auth.md

Authentication & Authorization Tips (cd ..)

• Hook into Authentication Events
• Deny As Not Found
• Authenticate the User Once
• Log Out Other Devices
• Log Out The Current Device Only
• Check if a User is a Guest

Laravel Tip 💡: Hook into Authentication Events (⬆️)

Did you know that the Laravel authentication component comes with multiple events you can listen to? Whether a user attempts to log in, or fails to do so, you can handle these events as you wish 🚀

<?php

protected $listen = [
    Illuminate\Auth\Events\Registered::class => [],
    Illuminate\Auth\Events\Attempting::class => [],
    Illuminate\Auth\Events\Authenticated::class => [],
    Illuminate\Auth\Events\Login::class => [],
    Illuminate\Auth\Events\Failed::class => [],
    Illuminate\Auth\Events\Validated::class => [],
    Illuminate\Auth\Events\Verified::class => [],
    Illuminate\Auth\Events\Logout::class => [],
    Illuminate\Auth\Events\CurrentDeviceLogout::class => [],
    Illuminate\Auth\Events\OtherDeviceLogout::class => [],
    Illuminate\Auth\Events\Lockout::class => [],
    Illuminate\Auth\Events\PasswordReset::class => [],
];

Laravel Tip 💡: Deny As Not Found (⬆️)

When defining gates or policies, for security reasons, we often opt to return a 404 instead of a 403. Laravel provides the "denyAsNotFound()" method for this purpose 🚀

<?php

use App\Models\User;
use Illuminate\Auth\Access\Response;
use Illuminate\Support\Facades\Gate;

Gate::define('edit-settings', function (User $user) {
    return $user->isAdmin
        ? Response::allow()
        : Response::denyAsNotFound();
});

Laravel Tip 💡: Authenticate the User Once (⬆️)

Did you know that Laravel ships with the "once" method for authenticating the user only for the current request? This can be handy in various scenarios, such as building single-use links or RESTful APIs 🚀

<?php

if (Auth::once($credentials)) {
    // ...
}

Laravel Tip 💡: Log Out Other Devices (⬆️)

When users log out, you might want to ask them if they want to log out from other devices while keeping the current one. Luckily, Laravel ships with the "logoutOtherDevices" method that does exactly that 🚀

<?php

use Illuminate\Support\Facades\Auth;
 
Auth::logoutOtherDevices($currentPassword);

Laravel Tip 💡: Log Out The Current Device Only (⬆️)

Did you know that Laravel ships with the "logoutCurrentDevice" method, which allows you to log out only the currently authenticated device? 🚀

<?php

use Illuminate\Support\Facades\Auth;
 
Auth::logoutCurrentDevice();

Laravel Tip 💡: Check if a User is a Guest (⬆️)

We often need to check if a user is authenticated, and for that, we use the "check" method. But did you know that when you need to check if a user is a guest, you can use the "guest" method instead? 🚀

<?php

// This is good
if (! Auth::check()) {
    // The user is a guest
}

// This is more readable
if (Auth::guest()) {
    // The user is a guest
}