Laravel AuthController

Marickian
By -Marickian
February 20, 2025
0
Laravel AuthController

Laravel AuthController

Introduction

The AuthController in Laravel is responsible for handling user authentication, including login, registration, logout, and retrieving user details. Laravel provides built-in authentication features but allows full customization as needed.

1. Creating AuthController

You can create an authentication controller using the following Artisan command:

php artisan make:controller AuthController

2. Token-Based Authentication (For APIs)

Token-based authentication is useful for APIs and mobile applications where session authentication is not applicable.

Controller Code

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;

class AuthController extends Controller {
    // Register a new user
    public function register(Request $request) {
        $request->validate([
            'name' => 'required',
            'email' => 'required|email|unique:users',
            'password' => 'required|min:6|confirmed',
        ]);

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),
        ]);
        return response()->
        json(['message' => 'User registered!', 'user' => $user], 201);
    }

    // User login
    public function login(Request $request) {
        $request->validate([
            'email' => 'required|email',
            'password' => 'required'
        ]);

        if (!Auth::attempt($request->only('email', 'password'))) {
            throw ValidationException::withMessages(['email' => 
                                          ['Invalid credentials.']]);
        }

        $user = Auth::user();
        $token = $user->createToken('auth_token')->plainTextToken;
        return response()->json(['token' => $token]);
    }

    // User logout
    public function logout(Request $request) {
        $request->user()->tokens()->delete();
        return response()->json(['message' => 'Logged out.']);
    }
}

Routes

Route::post('/register', [AuthController::class, 'register']);
Route::post('/login', [AuthController::class, 'login']);
Route::middleware('auth:sanctum')->post('/logout', [AuthController::class, 'logout']);

Explanation of Methods

  • showLoginForm() - Displays the login form.
  • login() - Validates user credentials and logs them in using Auth::attempt(). If successful, it redirects the user to /dashboard.
  • showRegisterForm() - Displays the registration form.
  • register() - Registers a new user, hashes their password, logs them in, and redirects them to /dashboard.
  • logout() - Logs the user out, invalidates the session, and regenerates the session token.
  • user() - Returns the currently authenticated user’s data as JSON.

3. Session-Based Authentication (For Web Apps)

Session-based authentication is useful for traditional web applications where users remain logged in using cookies.

Controller Code

public function showLoginForm() {
    return view('auth.login');
}

public function showRegisterForm() {
    return view('auth.register');
}

public function login(Request $request) {
    $request->validate([
        'email' => 'required|email',
        'password' => 'required'
    ]);

    if (Auth::attempt($request->only('email', 'password'))) {
        $request->session()->regenerate();
        return redirect('/dashboard')->with('success', 'Logged in!');
    }
    return back()->withErrors(['email' => 'Invalid credentials.']);
}

public function register(Request $request) {
    $request->validate([
        'name' => 'required|string|max:255',
        'email' => 'required|string|email|max:255|unique:users',
        'password' => 'required|string|min:6|confirmed',
    ]);

    $user = User::create([
        'name' => $request->name,
        'email' => $request->email,
        'password' => Hash::make($request->password),
    ]);

    Auth::login($user);
    return redirect('/dashboard')->with('success', 'Registration successful!');
}

public function logout(Request $request) {
    Auth::logout();
    $request->session()->invalidate();
    $request->session()->regenerateToken();
    return redirect('/login')->with('success', 'Logged out successfully.');
}

Routes

Route::get('/login', [AuthController::class, 'showLoginForm'])->name('login');
Route::post('/login', [AuthController::class, 'login']);
Route::get('/register', [AuthController::class, 'showRegisterForm']);
Route::post('/register', [AuthController::class, 'register']);
Route::post('/logout', [AuthController::class, 'logout'])->middleware('auth');
Route::get('/dashboard', function () { 
		return view('dashboard'); })-> middleware('auth');

4. Middleware Protection

Middleware ensures that only authenticated users can access certain routes.

Route::middleware(['auth'])->group(function () {
    Route::get('/dashboard', function () {
        return view('dashboard');
    });
});

5. Laravel Authentication Scaffolding

Laravel provides authentication packages for quick setup:

  • Laravel Breeze - Simple and lightweight authentication.
  • Laravel Jetstream - Full-featured authentication with team support.
  • Laravel Fortify - Backend authentication without frontend scaffolding.

If you don’t want to build authentication manually, Laravel offers:

  • Laravel Breeze (composer require laravel/breeze --dev)
  • Laravel Jetstream (composer require laravel/jetstream)
  • Laravel Fortify (composer require laravel/fortify)

These packages provide full authentication scaffolding.

Conclusion

Laravel provides robust authentication for both API and session-based systems. Whether you use built-in packages or customize authentication, Laravel makes it easy to secure your application.

Tags:

You Might Like

Show more
auth

Post a Comment

0Comments

Post a Comment (0)
Share to other apps
Copy Post Link