempts to actually log them in this is where the actual login function occurs if it's successful then it's going to send the login response and that would then eventually redirect them back and then if they're not successful then this happens down here which basically means it increments your login attempts and then says you know then fires the event that fit a failed login attempt occurred okay so that's basically it we're basically validating requests we're going to see if it's of the information matches up if it does we redirect them to the right place if it's not we redirect them to some other page either back to the login form or something like that just real quick we're going to take a look at this attempts login which is located down here and of course you guys can follow this code our view on this is in your vendor folder so we're going to look at this attempt login down here you can see what's happening is it's using this attempt function right so it's inside this attempt function it is basically passing in the credentials and then also passing in the remember so we're going to look at this but it's just using the authentication facade attempt function or method that's it so that's what we're going to be using and that's really all that it is that's where all the logic is if you don't think about this right here we're just validating we're running an attempt and then we're going to redirect them back if needed so let's go ahead we can create this it's actually not that difficult so first things first before we actually write the code let's create some views and some routes to make all this work so let's head back over let's see let's actually duplicate let's make a new controller for our login let's do that first so open up all I'm doing there let's go to PHP artisan make controller and we're going to make a admin c'n controller we already have an admin controller but I want to make one specific for the admins or I want to make it we already have a login controller I want to make one specific for the admins and then also let's go ahead and just do let's put it inside the auth folder so is that it goes with all these other auth functions I think that our controllers that'll be handy so that's all we need is going to click enter it created a successfully let's head back over here you can see now inside of our off we have admin login controller extending controller it brings in controller we've got the access to the request and it's namespaced in the off folder perfect so now we can make our functions so we can do public function we need to do a show login form and this is just going to return a few and let's go ahead and set it up we're going to put this in the off folder in the views so we'll go to resources view we're going to put it in this folder right here and then we'll just create one we're going quite run in a second and we'll call it instead of login we'll just call it admin - login perfect and that's all we need to do for that so that function is done now we can go through and make another one this is actually our login function login perfect and then just for now just so we don't return any errors I'm gonna return true and then that's it we're going to come back and fill in the login function in just one moment but let's just go through and get our routes and our views set up and then we'll come back and finish the login so we need to create this view first of all so let's just come down to our login you can see that here and I'm just going to duplicate this file and we're going to name an admin - login and otherwise we can just leave it basically the same let's make a few changes here we need to instead of just saying login I'm going to say admin login just so that we know that we're in the admin and then we need to change our route as well so it's normally posting to the login route what we're going to do is we're going to do admin login dot submit ok so we're going to submit the login for the admin and then that's going to be a post request so we'll remember that here in a second otherwise this is pretty basic just want to note here you've got your CSRF field obviously you're still using the web middleware so make sure you have CSRF field because that's going to be required and then you can see that we have a input for our email it's called email so that's going to be important here in just a second when we set up our login so we have a field that's coming in as email of course if you want to change this to username or something you could always do that just don't forget but it's coming in as email and then let's see we've got our password here so we've got name equals password that's the second field that holds our password and then finally we have a checkbox here called remember this is going to be either true or false depending on whether or not we have a it checked ok and then we're going to pass this function in so we can tell level whether to keep the user logged in or to just log them into this session and that's it so let me submit the form and that is it all right so that's good make sure we make this route now this admin logging up submit and that's what were going to do now we've got the view that we need let's see we already have a view I think for our admin we do and it shows admin dashboard so we're good there let's close this up and now let's take a look at our route so we're going to go to our routes web and inside of here we're going to go through and make a route for two different routes we're going to do one to show the login form and the one to posts login form so we're going to admin slash login and then we're going to attach it to off admin login controller and then we're going to do show login form like that and we're going to go and name this get all these names we're going to do admin login to present the login form now it's going to copy this and we're going to do that again down here but this time we're going to change it to a post we're going to go to the same URL and then obviously the same controller we're just going to change this the method to login and then we're going to do admin login dot submit as the name okay let's go and give this a name while we're at it our admin dashboard let's name it admin dashboard I love using named routes it makes it so much easier if you end up changing these URLs in the future you don't have to go back through and change all your authentication stuff because you've been using named routes okay so I loved using named routes and another thing I want to met okay one thing we were quick before we have a we're gonna have a bug here make sure because this is slash admin and then these are slash admin slash login make sure the slash admin actually occurs after your other ones otherwise all of these methods are going to get caught in this method okay so I'm just keep an eye on that and then also since these are all you know slash slash slash we can clean this up by doing route group or actually let's do route prefix and we're going to prefix it with admin and then we're going to do a group like that and let's go ahead and create a group for these and we'll put all of these in a group okay so now all these are in a group they're prefixed with admin so we can actually just get rid of all this admin stuff which is kind of nice now it's just going to be now it's just going to be log in so it just kind of cleans it up it's all in the admin group everything should work let's go through and just run a PHP artisan route list just to make sure everything's working correctly and then we'll go through and test it okay so you can see we've got our name is admin dashboard admin login adds and submit they're all in the admin prefix that's perfect we currently I don't really have the Metall middleware set up except for this one but we'll go through and do that here in a second and then everything else looks good this is all normal one thing I'll note while we're looking at middleware that might confuse people is in the last video we talked about the web guards a default guard for authentication is called web and I want to make sure that you guys don't get web guard confused for the web middleware those are two separate things the web middleware like what you see here here all the way down is not the web guard it's not protecting against the users what the web middleware is is it's like all of the middleware functions that you would need for any browser-based visit to your website so this is like setting up the sessions cookies stuff like that that's what the web middleware does and so I want to make sure you understand what the web middleware is doing it's different than the web guard and it's kind of confusing that layer well did that you can always change the name of web guard to like users but I just want to make sure that that's clear now there currently is nothing specifically tied to the web guard but you do see we have a default off here at the protecting the home page the slash home and this because our default authentication guard is web it will be using that but you can see it's just set to the default it's just off these two are specified other guards so this is the API guard which again is different than the API middleware so keep that in mind as well and then this is the admin of a guard for authentication all right now if we change the default then this one would automatically you know be protected by the default authentication if you wanted to specifically name it the web middleware you would want to go through and just do auth web two specifies the web guard okay so hopefully I make sense I want to make this is confusing because we have an API guard an API middleware and there are two completely different things we also have a web guard and a web middleware and they're two completely different things and if I make sure you guys don't get those two confused okay so we should be good let's go through now and look at our controller okay so everything should be good let's go ahead and just set up middleware before I forget in our controller so this since we were looking at it just barely we're going to do we're going to set it up in the construct function make sure you do double underscore the construct so this here is two two underscores and then inside of here we can define the middleware so we're going to do middleware and we're just going to say guest middleware and we're going to define specifically the auth gift all right so we're not off I mean admin sorry so the admin guest okay so we're only doing people that are not logged in as admin is who we're redirecting or who we want to be have access to this okay so perfect let's that's basically everything we need we can actually just set up our login form now forgot a semicolon there so now it's going through and set up the login function um real quick before we get to that let's just take a look make sure this works in our browser there we go everything's good all right so now let's go through and set up the login function so what we can do here is I like to always write out what we're about to do before we do it and so for me we're going to set up those steps we're going to validate the form data that's the first step oops second step is to attempt to log the user in okay if successful then redirect to their intended location where they intended to go before they got here and then if if unsuccessful then redirect back to the login with the form data all right so that's basically our four steps that we need to do and then we can start using our login so let's go ahead and validate the form data this is pretty easy you guys know this pretty well hopefully we're going to just do this validate we're going to tap in the request and then create some rules for it so create whatever rules you need in our case we just have the email and then we have password right so let's go ahead and say email is required we're going to just validate that it's an email and then the second one is password and we're going to make password also required and then if you have other parameters that you want like a minimum or a maximum you can set those here as well all right so that's basically all we need for that then we're going to have a it's going to be validated obviously if it doesn't validate it's going to read you know this whole function just redirect back and handles all of that which is really convenient now we can attempt to log the user in now this might be where you're thinking it gets really tricky but it's actually pretty simple what we're going to do is we're going to be using the off facade and actually because we're using the off facade let's make sure to import it to the otherwise we'll have that rookie mistake there but we're going to use the auspice odd and we're going to use this attempt function or method so this attempt method is actually the same one that you see in the default authentication that's what's in the law game controller that we looked at in the source code right it used this off attempt function and what you do is you just pass in the credentials in an array format so we're basically passing in the email and the password in an array and it's going to verify every element that we do and make sure it matches up to somebody in the you know in the in the admin model okay and then there is an optional parameter you can pass in as a second parameter and this is they'll remember and so with remember you're basically casting in a truthy or faulty value if it's true the-- it will also set up the session to remember across multiple session if it's faulty then it will just do it for the one session basically so that's basically the function that we're going to be using that handles all of the logic and that's what makes it super easy that makes like I said that we really don't have to do a lot of the work we're just doing a basic validate and attempt and then some redirects and that's it so this whole caught this whole funk method here returns true or false if it's truly successful false if it was not successful it will automatically handle setting up the session and then it will just return true and then if it's if it's unsuccessful then it would just returns false so what we can do is wrap this in an if statement and will easily know whether they worse it was successful or not again that's the same thing that happens in if you go look at the source code it's the same thing they do they wrap this attempt function in an if statement inside the if statement they redirect them to the correct place and outside the S statement they redirect them to the to log in again or whatever okay so that's what we going to be doing here now before we actually finish this I want to mention that remember how I said in the first video that if we do if we just run normal methods on this auth facade without specifying a guard it will work it's just going to default to the default for guard in our case we need to use the admin guard so we need to specify a guard for this to work so let's go ahead and do that so we're going to do a guard admin and then we're going to run the attempt on the admin guard okay that way we're running it actually in the admin model instead of the user's model which should be the default so that's basically that's it that's what we need let's go ahead and setup the if statement we're going to go ahead and put this guard inside of here we don't need the semicolon and that's basically it let's go ahead and configure this credentials you could set up credentials outside or we can just do it inline so we'll just do it in line real quick email and we're going to set email equal to request email and then we're going to pass in password and set that equal to the password now this might actually bring up some you know some alarm bells for some of you guys because you're thinking wait why am I not hashing the password is this is the raw password direct from the form well one of the benefits or whatever you want to call it of the attempt function is the attempt function automatically handled checking hacking the password and checking it against the hash to the stored in the database so you don't need to manually hash it you just want to put the raw password in this is actually something that screwed me up for the longest time I couldn't figure out why this wasn't working when I was doing this a while ago and I couldn't figure out why it was never on today and I thought I had screwed this up somehow and it was it turned out I was just hashing the password myself manually and then it was hashing it again so it wasn't matching up with the what you know what was in the database obviously so just make sure you remember that the other thing I'll remember is if you are in level 5.4 then you actually these automatically will be trimmed and if anything is left if there's any empty spaces they're set to null so those are two new middlewares that are available so now by default if you come look at the middleware you can see we have trim string PHP this will trim every input value coming in from the form and it'll just get rid of all the white space at the beginning of the end so that's really nice you don't need to go through and manually run the trim anymore you can just pull it straight out of the request object and it will be trimmed automatically with the exception of password fields and password confirmation okay so if you name any of your fields password or password confirmation then those ones will not get trimmed it will retain the white space and that's good that's probably a good thing I just leave it if you wanted to add a couple other ones that for whatever reason in your application you don't want the input to be trimmed you could just add it to the array here and it will not get trimmed okay but this by default will get trimmed this one won't but then everything should be working lastly let's pass in our truth of your faulty value what we can do is just pull it in from the request just do request remember and then that will pull in that checkbox it'll be true to your policy and then it will configure that for us so that is everything we need now we can actually just kind of get rid of this let's pull this item up in here and now if they are successful we will enter the if loop the if loop the if statement and then we can redirect them so let's go ahead and do that with return redirect and where are we going to redirect them well we want to try to redirect them to where they were going before they got pulled out and had to login otherwise we'll set up a default and we can you do this with a new function that you may not be familiar with and it's called intended and this is a layer whole this is a wearable method that you can use when redirecting and this is basically going to a level keeps track of where people are trying to go and so if the middleware kicks them out and requires them to login it actually keeps track of where they were trying to go before they got pulled out of that to log in and then if we use the intended function our method then it's going to put them back where they were trying to go this could be really handy if someone like click the link in an email and they went you know they were super deep in the application and then they had to log in so that when they log in it's nice to throw them right back where they meant to go instead of having them start at like the dashboard page or something of course we need to set a default just in case someone is just using the login form and they don't have an intended page that they meant to go to beforehand we need to set a default so you can either just manually you know code a URL in here or what I'm going to do is I'm going to hard-code it with a route so we're going to do unnamed route I mean so we're going to do admin dashboard and that's basically it that's all we need to do so now if there's if they successfully log in we'll send them to the dashboard or their intended location whichever now last thing we need to do before we can complete this is if they're unsuccessful to redirect them back to the form data so to do this we can just do a return pretty basic and then we're going to do a return redirect and then we will pass it back so this is another function you may be familiar with may not this just sentim through the page they were at before which should be the login page so it's just going to send them back to that page and then we're also going to pass the input values in so we'll pass it in in with inputs let's pass the request data back this way it autofills well if you've set it up correctly which it has set it up in our forms or in our view form anyway if you little test in the Qwest data only pass in the we don't want to pass in the password so let's only pass back the email and the remember okay so then we can set those to be automatically checked when they're done and that's it that's our login function that's basically everything we needed I know I had talked a lot during it but really we just as a validate we did a attempt we did the off guard attempt inside of an if statement and then we redirect them where they wanted to go or redirected them back with the input data and that's it pretty pretty sick it's actually really pretty basic so we see we've got our middleware I think we're good enough to test this now so let's head back over to Chrome and let's try to log in you know what actually I don't have a I don't have an admin so let's go and create an admin we'll just use the terminal to do this PHP artisan tinker and then let's go through and make a new admin so we're going to do admin create and actually but you know what instead of that let's go through it's a little hard to read it because it ends up being kind of dirty in there let's do a madman equals new admin and then we'll just set it up this way so name equals well does it give it a different name than our user just so we can get we know which one we're working with so we'll do admin name admin email equals hello at dev marketer dot IO and then we're going to do the password this time we will need to hash the password so let's do a hash make and then we're going to just make the password password okay and then last but not least we can finally say actually we can't save yet we have we have a job title field in here that when I set it up I made it I didn't change it to nullable so but it's going to be required that we have a job title so we'll just put job title put teacher okay perfect and then now we can save okay perfect so now we should have in our database a user which should double-check our quick refresh there we go def marketer we just created this user so now we should have a user to login so now we can do what we just tried dev Marcus Turo and we can do password and login undefined variable request oh it's a rookie mistake alright so when we did our login remember we pulled in the request we have all this requests obviously we need to make sure we have that okay there we go let's try this again it's just resubmit the form and now it works so now we're logged in with our admin perfect let's try to go to the user page and notice that it makes us log in so that's a good sign but we can go back to our admin page and we can we it'll let us into the admin so we're logged in as an admin but not as a user and so we can go to all the ads and stuff but not to the user stuff cool huh so now let's let's go through and just log out so now that we're logged out let's try to get back in there admin it won't let us in but what you'll notice is it does redirect us to the user login form and this is because of we got to tweak some middleware so the middleware by default is kind of hard coded to redirect us to this login page so we need to and we'll do this in the next video we need to tweak the middleware to basically redirect us to the correct login page for each authentication guard depending on which one we're trying to access so that's the one problem we have here list of at the end of the video the other thing is that we don't have forget my passwords up but we do have two successful guards let me just log in as a user real quick Alex at example.com I think my password is just password there we go now we're logged in as a user but if I try to log in or go to the admin page notice that I can't go there redirects me back to the users now why is it redirecting us back to the user instead of the login form well once again it has to do with that middleware so because the middleware is hard-coded to that slash login page what happens is when I try to go to admin the admin kicks me out and sends me to the slash login page instead of the slash admin slash login because we haven't defined that yet that's the next video so it sends us to slash login well when we get flashed login slash login has like has another middleware that only allows guests well I'm logged in as a user so I'm not a guest so then it redirects me to the home page so when it looks like it's sending us to the user dashboard that's what's happening is it sending us to the login page and then the login page is sending us here and it once we define that in the next video once we tell level which login forms to send us to and stuff like that then we it'll when we try to log in as an admin or try to go to an advocate it will actually send us to the admin login instead of you know back here but you can see how this works now one thing I will show you guys the way this is set up right now is let's now go to slash admin so I'm logged in to the user note that okay so I'm still logged in as a user I'm not logging out now let's go to admin slash login I should be allowed to go here right because we set it with the middleware for auth guest our guest I mean guest admin that was the middleware that we set now if you just set it as guest it wouldn't let you do what we're about to do so H ones that you can make this decision on what you want but the way we've got it set up here is we can actually now log in is both an admin and a user at the same time so now I'm going to log in as a admin I'm logged in so now I'm logged in as an admin deaf marketer and I'm also logged in as a user and Alex Curtis do serums and so we actually can be logged in as both when we do logout it's going to log in to Alice bolt as well but I just want to note that you can actually maintain multiple sessions logged in sessions here of course you could configure that but this is where the way is it works so when we do log out you'll notice admin no longer works home no longer works it log without of both of them okay so there you go guys hopefully that made sense this is the end of the video in the next video we're going to go through and just kind of configure that middleware it won't take too long it's pretty simple I'm going to show you two places to do the this was some of the stuff I actually didn't find anywhere really on the internet to get help with this so I had to figure it out on my own so if you guys are at all confused about middleware I highly recommend you take a look at that video and then finally the final video in the series after we finished middleware we'll be setting up our forget my forgot my password function for the admin so it currently works for users but I'm just going to show you guys how to make it work with admins as well or whatever your user type you're using okay so make sure you guys if you guys enjoyed this video please please please make sure you're subscribed if you aren't already if you are thank you so much I definitely appreciate the support also leave a thumbs up if it was informative I really want these videos to get some traction because there's really nothing out there explaining multi off multi at multiple authentication so I want to make sure that people can find these videos if you know they're looking for the same thing and so by given that thumbs up leaving comments and subscribing all that stuff just helps me become more visible or this video become a little more visible okay if you guys have any questions reach out to me on Twitter underscore JC u RT is and let me know what you guys think of the video that's it for today I'll see you guys in the next video

Info

Channel: DevMarketer

Views: 156,817

Rating: undefined out of 5

Keywords: laravel, tutorial, authentication, users, login, best, multiauth

Id: Ir2nAD9UDGg

Channel Id: undefined

Length: 36min 27sec (2187 seconds)

Published: Sat Feb 25 2017