Auth Module

Maginium’s Auth Module is a strong authentication system designed to handle user login, registration, and session management seamlessly. It provides a highly secure and configurable framework for building user authentication into your application. This guide will help you configure and utilize the Auth Module efficiently.

Features of the Auth Module

  • Secure Authentication: Supports hashing and secure password storage.

  • User Registration: Simplified user onboarding process.

  • Session Management: Manage active user sessions effectively.

  • Password Reset: Easy-to-use password recovery feature.

  • Extensibility: Fully customizable to fit unique business requirements.

Setting Up the Auth Module

To enable authentication in your Maginium application:

Step 1: Install the Auth Module

Ensure that the Auth module is included in your project. Run the following Artisan command:

php artisan auth:install

This will scaffold essential files, including controllers, views, and routes for authentication.

Step 2: Database Migration

Run the migrations to create the necessary tables:

bashCopyEditphp artisan migrate

The migration will create tables like users, password_resets, and others required for authentication.


Authentication Workflow

Maginium’s Auth Module provides pre-built controllers to manage user authentication:

  1. Login: Authenticates a user and starts a session.

  2. Registration: Allows users to create new accounts.

  3. Logout: Ends a user session securely.

  4. Password Reset: Enables users to reset forgotten passwords.

Default Routes

The following routes are registered automatically:

  • GET /login – Displays the login form.

  • POST /login – Authenticates the user.

  • GET /register – Displays the registration form.

  • POST /register – Registers a new user.

  • POST /logout – Logs out the current user.

  • GET /password/reset – Displays the password reset request form.

  • POST /password/email – Sends a password reset link.

  • POST /password/reset – Resets the user’s password.


Configuring Authentication

Modifying the auth.php Configuration

Maginium provides a configuration file at config/auth.php to customize the authentication behavior. Here’s an example:

phpCopyEditreturn [
    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],
    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
    ],
    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],
    ],
    'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,
        ],
    ],
];

Custom Guards and Providers

You can define custom guards and user providers to handle specific authentication scenarios, such as API authentication.


Middleware for Authentication

Use the auth middleware to protect routes from unauthorized access. Example:

phpCopyEditRoute::get('/dashboard', function () {
    return view('dashboard');
})->middleware('auth');

Redirecting Guests

To redirect unauthenticated users, apply the guest middleware:

phpCopyEditRoute::get('/login', function () {
    return view('auth.login');
})->middleware('guest');

Password Reset Functionality

Maginium's Auth Module includes built-in support for password resets:

  1. Users request a password reset link by providing their email address.

  2. A secure token is sent to the email, allowing users to reset their passwords.

  3. The reset link redirects users to a form where they can set a new password.

Ensure that your application is configured to send emails by updating the .env file:

envCopyEditMAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="noreply@example.com"
MAIL_FROM_NAME="Maginium"

Run the following Artisan command to queue password reset emails:

bashCopyEditphp artisan queue:work

Customizing Authentication

Modifying Views

Maginium provides default views for login, registration, and password reset. You can publish these views and customize them:

bashCopyEditphp artisan vendor:publish --tag=auth-views

Customizing Controllers

Override default controllers to implement custom logic. Example:

phpCopyEditnamespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;

class CustomLoginController extends Controller
{
    public function login(Request $request)
    {
        // Custom login logic
    }
}

Securing Your Application

  • Encrypt User Data: Use hashing for sensitive user information.

  • Rate Limiting: Prevent brute force attacks with the throttle middleware.

  • Two-Factor Authentication (2FA): Add 2FA for enhanced security.

  • Session Expiration: Set short session lifetimes to minimize risk.


Example: Protecting a Dashboard Route

Here’s an example of securing a dashboard route with authentication:

phpCopyEditRoute::middleware('auth')->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
});

Best Practices

  • Use HTTPS to encrypt communication between clients and your server.

  • Regularly update Maginium to the latest version for security patches.

  • Limit access to sensitive routes using role-based authorization.

By leveraging Maginium’s Auth Module, you can build a secure and user-friendly authentication system tailored to your application’s needs.

Last updated