Repository files navigation

• Installation
• Mail configurations
• Multi Authentication

composer install

Next you can clone the.env.example file into the.env file. This means that you have to create the same file in theroot directory under a different name e.g..env and copy paste the same credentials like.env.example file.

Laravel has a built-in CLI tool calledartisan. Your application must generate a unique base 64 key that Laravel uses behind the scenes to bootstrap this project.

Command:

php artisan key:generate

It will automatically find your.env file and place the base 64 value in the file.

Output inside the file:

APP_KEY=base64:T0huMR5Wx9EoDmjTxniKTofHD/7cOiDeVVD9eTKuCa0=

As you can see it is necessary to create the.env file in your local to bootstrap the project. ButLaravel contains 2 methods to connect to the database server.

• Use of the.env variables(I prefer this one)
• Use of the file located at theconfig/database.php

When you create this file with copy paste credentials you can see default; the database variables are written something like this:

DB_CONNECTION=mysql    DB_HOST=127.0.0.1    DB_PORT=3306    DB_DATABASE=ui_multiauth   DB_USERNAME=root    DB_PASSWORD=

You can edit values according to your own database personal preference. I am using Postgres in this case.

Note: When Laravel bootstraps the project it gives priority to the.env file as compared toconfig/** files. You can seeconfig/database.php file contains an associated array with default database settings like this.

return [            'default' => env('DB_CONNECTION', 'mysql'),      'connections' => [          'mysql' => [              'driver' => 'mysql',              'url' => env('DATABASE_URL'),              'host' => env('DB_HOST', '127.0.0.1'),              'port' => env('DB_PORT', '3306'),              'database' => env('DB_DATABASE', 'forge'),              'username' => env('DB_USERNAME', 'forge'),              'password' => env('DB_PASSWORD', ''),              'unix_socket' => env('DB_SOCKET', ''),              'charset' => 'utf8mb4',              'collation' => 'utf8mb4_unicode_ci',              'prefix' => '',              'prefix_indexes' => true,              'strict' => true,              'engine' => null,              'options' => extension_loaded('pdo_mysql') ? array_filter([                  PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),              ]) : [],          ],      ]      ]

You can only use these settings if variables from the.env file will be deleted. Otherwise, Laravel gives priority to.env variables.

Delete the variables from the.env:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=test_app
DB_USERNAME=root
DB_PASSWORD=

Lastly, Update theconfig/database.php with your database server settings:

'default' => env('DB_CONNECTION', 'pgsql')  'database' => env('DB_DATABASE', 'ui_multiauth'),  'username' => env('DB_USERNAME', 'postgres'),  'password' => env('DB_PASSWORD', 'a')

I am usingPostgres and inside.env file my database server credentials are:

DB_CONNECTION=pgsql  DB_HOST=127.0.0.1    DB_PORT=5432  DB_DATABASE=invoicer_test  DB_USERNAME=postgres  DB_PASSWORD=a

However, your main server and database server get started.

At the last make sure after updating your database settings. Please useartisan CLI to migrate the database tables.

php artisan migrate

We can seed the Admin account with the following command:

php artisan db:seed

Behind the scenes it will seed the database with the admin account in your database which has following creditenials.

name: Adminemail: admin@admin.compassword: password

MAIL_MAILER=smtp  MAIL_HOST=mailhog  MAIL_PORT=1025  MAIL_USERNAME=null  MAIL_PASSWORD=null  MAIL_ENCRYPTION=null  MAIL_FROM_ADDRESS=null  MAIL_FROM_NAME="${APP_NAME}"

If you want to see the forgotten password feature in local environment, make sure you enter the settings in the.env file according to your private email hosting configuration and also provide aMAIL_FROM_ADDRESS value so your application email will be forwarded to others with this email.

I suggest you use any secure email testing service such asMailtrap to check this feature in your localhost. The.env settings will be changed this way.

MAIL_MAILER=smtp  MAIL_HOST=smtp.mailtrap.io  MAIL_PORT=2525  MAIL_USERNAME=mailtrap-usernameMAIL_PASSWORD=mailtrap-passwordMAIL_ENCRYPTION=tls  MAIL_FROM_ADDRESS=yourpersonalemail@gmail.com  MAIL_FROM_NAME="${APP_NAME}"

The production forgotten password feature configured with my personalGmail account. So all forgotten password emails will come from this account.

This information is not about the authentication of APIs, but rather about the authentication we see in the creation of web applications.

In general, there are 3 types of authentications when we create web applications. If you know any other please tell me.

• Simple authentication
• Multi authentication
• Role-based authentication

It only uses one type ofpeople and1 table. The website owner manually edits the database from the database server and conditionally renders the content.

We store records in more than one table. So we authenticate them based on their credentials which will be stored in the database.

School management:

We create authentication for different type of people for example:Admins,Teachers,Moderators,Parents &Students.

In this, we have to create multiple authentications for these types of people and each people represents a separate database table inside the database.

What if we depend upon only a single table namedusers for all these people authentication?

The table will be bloated and many records will reside on the same table and difficult to differentiate the user. So it is best practice to create separate table for each type of people.

• admins
• moderators
• students
• parents
• teachers

In a multi-authentication system, we can log in to different types of people at the same time. for example,admin andstudent can log in at the same time, and if you log out (destroy the session) from the admin account then it will not affect thestudent login session.

At e-commerce website, we deal with 3 kinds of people.users,sellers &admins.

We usually see this kind of authentication on blogging websites. As there is only one owner of the website who creates different users and assigns them a role to manipulate the content of the website. In this approach, we will create amiddleware that identifiesroles on every request.

We will also create 2 tables that has parent child relationship.roles &users (In this table we create a column calledrole_id which is a foreign key and refers to theroles table column.)

In role-based authentication, the administrator has to create permissions to separate different permissions by role.

Note:

This repo is using a package namedlaravel-ui and using a second authentication method and creating 2 tablesadmins &users.

The security of Laravel authentication depends on 2 things;Guards(Protectors) andProviders.

Guard:

The Guard explains how the user is authentic to each request. By default Laravel ships with theweb guard which consumessession driver. You can also useredis driver &JWT driver for your guard.

What is session?

Whenever clients visit our website, our PHP server will generate a cookie withsession_ID and some content inside the client browser and most importantly asession file will also be created in our server. It contains the samesession_ID and content.

Now when the user come back to the website, the server will check and match, Does the server'ssession-ID match the browser cookie? If so, the user is authentic.

Provider:

What kind of permanent storage mechanism do you want to use to retrieve users? Do you want to useeloquent orquery builder?

Heroku