Skip to content

Instantly share code, notes, and snippets.

@sniper7kills

sniper7kills/gist:76b735add84dcda39450

Last active August 29, 2015 14:23
Show Gist options
  • Save sniper7kills/76b735add84dcda39450 to your computer and use it in GitHub Desktop.
Save sniper7kills/76b735add84dcda39450 to your computer and use it in GitHub Desktop.
Download ZIP
L5 Auth Middleware Pseudocode
Raw
gistfile1.md 
<?php

namespace App\Auth\Middleware

class TwoFactor
{
    //Store the page route/url where we retrieve the input from
    $inputPage;

    public function __construct($inputPage)
    {
        $this->inputPage = $inputPage
    }


    public function handle($credentials, $user, Closure $next)
    {
        //If the user requires two factor authentication
        if($user->requiresTwoFactor())
        {
            //And we have the token within credentials
    	    if(is_set($credentials['TwoFactorToken'])){
                //
                if($user->twoFactorToken == $credentials['TwoFactorToken'])
                {
                    return $next($credentials, $user);
                }else{
                    return false;
                    //Or Throw Custom Package Error/Exception
                }
            }else{
                //Otherwise we need to request it.
                return redirect($inputPage);
            }
        }
        return $next($credentials, $user);
    }
}
?>

<?php

namespace App\Http\Controllers

class TwoFactorController
{
    public function get()
    {
        return view('getInput');
    }

    public function post(Request $request)
    {
        Auth::continueAttempt(['TwoFactorToken' => $request->input('TwoFactorToken')]);
    }
?>

Within config/auth.php

/*
|--------------------------------------------------------------------------
| Auth Middleware
|--------------------------------------------------------------------------
|
| Middleware that should be run for every authentication attempt
|
*/

'middleware' => [
    \Illuminate\Auth\AuthMiddleware\VerifyCredentials::class,
    \App\Auth\Middleware\TwoFactor::class,
]

Within \Illuminate\Auth\Guard

/**
 * Attempt to authenticate a user using the given credentials.
 *
 * @param  array  $credentials
 * @param  bool   $remember
 * @param  bool   $login
 * @return bool
 */
public function attempt(array $credentials = [], $remember = false, $login = true)
{
    $this->fireAttemptEvent($credentials, $remember, $login);

    $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);

    if ($return = $this->middleware($user, $credentials)) {
        if ($login) {
            $this->login($user, $remember);
        }
        return true;
    }
	
    //We are about to return a page redirect
    if($return)
    {
        //save all current $credentials, $remember, and $login values to continue request
        //Not sure exaclty best way
    }
    return $return;
}

//Some function that will run the middlware not really sure how
public function middleware($user, $credentials)
{
    foreach($config['middleware'] as $middleware)
    {
        $middleware->handle($user etc. etc. etc.)
    }
}


public function continueAttempt(array $creds)
{
    $credentials = array_merge($creds, $previousCreds)
    return $this->attempt($credentials, $previousRemember, $previousLogin);
}

Beyond this point; I'm not sure the best way to go about smartly. But this at least provides a way to handle all authentication processes in a central location. Authorization would still be handled the way it is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment