Laravel Fortify is a backend authentication package for Laravel applications, providing a set of features to handle user authentication, registration, password resets, and more. Fortify focuses solely on the backend aspects of authentication, allowing developers to build custom frontend interfaces as needed. It is designed to work seamlessly with Laravel’s built-in features and can be easily customized to fit your application’s requirements.
Key Features of Laravel Fortify:
- User Registration: Provides a straightforward way to handle user registration with validation.
- Login and Logout: Manages user login and logout processes, including session management.
- Password Reset: Implements password reset functionality using email verification.
- Email Verification: Supports email verification for new user registrations.
- Two-Factor Authentication: Enables two-factor authentication for added security.
- User Profile Updates: Allows users to update their profile information, such as password and email address.
Installation
To get started with Laravel Fortify, follow these steps:
- Install Laravel Fortify: Use Composer to install the package:
1composer require laravel/fortify - Publish the Fortify Configuration: Publish the Fortify configuration file:
1php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider" - Run Migrations: Run the necessary migrations to create the required tables:
1php artisan migrate - Configure Fortify: You can customize Fortify’s behavior by editing the
config/fortify.php
configuration file. This file allows you to enable or disable features such as registration, password resets, and two-factor authentication.
Setting Up Fortify Features
To enable the authentication features provided by Fortify, you need to register them in your application.
1. Registering Authentication Features:
In your FortifyServiceProvider
, you can register various features:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
namespace App\Providers; use Laravel\Fortify\Fortify; use Illuminate\Support\ServiceProvider; class FortifyServiceProvider extends ServiceProvider { public function boot() { Fortify::createUsersUsing(CreateNewUser::class); Fortify::authenticateUsing(function (Request $request) { // Custom authentication logic }); Fortify::requestPasswordResetLinkUsing(SendPasswordResetLink::class); Fortify::resetUserPasswordsUsing(ResetUserPassword::class); } } |
2. Customizing Registration:
You can create a custom user registration class to handle user creation and validation:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
namespace App\Actions\Fortify; use App\Models\User; use Illuminate\Support\Facades\Hash; use Illuminate\Validation\ValidationException; class CreateNewUser { public function create(array $data) { return User::create([ 'name' => $data['name'], 'email' => $data['email'], 'password' => Hash::make($data['password']), ]); } } |
Customizing Authentication Logic
You can customize the authentication process by defining your logic in the authenticateUsing
method:
1 2 3 4 5 6 7 |
Fortify::authenticateUsing(function (Request $request) { $user = User::where('email', $request->email)->first(); if ($user && Hash::check($request->password, $user->password)) { return $user; } }); |
Implementing Password Reset
Fortify provides built-in functionality for password resets. You can customize the behavior by creating your own actions:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
namespace App\Actions\Fortify; use Illuminate\Support\Facades\Password; class SendPasswordResetLink { public function send(array $data) { $response = Password::sendResetLink( ['email' => $data['email']] ); return $response == Password::RESET_LINK_SENT; } } |
Enabling Two-Factor Authentication
Fortify supports two-factor authentication (2FA) out of the box. To enable it, you can register the feature in the FortifyServiceProvider
:
1 2 3 |
Fortify::twoFactorAuthenticationUsing(function ($user) { // Logic for enabling 2FA }); |
1. Generating Backup Codes:
You can create backup codes for users to use if they lose access to their 2FA method:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
use Illuminate\Support\Str; class GenerateTwoFactorBackupCodes { public function generate() { return [ Str::random(10), Str::random(10), Str::random(10), Str::random(10), Str::random(10), ]; } } |
Profile Management
You can allow users to update their profile information, including email and password, by implementing the necessary routes and views.
1. Profile Update Action:
You can create a custom action to handle profile updates:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
namespace App\Actions\Fortify; use Illuminate\Support\Facades\Hash; class UpdateUserProfile { public function update(array $data, User $user) { $user->update([ 'name' => $data['name'], 'email' => $data['email'], ]); if (!empty($data['password'])) { $user->password = Hash::make($data['password']); $user->save(); } } } |
Conclusion
Laravel Fortify is a powerful authentication package that provides a comprehensive backend solution for managing user authentication in your Laravel applications. It allows for easy customization and integration with existing features, enabling developers to create secure and robust authentication systems.
Additional Considerations
- Custom Frontend: Since Fortify is focused on the backend, you’ll need to implement your own frontend forms for login, registration, and password resets.
- Middleware: Use middleware to protect routes that require authentication.
- Testing: Ensure to write tests for your authentication logic to validate that all features work as expected.
- Laravel Breeze – Simple authentication starter kit
- Laravel Jetstream – Scaffolding for Laravel apps
- Laravel Passport – API authentication via OAuth2
- Laravel Sanctum – Simple API authentication
- Spatie Laravel Permission – Role and permission management
- Laravel Cashier – Subscription billing with Stripe
- Laravel Scout – Full-text search using Algolia
- Laravel Socialite – OAuth authentication (Google, Facebook, etc.)
- Laravel Excel – Excel import and export for Laravel
- Laravel Horizon – Redis queues monitoring
- Laravel Nova – Admin panel for Laravel
- Laravel Fortify – Backend authentication for Laravel
- Laravel Vapor – Serverless deployment on AWS
- Laravel Telescope – Debugging assistant for Laravel
- Laravel Dusk – Browser testing
- Laravel Mix – API for compiling assets
- Spatie Laravel Backup – Backup management
- Laravel Livewire – Building dynamic UIs
- Spatie Laravel Media Library – Manage media uploads
- Laravel Excel – Excel spreadsheet handling
- Laravel Debugbar – Debug tool for Laravel
- Laravel WebSockets – Real-time communication
- Spatie Laravel Sitemap – Generate sitemaps
- Laravel Spark – SaaS scaffolding
- Laravel Envoy – Task runner for deployment
- Spatie Laravel Translatable – Multilingual model support
- Laravel Backpack – Admin panel
- Laravel AdminLTE – Admin interface template
- Laravel Collective Forms & HTML – Simplified form and HTML generation
- Spatie Laravel Analytics – Google Analytics integration
- Laravel Eloquent Sluggable – Automatically create slugs
- Laravel Charts – Chart integration
- Laravel Auditing – Track changes in models
- Laravel JWT Auth – JSON Web Token authentication
- Laravel Queue Monitor – Monitor job queues
- Spatie Laravel Query Builder – Filter, sort, and include relationships in Eloquent queries
- Laravel Datatables – jQuery Datatables API
- Laravel Localization – Multilingual support for views and routes
- Laravel Acl Manager – Access control list manager
- Laravel Activity Log – Record activity in your app
- Laravel Roles – Role-based access control
- Spatie Laravel Tags – Tagging models
- Laravel Installer Advertisement
- Laravel Breadcrumbs – Generate breadcrumbs in Laravel
- Laravel Mailgun – Mailgun integration for Laravel
- Laravel Trustup Model History – Store model change history
- Laravel Deployer – Deployment automation tool
- Laravel Auth – Custom authentication guards
- Laravel CORS – Cross-Origin Resource Sharing (CORS) support
- Laravel Notifications – Send notifications through multiple channels
- Spatie Laravel Http Logger – Log HTTP requests
- Laravel Permission Manager – Manage permissions easily
- Laravel Stubs – Customize default stubs in Laravel
- Laravel Fast Excel – Speed up Excel exports
- Laravel Image – Image processing
- Spatie Laravel Backup Server – Centralize backups for Laravel apps
- Laravel Forge API – Manage servers through the Forge API
- Laravel Blade SVG – Use SVGs in Blade templates
- Laravel Ban – Ban/unban users from your application
- Laravel API Response – Standardize API responses
- Laravel SEO – Manage SEO meta tags
- Laravel Settings – Store and retrieve settings
- Laravel DOMPDF – Generate PDFs
- Laravel Turbo – Full-stack framework for building modern web apps
- Spatie Laravel Event Sourcing – Event sourcing implementation
- Laravel Jetstream Inertia – Jetstream’s Inertia.js integration
- Laravel Envoy Tasks – Task automation
- Laravel Likeable – Like/dislike functionality
- Laravel GeoIP – Determine visitor’s geographic location
- Laravel Country State City – Dropdowns for country, state, and city
- Laravel Hashids – Generate short unique hashes
- Laravel Repository – Repository pattern for Laravel
- Laravel UUID – UUID generation for models
- Spatie Laravel Medialibrary Pro – Enhanced media management
- Laravel Queue Monitor – Monitor Laravel job queues
- Laravel User Activity – Monitor user activity
- Laravel DB Snapshots – Create database snapshots
- Laravel Twilio – Twilio integration
- Laravel Roles – Role-based permission handling
- Laravel Translatable – Add translations to Eloquent models
- Laravel Teamwork – Manage teams in multi-tenant apps
- Laravel Full Text Search – Add full-text search to Laravel models
- Laravel File Manager – File and media management
- Laravel User Timezones – Automatically detect user time zones
- Laravel ChartsJS – Render charts with ChartsJS
- Laravel Stripe – Stripe API integration
- Laravel PDF Generator – PDF generation
- Laravel Elasticsearch – Elasticsearch integration
- Laravel Simple Qrcode – Generate QR codes
- Laravel Timezone – Manage timezones and conversions
- Laravel Collective API – API management for Laravel
- Laravel Rest API Boilerplate – REST API starter kit
- Laravel Multi Auth – Multi-authentication functionality
- Laravel Voyager – Admin panel for Laravel
- Laravel Voyager Database – Database manager for Voyager
- Laravel Categories – Handle categories for models
- Laravel Multitenancy – Multi-tenancy implementation
- Laravel Access Control – Advanced access control for users
- Laravel Menus – Menu management
- Laravel Translatable Routes – Multilingual route handling