composer install Next you can clone the .env.example file into the .env file. This means that you have to create the same file in the root directory under a different name e.g. .env and copy paste the same credentials like .env.example file.
Laravel has a built-in CLI tool called artisan. Your application must generate a unique base 64 key that Laravel uses behind the scenes to bootstrap this project.
Command:
php artisan key:generate It will automatically find your .env file and place the base 64 value in the file.
Output inside the file:
APP_KEY=base64:T0huMR5Wx9EoDmjTxniKTofHD/7cOiDeVVD9eTKuCa0=
As you can see it is necessary to create the .env file in your local to bootstrap the project. But Laravel contains 2 methods to connect to the database server.
- Use of the
.envvariables (I prefer this one) - Use of the file located at the
config/database.php
When you create this file with copy paste credentials you can see default; the database variables are written something like this:
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=ui_multiauth
DB_USERNAME=root
DB_PASSWORD=
You can edit values according to your own database personal preference. I am using Postgres in this case.
Note: When Laravel bootstraps the project it gives priority to the .env file as compared to config/** files. You can see config/database.php file contains an associated array with default database settings like this.
return [
'default' => env('DB_CONNECTION', 'mysql'),
'connections' => [
'mysql' => [
'driver' => 'mysql',
'url' => env('DATABASE_URL'),
'host' => env('DB_HOST', '127.0.0.1'),
'port' => env('DB_PORT', '3306'),
'database' => env('DB_DATABASE', 'forge'),
'username' => env('DB_USERNAME', 'forge'),
'password' => env('DB_PASSWORD', ''),
'unix_socket' => env('DB_SOCKET', ''),
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => '',
'prefix_indexes' => true,
'strict' => true,
'engine' => null,
'options' => extension_loaded('pdo_mysql') ? array_filter([
PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
]) : [],
],
]
]
You can only use these settings if variables from the .env file will be deleted. Otherwise, Laravel gives priority to .env variables.
Delete the variables from the .env:
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=test_app
DB_USERNAME=root
DB_PASSWORD=
Lastly, Update the config/database.php with your database server settings:
'default' => env('DB_CONNECTION', 'pgsql')
'database' => env('DB_DATABASE', 'ui_multiauth'),
'username' => env('DB_USERNAME', 'postgres'),
'password' => env('DB_PASSWORD', 'a')
I am using Postgres and inside .env file my database server credentials are:
DB_CONNECTION=pgsql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_DATABASE=invoicer_test
DB_USERNAME=postgres
DB_PASSWORD=a
However, your main server and database server get started.
At the last make sure after updating your database settings. Please use artisan CLI to migrate the database tables.
php artisan migrate We can seed the Admin account with the following command:
php artisan db:seedBehind the scenes it will seed the database with the admin account in your database which has following creditenials.
name: Admin
email: [email protected]
password: passwordMAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"
If you want to see the forgotten password feature in local environment, make sure you enter the settings in the .env file according to your private email hosting configuration and also provide a MAIL_FROM_ADDRESS value so your application email will be forwarded to others with this email.
I suggest you use any secure email testing service such as Mailtrap to check this feature in your localhost. The .env settings will be changed this way.
MAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=mailtrap-username
MAIL_PASSWORD=mailtrap-password
MAIL_ENCRYPTION=tls
[email protected]
MAIL_FROM_NAME="${APP_NAME}"
The production forgotten password feature configured with my personal Gmail account. So all forgotten password emails will come from this account.
This information is not about the authentication of APIs, but rather about the authentication we see in the creation of web applications.
In general, there are 3 types of authentications when we create web applications. If you know any other please tell me.
It only uses one type of people and 1 table. The website owner manually edits the database from the database server and conditionally renders the content.
We store records in more than one table. So we authenticate them based on their credentials which will be stored in the database.
School management:
We create authentication for different type of people for example: Admins, Teachers, Moderators, Parents & Students.
In this, we have to create multiple authentications for these types of people and each people represents a separate database table inside the database.
What if we depend upon only a single table named users for all these people authentication?
The table will be bloated and many records will reside on the same table and difficult to differentiate the user. So it is best practice to create separate table for each type of people.
- admins
- moderators
- students
- parents
- teachers
In a multi-authentication system, we can log in to different types of people at the same time. for example, admin and student can log in at the same time, and if you log out (destroy the session) from the admin account then it will not affect the student login session.
At e-commerce website, we deal with 3 kinds of people.
users, sellers & admins.
We usually see this kind of authentication on blogging websites. As there is only one owner of the website who creates different users and assigns them a role to manipulate the content of the website. In this approach, we will create a middleware that identifies roles on every request.
We will also create 2 tables that has parent child relationship.
roles & users (In this table we create a column called role_id which is a foreign key and refers to the roles table column.)
In role-based authentication, the administrator has to create permissions to separate different permissions by role.
Note:
This repo is using a package named laravel-ui and using a second authentication method and creating 2 tables admins & users.
The security of Laravel authentication depends on 2 things; Guards(Protectors) and Providers.
Guard:
The Guard explains how the user is authentic to each request. By default Laravel ships with the web guard which consumes session driver. You can also use redis driver & JWT driver for your guard.
What is session?
Whenever clients visit our website, our PHP server will generate a cookie with session_ID and some content inside the client browser and most importantly a session file will also be created in our server. It contains the same session_ID and content.
Now when the user come back to the website, the server will check and match, Does the server's session-ID match the browser cookie? If so, the user is authentic.
Provider:
What kind of permanent storage mechanism do you want to use to retrieve users? Do you want to use eloquent or query builder?