Laravel 5.7的无密码身份验证驱动程序

This will allow users to login through an email (if they're are registered), and throw an auth error if it doesn't.

When the user signs-in, an email is dispatched. The Email contains a temporarily signed URL which directs the user to the Passless LoginController, which will login the user into your application.

How to use

Passless is easy to integrate into your application, but before start using it you should change some strings in your configuration to point your app to use this package.

Don't worry, it doesn't breaks your Laravel installation in any way.

1) Add the Guard Driver

Go into your config/auth.php and add passless as the driver for your guard.

'guards' => [ 'web' => [ 'driver' => 'passless', 'provider' => 'users', ], 'api' => [ 'driver' => 'token', 'provider' => 'users', ],],

Remember to set the correct guard (in this case, web) to use the passless driver in your Login and Register Controllers.

2) Disable the password validation

In your login form you shouldn't have the password input. If you're using the default Auth\LoginController class, you should override the validateLogin() method and disable the password validation.

/** * Validate the user login request. * * @param \Illuminate\Http\Request $request * @return void */protected function validateLogin(Request $request){ $this->validate($request, [ $this->username() => 'required' // 'password' => 'required ]);}

3) Add the proper Login response

Since the user won't be logged in immediately into your application when your credentials are validated, you should return a view which Notifies the user to check his email with a message or alert.

While you are free to use any View to inform the user, you can just simply add a flash notification in your Login route, along with the proper markup to retrieve and show the notification in the view.

If you're using the default controller, add or replace this code:

/** * The user has been authenticated. * * @param \Illuminate\Http\Request $request * @param mixed $user * @return \Illuminate\Http\Response */protected function authenticated(Request $request, $user){ $request->flashOnly(['email']); $request->session()->flash('success', 'Check your email to log in!'); return response()->view('auth.login');}

Since there is no password check in the login form, you may want to add a throttler middleware like throttle:60,3 to your Login route to avoid mail asphyxiation.

Configuration

For fine tuning, publish the Passless configuration:

php artisan vendor:publish --provider="DarkGhostHunter\Passless\PasslessServiceProvider"

You should definitively edit this config file if:

You're using a custom authentication controllers.You're using additional middleware across your routes.Need a different Login for Passless.Need a better Notification for your Login Email.

The contents of the config file are self-explanatory, so check the comments over each setting key.

License

This package is licenced by the MIT License.

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。