Help! My users keep getting redirected away when logging in, how do I solve this? #373
-
|
Based on #370 my users can register for the app (either via the |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Socialstream v6 improves the authentication logic an opens up support for Fortify's Two Factor Authentication. However, if you are overriding Fortify's authentication logic (for example, as done in the Fortify docs) you will be missing a bunch of custom logic that Socialstream uses to resolve the user and allow users to log into the application. For example, if your users can be blocked by administrators, you may want to disable authentication for those uses, by checking for their blocked status. As per the documentation, you would do this by specifying a custom authentication callback: use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Laravel\Fortify\Fortify;
/**
* Bootstrap any application services.
*/
public function boot(): void
{
Fortify::authenticateUsing(function (Request $request) {
$user = User::where('email', $request->email)->first();
if (! $user) {
return;
}
if ($user->blockedByAdmin()) {
throw ValidationException::withMessages(['email' => __('auth.blocked')]);
}
if ($user &&
Hash::check($request->password, $user->password)) {
return $user;
}
});
// ...
}However, this will break login for existing users coming from a Socialstream callback. To allow existing users to continue to log in via OAuth and still provide this custom business logic that blocks admin-blocked users from logging in, you will first need to resolve the user from Socialstream (falling back to the use App\Models\User;
use Illuminate\Auth\Events\Failed;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use JoelButcher\Socialstream\Contracts\ResolvesSocialiteUsers;
use JoelButcher\Socialstream\Socialstream;
use Laravel\Fortify\Fortify;
use Illuminate\Validation\ValidationException;
public function boot(): void
{
Fortify::authenticateUsing(function (Request $request) {
$user = null;
$provider = $request->route('provider');
// 1a. Attempt the resolve the user via socialstream
if ($provider) {
$socialUser = app(ResolvesSocialiteUsers::class)
->resolve($provider);
$connectedAccount = Socialstream::$connectedAccountModel::where('email', $socialUser->getEmail())->first();
if (! $connectedAccount) {
throw ValidationException::withMessages([
Fortify::username() => [__('auth.failed')],
]);
}
$user = $connectedAccount->user;
}
// 1b. Attempt to resolve the user if email present in request (i.e. from login form).
if (! $user && $request->has('email')) {
$user = User::where('email', $request->email)->first();
}
// 2. Check if the resolved user is blocked and handle
if ($user->blockedByAdmin()) {
throw ValidationException::withMessages([
Fortify::username() => [__('auth.blocked')],
]);
}
// 3. User is not blocked, log in if from Socialstream route
if ($provider) {
return $user;
}
// 4. User hasn't set a password, so must login using an OAuth provider
if (is_null($user->password)) {
throw ValidationException::withMessages([
Fortify::username() => [__('auth.failed')],
]);
}
// 5. Verify the password if the user has logged in via a form
return Hash::check($request->password, $user->password) ? $user : null;
});
} |
Beta Was this translation helpful? Give feedback.
Socialstream v6 improves the authentication logic an opens up support for Fortify's Two Factor Authentication. However, if you are overriding Fortify's authentication logic (for example, as done in the Fortify docs) you will be missing a bunch of custom logic that Socialstream uses to resolve the user and allow users to log into the application.
For example, if your users can be blocked by administrators, you may want to disable authentication for those uses, by checking for their blocked status. As per the documentation, you would do this by specifying a custom authentication callback: