将laravel 5内置身份验证扩展为仅登录"如果user == active"

时间:2015-07-06 11:31:20

标签: php authentication laravel-5

我使用laravel 5.1.6的附带身份验证,想知道如何扩展它,就像这样工作:

if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
    // The user is active, not suspended, and exists.
}

如果用户未激活",则无法登录。我有一个活跃的' users表中的列,值为0或1。如何在使用内置身份验证和登录throtteling的同时执行此操作。

修改

我在AuthController中没有postLogin功能,只有use AuthenticatesAndRegistersUsers, ThrottlesLogins;__construct()validator()create()功能。我是否必须在Illuminate\Foundation\Auth\..中更改特征中的某些内容,还是必须在AuthController中添加postLogin()函数?

5 个答案:

答案 0 :(得分:20)

您只需覆盖AuthController中的getCredentials()方法:

class AuthController extends Controller
{
    use AuthenticatesAndRegistersUsers;

    public function getCredentials($request)
    {
        $credentials = $request->only($this->loginUsername(), 'password');

        return array_add($credentials, 'active', '1');
    }
}

这将在尝试验证用户时添加active = 1约束。

编辑:如果您想要一个单独的错误消息,例如BrokenBinary,那么Laravel允许您定义一个名为authenticated的方法,该方法在用户通过身份验证后调用,但在重定向之前,允许您进行任何登录后处理。因此,您可以通过检查经过身份验证的用户是否处于活动状态来利用此功能,如果不是,则抛出异常或显示错误消息:

class AuthController extends Controller
{
    use AuthenticatesAndRegistersUsers;

    public function authenticated(Request $request, User $user)
    {
        if ($user->active) {
            return redirect()->intended($this->redirectPath());
        } else {
            // Raise exception, or redirect with error saying account is not active
        }
    }
}

不要忘记导入Request类和User模型类。

答案 1 :(得分:7)

我现在更改了身份验证中间件/app/Http/Middleware/Authenticate.php(在评论下面添加了块):

/**
 * Handle an incoming request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  \Closure  $next
 * @return mixed
 */
public function handle($request, Closure $next)
{
    if ($this->auth->guest())
    {
        if ($request->ajax())
        {
            return response('Unauthorized.', 401);
        }
        else
        {
            return redirect()->guest('auth/login');
        }
    }

    #logout if user not active
    if($this->auth->check() && $this->auth->user()->active !== 1){
        $this->auth->logout();
        return redirect('auth/login')->withErrors('sorry, this user account is deactivated');
    }

    return $next($request);
}

看起来,如果他们已经登录,它也会注销非活动用户。

答案 2 :(得分:2)

我会在postLogin()函数中首先添加以下内容。

       $this->validate($request, [
            'email' => 'required|email', 'password' => 'required',
        ]);

        if ($this->auth->validate(['email' => $request->email, 'password' => $request->password, 'active' => 0])) {
            return redirect($this->loginPath())
                ->withInput($request->only('email', 'remember'))
                ->withErrors('Your account is Inactive or not verified');
        }

active是用户表中的标志。 0 =无效,1 =有效。所以整个功能看起来像是...... 

public function postLogin(Request $request)
    {
        $this->validate($request, [
            'email' => 'required|email', 'password' => 'required',
        ]);
        if ($this->auth->validate(['email' => $request->email, 'password' => $request->password, 'active' => 0])) {
            return redirect($this->loginPath())
                ->withInput($request->only('email', 'remember'))
                ->withErrors('Your account is Inactive or not verified');
        }
        $credentials  = array('email' => $request->email, 'password' => $request->password);
        if ($this->auth->attempt($credentials, $request->has('remember'))){
                return redirect()->intended($this->redirectPath());
        }
        return redirect($this->loginPath())
            ->withInput($request->only('email', 'remember'))
            ->withErrors([
                'email' => 'Incorrect email address or password',
            ]);
    }

答案 3 :(得分:2)

已解决:此链接(教程)将为您提供帮助:https://medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810

步骤1:

add new field to the User table called ‘status’ (1:enabled, 0:disabed)

步骤2:

to block the web login , in app/Http/Controllers/Auth/LoginController.php add the follwoing function:

/**
 * Get the needed authorization credentials from the request.
 *
 * @param \Illuminate\Http\Request $request
 * @return array
 */
 protected function credentials(\Illuminate\Http\Request $request)
 {
 $credentials = $request->only($this->username(), ‘password’);

return array_add($credentials, ‘status’, ‘1’);
 }

步骤3:

to block the user when using passport authentication ( token ) , in the User.php model add the following function :

public function findForPassport($identifier) {
     return User::orWhere(‘email’, $identifier)->where(‘status’, 1)->first();
     }

完成:)

答案 4 :(得分:1)

在Laravel上5.3.*更新app/Http/Controllers/Auth/LoginController 

class LoginController extends Controller
{

    use AuthenticatesUsers;

    /**
     * Get the needed authorization credentials from the request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return array
     */
    protected function credentials(\Illuminate\Http\Request $request)
    {
        $credentials = $request->only($this->username(), 'password');

        return array_add($credentials, 'active', '1');
    }

    // your code here
相关问题
最新问题