Laravel Fortify is a backend authentication package for Laravel applications, providing a set of features to handle user authentication, registration, password resets, and more. Fortify focuses solely on the backend aspects of authentication, allowing developers to build custom frontend interfaces as needed. It is designed to work seamlessly with Laravel’s built-in features and can be easily customized to fit your application’s requirements.
Key Features of Laravel Fortify:
- User Registration: Provides a straightforward way to handle user registration with validation.
- Login and Logout: Manages user login and logout processes, including session management.
- Password Reset: Implements password reset functionality using email verification.
- Email Verification: Supports email verification for new user registrations.
- Two-Factor Authentication: Enables two-factor authentication for added security.
- User Profile Updates: Allows users to update their profile information, such as password and email address.
Installation
To get started with Laravel Fortify, follow these steps:
- Install Laravel Fortify: Use Composer to install the package:
1composer require laravel/fortify - Publish the Fortify Configuration: Publish the Fortify configuration file:
1php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider" - Run Migrations: Run the necessary migrations to create the required tables:
1php artisan migrate - Configure Fortify: You can customize Fortify’s behavior by editing the
config/fortify.php
configuration file. This file allows you to enable or disable features such as registration, password resets, and two-factor authentication.
Setting Up Fortify Features
To enable the authentication features provided by Fortify, you need to register them in your application.
1. Registering Authentication Features:
In your FortifyServiceProvider
, you can register various features:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
namespace App\Providers; use Laravel\Fortify\Fortify; use Illuminate\Support\ServiceProvider; class FortifyServiceProvider extends ServiceProvider { public function boot() { Fortify::createUsersUsing(CreateNewUser::class); Fortify::authenticateUsing(function (Request $request) { // Custom authentication logic }); Fortify::requestPasswordResetLinkUsing(SendPasswordResetLink::class); Fortify::resetUserPasswordsUsing(ResetUserPassword::class); } } |
2. Customizing Registration:
You can create a custom user registration class to handle user creation and validation:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
namespace App\Actions\Fortify; use App\Models\User; use Illuminate\Support\Facades\Hash; use Illuminate\Validation\ValidationException; class CreateNewUser { public function create(array $data) { return User::create([ 'name' => $data['name'], 'email' => $data['email'], 'password' => Hash::make($data['password']), ]); } } |
Customizing Authentication Logic
You can customize the authentication process by defining your logic in the authenticateUsing
method:
1 2 3 4 5 6 7 |
Fortify::authenticateUsing(function (Request $request) { $user = User::where('email', $request->email)->first(); if ($user && Hash::check($request->password, $user->password)) { return $user; } }); |
Implementing Password Reset
Fortify provides built-in functionality for password resets. You can customize the behavior by creating your own actions:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
namespace App\Actions\Fortify; use Illuminate\Support\Facades\Password; class SendPasswordResetLink { public function send(array $data) { $response = Password::sendResetLink( ['email' => $data['email']] ); return $response == Password::RESET_LINK_SENT; } } |
Enabling Two-Factor Authentication
Fortify supports two-factor authentication (2FA) out of the box. To enable it, you can register the feature in the FortifyServiceProvider
:
1 2 3 |
Fortify::twoFactorAuthenticationUsing(function ($user) { // Logic for enabling 2FA }); |
1. Generating Backup Codes:
You can create backup codes for users to use if they lose access to their 2FA method:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
use Illuminate\Support\Str; class GenerateTwoFactorBackupCodes { public function generate() { return [ Str::random(10), Str::random(10), Str::random(10), Str::random(10), Str::random(10), ]; } } |
Profile Management
You can allow users to update their profile information, including email and password, by implementing the necessary routes and views.
1. Profile Update Action:
You can create a custom action to handle profile updates:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
namespace App\Actions\Fortify; use Illuminate\Support\Facades\Hash; class UpdateUserProfile { public function update(array $data, User $user) { $user->update([ 'name' => $data['name'], 'email' => $data['email'], ]); if (!empty($data['password'])) { $user->password = Hash::make($data['password']); $user->save(); } } } |
Conclusion
Laravel Fortify is a powerful authentication package that provides a comprehensive backend solution for managing user authentication in your Laravel applications. It allows for easy customization and integration with existing features, enabling developers to create secure and robust authentication systems.
Additional Considerations
- Custom Frontend: Since Fortify is focused on the backend, you’ll need to implement your own frontend forms for login, registration, and password resets.
- Middleware: Use middleware to protect routes that require authentication.
- Testing: Ensure to write tests for your authentication logic to validate that all features work as expected.