Laravel: How to authenticate users without DB
Create your own Guard
ignoring UserProvider
interface. I adopted it in my project and it's working well.
PinGuard.php
<?phpdeclare(strict_types=1);namespace App\Auth\Guards;use App\User;use Illuminate\Auth\AuthenticationException;use Illuminate\Contracts\Auth\Authenticatable;use Illuminate\Contracts\Auth\Guard;use Illuminate\Http\Request;/** * Class PinGuard */class PinGuard implements Guard{ /** * @var null|Authenticatable|User */ protected $user; /** * @var Request */ protected $request; /** * OpenAPIGuard constructor. * * @param Request $request */ public function __construct(Request $request) { $this->request = $request; } /** * Check whether user is logged in. * * @return bool */ public function check(): bool { return (bool)$this->user(); } /** * Check whether user is not logged in. * * @return bool */ public function guest(): bool { return !$this->check(); } /** * Return user id or null. * * @return null|int */ public function id(): ?int { $user = $this->user(); return $user->id ?? null; } /** * Manually set user as logged in. * * @param null|\App\User|\Illuminate\Contracts\Auth\Authenticatable $user * @return $this */ public function setUser(?Authenticatable $user): self { $this->user = $user; return $this; } /** * @param array $credentials * @return bool */ public function validate(array $credentials = []): bool { throw new \BadMethodCallException('Unexpected method call'); } /** * Return user or throw AuthenticationException. * * @throws AuthenticationException * @return \App\User */ public function authenticate(): User { $user = $this->user(); if ($user instanceof User) { return $user; } throw new AuthenticationException(); } /** * Return cached user or newly authenticate user. * * @return null|\App\User|\Illuminate\Contracts\Auth\Authenticatable */ public function user(): ?User { return $this->user ?: $this->signInWithPin(); } /** * Sign in using requested PIN. * * @return null|User */ protected function signInWithPin(): ?User { // Implement your logic here // Return User on success, or return null on failure } /** * Logout user. */ public function logout(): void { if ($this->user) { $this->setUser(null); } }}
NoRememberTokenAuthenticatable.php
User
should mixin this trait.
<?phpdeclare(strict_types=1);namespace App\Auth;use Illuminate\Database\Eloquent\Model;/** * Trait NoRememberTokenAuthenticatable * * @mixin Model */trait NoRememberTokenAuthenticatable{ /** * Get the name of the unique identifier for the user. * * @return string */ public function getAuthIdentifierName() { return 'id'; } /** * Get the unique identifier for the user. * * @return mixed */ public function getAuthIdentifier() { return $this->id; } /** * Get the password for the user. * * @return string * @codeCoverageIgnore */ public function getAuthPassword() { throw new \BadMethodCallException('Unexpected method call'); } /** * Get the token value for the "remember me" session. * * @return string * @codeCoverageIgnore */ public function getRememberToken() { throw new \BadMethodCallException('Unexpected method call'); } /** * Set the token value for the "remember me" session. * * @param string $value * @codeCoverageIgnore */ public function setRememberToken($value) { throw new \BadMethodCallException('Unexpected method call'); } /** * Get the column name for the "remember me" token. * * @return string * @codeCoverageIgnore */ public function getRememberTokenName() { throw new \BadMethodCallException('Unexpected method call'); }}
AuthServiceProvider.php
<?phpdeclare(strict_types=1);namespace App\Providers;use App\Auth\Guards\PinGuard;use Illuminate\Container\Container;use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;use Illuminate\Support\Facades\Auth;class AuthServiceProvider extends ServiceProvider{ /** * The policy mappings for the application. * * @var array */ protected $policies = []; /** * Register any authentication / authorization services. */ public function boot() { Auth::extend('pin', function (Container $app) { return new PinGuard($app['request']); }); $this->registerPolicies(); }}
config/auth.php
You should comment out most of them.
return [ /* |-------------------------------------------------------------------------- | Authentication Defaults |-------------------------------------------------------------------------- | | This option controls the default authentication "guard" and password | reset options for your application. You may change these defaults | as required, but they're a perfect start for most applications. | */ 'defaults' => [ 'guard' => 'web', // 'passwords' => 'users', ], /* |-------------------------------------------------------------------------- | Authentication Guards |-------------------------------------------------------------------------- | | Next, you may define every authentication guard for your application. | Of course, a great default configuration has been defined for you | here which uses session storage and the Eloquent user provider. | | All authentication drivers have a user provider. This defines how the | users are actually retrieved out of your database or other storage | mechanisms used by this application to persist your user's data. | | Supported: "session", "token" | */ 'guards' => [ 'web' => [ 'driver' => 'pin', ], // 'api' => [ // 'driver' => 'session', // 'provider' => 'users', // ], // 'web' => [ // 'driver' => 'session', // 'provider' => 'users', // ], ], /* |-------------------------------------------------------------------------- | User Providers |-------------------------------------------------------------------------- | | All authentication drivers have a user provider. This defines how the | users are actually retrieved out of your database or other storage | mechanisms used by this application to persist your user's data. | | If you have multiple user tables or models you may configure multiple | sources which represent each model / table. These sources may then | be assigned to any extra authentication guards you have defined. | | Supported: "database", "eloquent" | */ 'providers' => [ // 'users' => [ // 'driver' => 'eloquent', // 'model' => App\User::class, // ], // 'users' => [ // 'driver' => 'database', // 'table' => 'users', // ], ], /* |-------------------------------------------------------------------------- | Resetting Passwords |-------------------------------------------------------------------------- | | You may specify multiple password reset configurations if you have more | than one user table or model in the application and you want to have | separate password reset settings based on the specific user types. | | The expire time is the number of minutes that the reset token should be | considered valid. This security feature keeps tokens short-lived so | they have less time to be guessed. You may change this as needed. | */ // 'passwords' => [ // 'users' => [ // 'provider' => 'users', // 'table' => 'password_resets', // 'expire' => 60, // ], // ],];
Thank you all, but there was a much simpler solution... which is to use session()
.
In the controller,
public function login(Request $request){ if ($request->input('pin') === env('PIN')) { $request->session()->put('authenticated', time()); return redirect()->intended('success'); } return view('auth.login', [ 'message' => 'Provided PIN is invalid. ', ]); //Or, you can throw an exception here.}
The route looks like,
Route::group(['middleware' => ['web', 'custom_auth']], function () { Route::get('/success', 'Controller@success')->name('success');});
The custom_auth
will looke like,
public function handle($request, Closure $next){ if (!empty(session('authenticated'))) { $request->session()->put('authenticated', time()); return $next($request); } return redirect('/login');}
Hope this will help someone.
If you know who the user is (IE: have a $user instance already), you can simply login without using any guards as shown in the documentation
Auth::login($user);
I would pass in a User instance instead of $email/$password to your function
$user = User::whereEmail($email)->first();$class->login($user);
and then in your class
public static function Login(User $user) {// ... if(substr ( $result, 0, 3 ) == '+OK') Auth::login($user); return true; //user will be logged in and then redirect else return false; }