Laravel 5 multiple authentication

Question

How can you set up multiple authentication in Laravel 5. Out of the box you can only set up 1 authentication. What if I have a customers table and an admin table and wish to set up authentication for each - each authenticated type of user should be restricted from viewing or accessing admin pages and vis versa?

* UPDATE *

I've created a users table which holds information common to both a jobseeker and recruiter i.e. name, password etc.

I've created a roles and role_user table

I've created two separate tables to hold jobseeker_profile and recruiter_profile

How can you authenticate a user with a role of type jobseeker using the following routes?

Route::get('jobseeker/login', 'Auth\AuthController@getLogin');
Route::post('jobseeker/login', 'Auth\AuthController@postLogin');
Route::get('recruiter/login', 'Auth\AuthController@getLogin');
Route::post('recruiter/login', 'Auth\AuthController@postLogin');

And how can you secure routes once authenticated - in the following how is the middleware going to know the type of user:

Route::get('jobseeker/profile', ['middleware' => 'auth', 'uses' => 'JobseekerProfileController@show']);
Route::get('jobseeker/profile/update', ['middleware' => 'auth', 'uses' => 'JobseekerProfileController@updateProfile']);

class JobseekerProfileController extends Controller {


  public function updateProfile()
  {
    if (Auth::user())
    {
        // Auth::user() returns an instance of the authenticated user...
    }
  }

}

Laravel 5 authentication controller uses the following trait -would you edit the trait with your answer or create a new authentication controller with your answer below?

trait AuthenticatesAndRegistersUsers {

 public function postLogin(Request $request)
 {
    $this->validate($request, [
        'email' => 'required|email', 'password' => 'required',
    ]);

    $credentials = $request->only('email', 'password');

    if ($this->auth->attempt($credentials, $request->has('remember')))
    {
        return redirect()->intended($this->redirectPath());
    }

    return redirect($this->loginPath())
                ->withInput($request->only('email', 'remember'))
                ->withErrors([
                    'email' => 'These credentials do not match our records.',
                ]);
 }
}

Khan Shahrukh · Answer 1 · 2015-06-06T20:36:32.397

1

You may create a roles table in your db assign role to every user accordingly and then at the time of login check what role a user have and then you can redirect/show pages accordingly. No need to create separate tables for every type of user.

Edited answer

if(Auth::attempt(['email' => $request->email, 'password' => $request->password]))
{
   //using role with an expectation that you have one relation method named role defined in User model
   //and roles table stores user type as name

   if(Auth::user()->role->name == 'admin')
   {
      return redirect()->to('/administrator/dashboard');
   }
   elseif(Auth::user()->role->name == 'jobseeker')
   {
      return redirect()->to('jobseeker/dashboard');
   }
}

edited Jun 06 '15 at 20:36

answered Jun 06 '15 at 13:45

Khan Shahrukh

6,109
4
33
43

different types of users have different attributes in which case it is bad database design to put all users user into a single table. To give you an example I could have a jobseeker and a recruiter. Both are users but each would have different attributes. Some attributes would be mandatory for a recruiter but not for a jobseeker and vis versa e.g a recruiter would have a foreign key to a company table. A jobseeker would have no such relationship etc. – adam78 Jun 06 '15 at 13:57
In addition the clear distinction between the above users i.e a jobseeker and a recruiter would make it extremely difficult to define relationships within an eloquent model. If I have a single user eloquent model for both jobseeker and recruiter how would you define the relationship where a recruiter has many jobs but a jobseeker doesn't? – adam78 Jun 06 '15 at 14:13
What I meant is use a single table for authentication and have different profile table for job seekers and companies – Khan Shahrukh Jun 06 '15 at 14:39
I've updated my db as per your suggestion but how do I authenticate the different types of users? – adam78 Jun 06 '15 at 20:30
I think I get your point. One question though, I'm using laravel 5 and out of the box authentication controller uses the AuthenticateAndRegistersUsers trait - see edited question with the postLogin method from this trait. Would you edit this trait or would you create a new authentication controller as per your answer? – adam78 Jun 06 '15 at 21:00
I always create my custom auth controller – Khan Shahrukh Jun 06 '15 at 21:03
Would you also create your own custom middleware to authenticate and custom registrar class or do you reuse the ones out of the box? – adam78 Jun 06 '15 at 21:48
I use pre-defined middlewares – Khan Shahrukh Jun 07 '15 at 05:34
When defining an eloquent relationship would you define it against the users model or the profile modal e.g. recruiter_profile. E.g. a recruiter hasMany jobs and a job belongsTo a recruiter. If I define the relationship between the profile modal then eloquent is unable to identify the foreign key i.e I would always have to define the foreign key in my relationship. If I define the relationship against the user modal then the modal get bloated with relationships that arn't truly related to every type of user? – adam78 Aug 30 '15 at 08:49

score 0 · Answer 2 · edited May 23 '17 at 12:08

0

You can achieve multiple authentication by this package

https://packagist.org/packages/sarav/laravel-multiauth

For more detailed explaination check my previously return answer here

How to use authentication for multiple tables in Laravel 5

edited May 23 '17 at 12:08

Community

1
1

answered Nov 06 '15 at 10:53

Saravanan Sampathkumar

3,201
1
20
46

Link-only answers are highly discouraged here because the links may become dead in the future. I suggest you edit your answer with quotes from the sources you cite. – Anirudh Sharma Nov 06 '15 at 11:10
I already tried writing, but modifiers asked me to link the previously written link instead of duplicating the answer here once again. Being new user I don ve enough points to comment or mark this question as duplicate – Saravanan Sampathkumar Nov 06 '15 at 11:59
It's ok.But it was only a suggestion so that in future others may not mark it as a Link-only answer. – Anirudh Sharma Nov 06 '15 at 12:32

Laravel 5 multiple authentication

2 Answers2