5

How can you authenticate multiple types of users in Laravel 5.1 e.g. Jobseeker, Recruiter, Admin etc.

Some of you have suggested using a single users table to store only the password and email, creating profile tables to store user specific information (jobseeker_profile, recruiter_profile) and using roles to differentiate between the different types of users (i.e having a roles and role_user) table.

This is all very well but then what if the different types of users have different registration and login forms. How do you customize the default auth controller out of the box to display the correct view?

So if I have the following routes:

// Jobseeker Authentication routes...
Route::get('auth/login', 'Auth\AuthController@getLogin');
Route::post('auth/login', 'Auth\AuthController@postLogin');
Route::get('auth/logout', 'Auth\AuthController@getLogout');

// Jobseeker Registration routes...
Route::get('auth/register', 'Auth\AuthController@getRegister');
Route::post('auth/register', 'Auth\AuthController@postRegister');


// Recruiter Authentication routes...
Route::get('recruiter/auth/login', 'Auth\AuthController@getLogin');
Route::post('recruiter/auth/login', 'Auth\AuthController@postLogin');
Route::get('recruiter/auth/logout', 'Auth\AuthController@getLogout');

// Recruiter Registration routes...
Route::get('recruiter/auth/register', 'Auth\AuthController@getRegister');
Route::post('recruiter/auth/register', 'Auth\AuthController@postRegister');

This is the default auth controller out of the box:

class AuthController extends Controller
{
    use AuthenticatesAndRegistersUsers;

    public function __construct()
    {
        $this->middleware('guest', ['except' => 'getLogout']);
    }

    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|confirmed|min:6',
        ]);
    }

    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }
}

traits used by the default out of the box auth controller:

trait AuthenticatesUsers
{
   use RedirectsUsers;

   public function getLogin()
   {
        return view('auth.login');
    }

   public function postLogin(Request $request)
   {
        $this->validate($request, [
            'email' => 'required|email', 'password' => 'required',
        ]);

        $credentials = $this->getCredentials($request);

        if (Auth::attempt($credentials, $request->has('remember'))) {
            return redirect()->intended($this->redirectPath());
        }

        return redirect($this->loginPath())
            ->withInput($request->only('email', 'remember'))
            ->withErrors([
               'email' => $this->getFailedLoginMessage(),
            ]);
   }

    public function loginPath()
   {
        return property_exists($this, 'loginPath') ? $this->loginPath : '/auth/login';
    }

}

trait RegistersUsers
{
    use RedirectsUsers;

    public function getRegister()
    {
        return view('auth.register');
    }

    public function postRegister(Request $request)
    {
        $validator = $this->validator($request->all());

        if ($validator->fails()) {
            $this->throwValidationException(
                $request, $validator
            );
         }

         Auth::login($this->create($request->all()));

        return redirect($this->redirectPath());
    }
}

I'm sure this is a very common requirement for many web applications but I can't find any helpful tutorials for Laravel specific implementations. All the tutorial simply focus on the out of the box implementation for some odd reason.

Any help on the above would be much appreciated.

Improve this question
2
  • Your question should be corrected, I think this is called roles, is not that what you are looking for? It means you have the same user login system, but depending on your roles, you will have limited access or full access or non access to some resources. If that is the case, let me know Commented Aug 30, 2015 at 9:08
  • Yes it is roles. So I have a single users table for authentication which has basic info (id, email, pwd). I create two more table called jobseeker and recruiter which contain their own attributes. Both a jobseeker and recruiter are types of users so have a 1 to 1 foreign key relationship to users table. A jobseeker will have a different type of registration and login form to a recruiter. Upon registration the jobseeker would be assigned the jobseeker role. How do you use a single authentication to check roles and return the correct form to login and register and redirect to dashboard? Commented Aug 30, 2015 at 11:17

5 Answers 5

Reset to default
6

This is not a solution to your question directly, but alternative way to solve your question problem with.

In stead of creating different username and password for different groups, make a central authentication that has roles. It called user and roles.

You can define groups with different roles, and each roles has specific access to respective area.

Regarding registration process you can make two differnet views but using the same controller, and for each view you can create a hidden field to indicate if it is jobseekers group or recruiter group.

Both will receive two different confirmation emails where they should fill the rest of the profile information, like recruiter should put company name and jobseeker should put his name etc. they might have two different tables for profile information, but still using the same login system.

By adding condition to middleware and correct route, if jobseeker tries to access recruiter area even if jobseeker is logged in the system, the jobseeker won't be able to access that area or the opposite way.

Since Laravel 5.1 has build in user login system, so you have few choices, build your own roles or use 3rd party.

I suggest you to build your own so you have control over your code and can further develop it as you wish with time. It might take you half day to get it run and understand how it works, but it is worth spending that time with the right approach in stead of the way you go in your Question OR using 3rd party is fine too, there is a lot of packages around you can search for. I have personally used Entrust (https://github.com/Zizaco/entrust) it is easy and nice way to provide roles and permissions to your project.

Here is also a link to video developed by Jeffrey Way at Laracast, it builds user and roles system from scratch for Laravel 4. but since you have user part, just follow roles part and with small modifications you will have a roles system to your Laravel 5.1, I have tried it and it works.

Regarding your question in the comments, when you follow the video you will understand the concept.

Link to the video: https://laracasts.com/lessons/users-and-roles

You might need to create account to see the video, most of videos are free.

Good practice It is always also a good practice to illustrate what you want to achieve that makes things easier, I have just made an example for your project, but that is only example for learning:

enter image description here

I encourage you to read some of the topics regarding roles, here you will also find some inspiration to 3rd party acl systems to Laravel, there might be more articles but here is some:

Reading:
https://laracasts.com/discuss/channels/laravel/which-package-is-best-for-roles-permissions/?page=2
https://laracasts.com/discuss/channels/general-discussion/laravel-5-user-groups-management
https://laracasts.com/discuss/channels/general-discussion/roles-and-permissions-in-laravel-5

EDIT

Important Note
Laravel 5.1 has introduced Authorization, I have not found much documentation online yet but it is worth to spend some time learning it:

http://laravel.com/docs/5.1/authorization#policies

NEW UPDATE
There are some great videos solution for what you asking, follow ACL parts here https://laracasts.com/series/whats-new-in-laravel-5-1

This might be very interesting too: https://laracasts.com/lessons/email-verification-in-laravel

This will give you a complete own developed solution.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

When defining the eloquent relationship would you define it against the user model or the profile modal e.g. recruiter_profile. For example a recruiter hasMany jobs and a job belongsTo a recruiter so do I define the relationship against the recruiter_profile or user modal because not all users post jobs?
You can do it that way, my best suggestion will be make ER diagram for your database then reflect that on your Laravel project, right now you are working the other way around and therefore that way you are working can give you design headaches. But when all this said, do not get scared, it is fine to work with trail and fail concept, this way you will learn more. so the short story long One User account has one Profile and each User account will have at least one role, if user profile has recruiter status, then the account are able to create jobs.
Btw try to look at this question it is from today, it has some elements that you can re-use in your projects OR perhaps some inspiration. stackoverflow.com/questions/32297939/…
2

You can achieve multiple authentication easily by pulling up the sarav/laravel-multiauth package

 composer require sarav/laravel-multiauth

I assume you have separate tables for Jobseeker, Recruiter, Admin.

Step 1 : Open app.php and replace

Illuminate\Auth\AuthServiceProvider::class

with 

Sarav\Multiauth\MultiauthServiceProvider::class

Then, open up auth.php file and remove 

<?php

return [

    'driver' => 'eloquent',
    'model'  => 'App\User::class',
    'table'  => 'users',
    'password' => [
       'email' => 'emails.password',
       'table' => 'password_resets',
       'expire' => 60,
    ],
];

and add the following code

return [
'multi' => [
    'jobseeker' => [
        'driver' => 'eloquent',
        'model'  => App\Jobseeker::class, // Model Class
        'table'  => 'jobseeker' // jobseeker table
    ],
    'recruiter' => [
        'driver' => 'eloquent',
        'model'  => App\Recruiter::class, // Model Class
        'table'  => 'recruiter' //recruiter table
    ],
    'admin' => [
        'driver' => 'eloquent',
        'model'  => App\Admin::class, // Model Class
        'table'  => 'admin' //admin table
    ],
 ],
 'password' => [
       'email' => 'emails.password',
       'table' => 'password_resets',
       'expire' => 60,
  ]
 ];

Thats it!

Now you can try login attempt by calling

\Auth::attempt('jobseeker', ['email'=> '[email protected]', 'password' => 'secret']);

\Auth::attempt('recruiter', ['email'=> '[email protected]', 'password' => 'secret']);

\Auth::attempt('admin', ['email'=> '[email protected]', 'password' => 'secret']);

Always remember first paramter should be your user parameter. Here I have given jobseeker for jobseeker login attempt, recruiter for recruiter attempt and admin for admin login attempt. Without the proper first parameter system will throw exception.

For more detailed information checkout this article http://sarav.co/blog/multiple-authentication-in-laravel-continued/

Improve this answer

2 Comments

Please don't post identical answers to multiple questions. Post one good answer, then vote/flag to close the other questions as duplicates. If the question is not a duplicate, tailor your answers to the question.
I'm trying this package. Using it in the beginning is pretty easy and straight forward but for example how would you handle policies? The internal function authorize uses the Guard class to get the User class. Now how could you write a policy for a class Account?? Same goes for Middleware. Normally you would inject the Guard class but this doesn't work so you have to do \Auth::user('account'). Yes this works but it's not that well written code.
0

Short Answer: Add user types to your users table with specific number.

TL;DR answer.

Long Answer:

  1. If you have migrated your table, just run php artisan migrate:rollback.
  2. Add following line to your migration table for users: $table->integer("user_type")->default(0);

Here I am considering that user type zero is just a simple JobSeeker.

  1. And in your form, you can add option with value zero and one such that people will be selecting what they want to be like recruiter. There is no need of other
Improve this answer

2 Comments

simply adding user type wont work because different types of users have different attributes.
@ozzii I do the things like this always. I don't know what you mean by > attributes
0

As another solution, i can suggest you to use a polymorphic relation between User and Account, like

class User extends Eloquent {

  ...

  public function account() {
    return $this->morphTo();
  }

}

class Account extends Eloquent {

  ...

  public function user() {
    return $this->morphOne(App\User::class, 'account');
  }
}

class JobSeeker extends Account { ... }

class Recruiter extends Account { ... }

For different types of Account, you can use route prefixes and different auth controllers, specially for registration who differs for each account instances :

// Recruiter Authentication routes...
Route::group(['prefix' => 'recruiter'], function() {
  Route::controller('auth', 'Auth\RecruiterAuthController');
});

At last, you can access the authenticated account directly from auth()->user()->account. it will return any instance of Account (Recruiter, Admin, ....)

hope it helps you ;)

Improve this answer

5 Comments

can the same not be achieved by using a user, recruiter, jobseeker, role and role_user table. Different types of users can be given given role i.e. recruiter, jobseeker, admin and have a 1 to 1 relationship with user table. and accessing the authenticated account auth()->user()->hasRole($role)
what would be the syntax to create a new jobseeker account then?
Also with a polymorphic relationship there would be no way to delete a user i.e a cascade on delete since the account_id on on the users table may be related to multiple types of accounts? I like this solution but some more info on how to overcome some of these obstacles would be helpful.
Polymorphic relation uses 2 columns account_id and account_type to store the class name for related models. You should create the jobseeker model first, then create the user and associate it to the jobseeker as $jobseeker->user()->save(new User([crendentials])). For cascade delete, use Model event handlers (deleting or deleted) within $jobseeker->user()->delete().
As a substitute of ACL, you can use route middlewares for different sections of your application, that checks for the authorized account type auth()->user()->account instanceof JobSeeker
0

I will try to explain how authentication is managed in Laravel 5.1

On application start AuthServiceProvider is called, which calls registerAuthenticator() function in which new AuthManager is created.

AuthServiceProvider -> registerAuthenticator() -> new AuthManager()

On manager create createNameDriver function will be called in which new nameProvider will be created, where name is your auth driver selected in auth config file. Then in that function new Guard will be created and nameProivder will be passed to its contractor. All auth functions in that Guard will use functions from that provider to manage auth. Provider implements UserProvider which has

  • retrieveById($identifier),
  • retrieveByToken($identifier, $token),
  • updateRememberToken(Authenticatable $user, $token),
  • retrieveByCredentials(array $credentials),
  • validateCredentials(Authenticatable $user, array $credentials)

functions.

Main idea of managing multi auth in Laravel 5.1 is to create new AutServiceProvider and on its boot pass app auth new AuthModelProvider which functions then will be used in same Guard. In AuthModelProvider you can manage all retrieve functions the way you need.

Here is all changed I've made to manage multi auth. My project name is APC, that's why I use it everywhere.

Add this function to your models 

public function getAuthIdentifier()
{
    return [self::MODULE_NAME => $this->getKey()];
}

Create AuthServiceProvider in Provider/YourProjectName directory. In boot function we extend auth from our new provider AuthModelProvider.

<?php

namespace App\Providers\Apc;

use Illuminate\Contracts\Auth\Access\Gate as GateContract;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Hashing\BcryptHasher;

class AuthServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap the application services.
     *
     * @return void
     */
    public function boot()
    {
        self::getAuthModels();
        $this->app['auth']->extend('apc', function() {
            return new AuthModelProvider(self::getAuthModels(), new BcryptHasher());
        });
    }

    /**
     * Register the application services.
     *
     * @return void
     */
    public function register()
    {

    }

    public static function getAuthModels()
    {
        $configModels = config('auth.models');
        $authModels = [];
        foreach ($configModels as $key => $class) {
            $authModel = new $class();
            $authModels [$key]=  $authModel;
        }

        return $authModels;
    }
}

Create AuthModelProvider in same directory. Diff in my models is existence of login field in company table. But you can be more specific if you want. In retrieveByCridentials function I just look for existence of login and choose my model accordingly.

<?php

namespace App\Providers\Apc;

use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Hashing\Hasher as HasherContract;
use Illuminate\Support\Str;

class AuthModelProvider implements UserProvider
{
    protected $users;

    protected $hasher;

    public function __construct($usersModels, HasherContract $hasher)
    {
        $this->users = $usersModels;
        $this->hasher = $hasher;
    }

    /**
     * Retrieve a user by their unique identifier.
     *
     * @param  mixed $identifier
     * @return \Illuminate\Contracts\Auth\Authenticatable|null
     */
    public function retrieveById($identifiers)
    {
        foreach ($identifiers as $key => $id) {
            if (isset($this->users[$key])) {
                return $this->users[$key]->where('id', $id)->active()->base()->first();
            }
        }
    }

    /**
     * Retrieve a user by their unique identifier and "remember me" token.
     *
     * @param  mixed $identifier
     * @param  string $token
     * @return \Illuminate\Contracts\Auth\Authenticatable|null
     */
    public function retrieveByToken($identifiers, $token)
    {
        return null;
        $user = $this->getUserByIdentifier($identifiers);
        if ($user) {
            return $user->where($user->getRememberTokenName(), $token)->active()->first();
        }
    }

    /**
     * Update the "remember me" token for the given user in storage.
     *
     * @param  \Illuminate\Contracts\Auth\Authenticatable $user
     * @param  string $token
     * @return void
     */
    public function updateRememberToken(Authenticatable $user, $token)
    {
        $user->setRememberToken($token);
        $user->save();
    }

    /**
     * Retrieve a user by the given credentials.
     *
     * @param  array $credentials
     * @return \Illuminate\Contracts\Auth\Authenticatable|null
     */
    public function retrieveByCredentials(array $credentials)
    {
        if (empty($credentials)) {
            return null;
        }

        if (isset($credentials['login'])) {
            $userModel = $this->users['company'];
        } else {
            $userModel = $this->users['user'];
        }

        $query = $userModel->newQuery();

        foreach ($credentials as $key => $value) {
            if (! Str::contains($key, 'password')) {
                $query->where($key, $value);
            }
        }

        return $query->first();
    }

    /**
     * Validate a user against the given credentials.
     *
     * @param  \Illuminate\Contracts\Auth\Authenticatable $user
     * @param  array $credentials
     * @return bool
     */
    public function validateCredentials(Authenticatable $user, array $credentials)
    {
        $plain = $credentials['password'];

        return $this->hasher->check($plain, $user->getAuthPassword());
    }

    private function getUserByIdentifier($identifiers)
    {
        if (!$identifiers) {

        }

        foreach ($identifiers as $namespace => $id) {
            if (isset($this->users[$namespace])) {
                return $this->users[$namespace];
            }
        }
        return null;
    }

}

Add AuthServiceProvider to app conf file.

 \App\Providers\Apc\AuthServiceProvider::class,

Make this changes to auth conf file.

'driver' => 'apc',

'models' => [
        \App\Apc\User\User::MODULE_NAME => \App\Apc\User\User::class,
        \App\Apc\Company\Company::MODULE_NAME => \App\Apc\Company\Company::class
],

That's all. Hope it was helpful.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.