Laravel Auth Overview 0:00Well, I suppose it's time to take a look at authentication in Laravel 5. But here's the good news. Right out of the box, the framework does so much of the work for you. Let's switch to our routes.php file. Now if you remember, earlier in the series, we modified this file and removed a snippet that looked just like this. So just remember, when we set up a new Laravel install, you'll see this by default. So now you might be thinking, well, I've learned about route.get and route.post, and we've learned about resources, but now route.controllers. And this refers to a different way that we can register our routes. Route::controllers Convention 0:31we've learned about resources, but now route.controllers. And this refers to a different way that we can register our routes. And really, it's one that I generally don't recommend. When you can, always be more explicit with your routes. However, because we get some of this stuff right out of the box, this makes it a little cleaner for you. So why don't we take a look at this? Well, we register two controllers, one for AuthController and one for PasswordController. So let me show you how that works. If we open this up, let's take a look at AuthController.So let me show you how that works. If we open this up, let's take a look at AuthController. And you'll see the important thing is it pulls in a trait here, just to keep it clean. Now you'll see this specific convention here, the name of the request, get, post, delete, what have you, and then the actual name of the method. So get register, and this is very important. Let me show you. If we run phpArtisan route list, and I'll zoom out a few clicks here, notice that even though we weren't explicit in our routes file, which I do recommend, we still have a route for auth slash register, and it does point to this method.though we weren't explicit in our routes file, which I do recommend, we still have a route for auth slash register, and it does point to this method. So here we can see that if we follow the convention, the route gets registered automatically, so to speak. So if we said get foo, and we just return foo bar, if we now run this again, you'll see that we have a route that responds to auth slash foo. Now notice that foo is attached to the base, and that's because if I switch back to routes.php, we specified that here. That is our base URI, and then as long as we use some kind of special request type that Laravel recognizes, like get and post, then we can register our routes pretty easily.That is our base URI, and then as long as we use some kind of special request type that Laravel recognizes, like get and post, then we can register our routes pretty easily. Just be careful though, like I said, I generally don't advise it. If you are more explicit with your routes, then anytime you want to just sort of inspect your application, you can go to this page and get a great bird's eye view for what kind of endpoints we can respond to. But when you have this on the other hand, it doesn't really help, does it? And yes, it's true, we have commands like this, but nonetheless, I still recommend that you be explicit. So just to drill this in, if we switch back, and I change that to foo alone, because weyou be explicit. So just to drill this in, if we switch back, and I change that to foo alone, because we don't have the request type, it will not be registered. That means if we want to respond to a post request to slash auth slash bar, then that's how we would represent it. Now if we run it, you'll see it right here. When we make a post request to auth slash bar, then trigger that method. Okay, so now you understand how that works, well let's see how Laravel has set this up for us. So here's one of the cool things, we get some views out of the box. Exploring Auth Views 3:16for us. So here's one of the cool things, we get some views out of the box. So even if you need to modify them a little bit, it still takes care of so much of the legwork. Let's see. If we go to auth slash login, there you go, we have a login page. However, if we forgot our password, that's set up as well. Or if we just need to register, then we have a route for that too. So this is what I mean, chances are you don't want your registration page to look like this, but it's already set up so you can just tweak it however you need to.So this is what I mean, chances are you don't want your registration page to look like this, but it's already set up so you can just tweak it however you need to. Okay, so let's see what this looks like. Well, we know get register, that loads a view, auth slash register. This should be a little more familiar to you now. Let's take a look, auth, register, and that's what you get straight out of the box. So we have a bit of error handling, and then we have the form. Next, if we switch back, what about the actual login page? Well, that means we would need a method called get login, and that loads a view. But when we submit that form, it submits to itself or submits a post request to that sameWell, that means we would need a method called get login, and that loads a view. But when we submit that form, it submits to itself or submits a post request to that same login page, so we would hit post login, where Laravel will do a quick bit of validation that you're already familiar with. And then we grab the email and the password that they entered into the form. We attempt to authenticate the user, and if we were successful, we redirect to where they intended to go. Otherwise, there was some kind of problem, which means the credentials they entered weren't good enough. So we redirect back to the login page, we include the input, that way they don't havegood enough. So we redirect back to the login page, we include the input, that way they don't have to retype the email address, and then we include some errors here. But mainly, the key thing is, you only have to look over this trait if you're curious about what Laravel's doing behind the scenes. But if you'd prefer not to, then you can just ignore it. That's what's sort of cool. So let's see. We have get register, and when we register, it's going to hit post register. In here, we do a little bit of validation.We have get register, and when we register, it's going to hit post register. In here, we do a little bit of validation. If it failed, we throw an exception that Laravel will catch. Otherwise, the form validation was successful, in which case we can log in the user. And here, notice that we are referencing, this is what we call a dependency. So registrar. Well, if we go back to our auth controller, we can see it right here. So if we click through to that, or if we go through manually, that will be within our app directory, services, registrar. Once again, this comes straight out of the box, but you can remove it if you want to.app directory, services, registrar. Once again, this comes straight out of the box, but you can remove it if you want to. You don't have to use any of this stuff if you'd rather code it from scratch. So here's where we create. And notice, it just defers to an Eloquent call. After create, we pass through the name, the email, and the password. Now here's the next cool thing. We touched upon this many videos ago, but just to refresh your memory, if we set this up from scratch, a new Laravel install, well, we don't have a users table just yet. And that's why, once again, out of the box, we have a couple migrations for you. Running Registration Flow 6:14up from scratch, a new Laravel install, well, we don't have a users table just yet. And that's why, once again, out of the box, we have a couple migrations for you. Schema create users, that has some common fields that you can modify if you need to. And the same is true for a password resets table. So that means, once you install Laravel, if you run phpArtist and migrate, you'll immediately get these two very, very common tables. Okay, so with that review, why don't we just try this out? I will register myself. Jeffrey Way, jeffrey at laracast.com, and password and password. All right, let's register.Jeffrey Way, jeffrey at laracast.com, and password and password. All right, let's register. And here, it looks like it failed, but actually it didn't. It tried to send us to a homepage, sort of like the logged in dashboard. But if you remember, we removed that route. So of course, when you try to access a page that you don't have a route registered for, you get a not found exception. That's expected behavior. The important thing, though, is we do have a new user. Let me show you.The important thing, though, is we do have a new user. Let me show you. phpArtisan tinker. And we'll say, get the very first user in our system and cast that to an array. And there we go. So we just need to handle the situation for where it should direct once we register. Okay. Well, like I said, you can keep that homepage, or you can make your own. So you could say, route, get, home, and then respond to that. Or we can just change the redirect path.So you could say, route, get, home, and then respond to that. Or we can just change the redirect path. And maybe that's what we'll do. If we go back to the trait, let's see what it tries to do. Well, after we register a user, we redirect to the redirect path. And notice it says, well, if the user has a redirect to property, then that's where we're going. Otherwise, we'll default to home. So that means, let's just go back to our auth controller and set that up right here. Protected, redirect to, equals, and where do you want to go?So that means, let's just go back to our auth controller and set that up right here. Protected, redirect to, equals, and where do you want to go? Well, why don't we go to slash articles. Okay. So now, why don't we log out and register somebody new? Auth, log out. We have a route for that. That logs out the user and redirects them to the homepage. And once again, we just don't have a homepage set up, but we can do that in a few seconds. So now, we're going to register a new user, John Doe, john at example.com, and password, Checking Authenticated User 8:30And once again, we just don't have a homepage set up, but we can do that in a few seconds. So now, we're going to register a new user, John Doe, john at example.com, and password, password, register. And this time, it'll successfully send us to slash articles. Now, how do we actually know that we are authenticated? And there's a number of ways. We can even set up little middlewares that'll protect certain routes. For example, can you imagine situations where you want to say, you can only view this page if you are signed in? Well, Laravel makes that sort of thing incredibly easy.if you are signed in? Well, Laravel makes that sort of thing incredibly easy. And we will review the specifics of that more in a future video. But for now, if we go to articles controller, let's just see if we want to fetch the authenticated user. Well, we could use the auth facade. And we could say auth user, get me the authenticated user. And why don't we just return that and see what we are working with. So refresh. And there we go.So refresh. And there we go. That is the person who is currently signed in. So if we want to fetch the authenticated user's name, then we could do something very much like this. Come back, give it a refresh. And now you see how that works. However, if we were to log out, auth log out, and we return to slash articles, well, notice that we get an error trying to get property of non-object. And that's because when we hit this route, we're just assuming that we have an authenticatedthat we get an error trying to get property of non-object. And that's because when we hit this route, we're just assuming that we have an authenticated user, but we don't. In this case, the visitor is a guest. So auth user is returning null. So that means you're basically trying to say return null name. And of course, we get an exception. So that's why you always want to make sure that if you require an authenticated user to do something within a route callback or a controller method, then you set up the necessary filter or middleware.to do something within a route callback or a controller method, then you set up the necessary filter or middleware. And don't worry, we're going to review all of that in the very next lesson. So to finish up this video, let's just make sure that the login page works. We know that registration is great. So let's say auth login. And I'm going to log in john at example.com. I will use his password and I will select remember me. And if we go through that, everything works. John is now signed in. Assigning Articles to User 10:52And if we go through that, everything works. John is now signed in. So that means we can now fix that issue from the previous video where we were hard coding a specific user to be associated with these articles. Let's go to articles slash create. And you'll remember that we referenced the form. So articles slash form. And now right here, remember, we had this temporary hidden input. I can get rid of that entirely now. That means back within our articles controller, where we store a new article.I can get rid of that entirely now. That means back within our articles controller, where we store a new article. Well, now, how can we say that when we create an article, we want its user ID field to be equal to the authenticated users ID, which we could fetch with auth ID, or of course, get the actual user object, and then grab their ID. So how do we do that? Well, it's true, you could do something like this request all. And then you could say request user ID equals auth ID. Or you could even use some of Laravel's helper functions that it includes, like array add. And just as a quick aside, if you're curious about that stuff, go to illuminate supportOr you could even use some of Laravel's helper functions that it includes, like array add. And just as a quick aside, if you're curious about that stuff, go to illuminate support helpers. And you'll see a bunch of these various things that we can do. Think of these as missing array functions that you wish PHP had by default. Things like array pluck, or array where, or array first. And there's tons of stuff in here. So play around with that once you get a little more comfortable with the basics of Laravel. So again, yes, we could manually set it. But I'd rather not do that.So again, yes, we could manually set it. But I'd rather not do that. Let's make Laravel do the work for us automatically. And here's how. We just reference the relationship. If I say auth user, grab their articles and save a new one, save a new article, and pass through the request, behind the scenes, Laravel will automatically apply the user ID to this new article. So if you want to clean this up a little bit, we could extract a variable named article, like so.So if you want to clean this up a little bit, we could extract a variable named article, like so. And now that's actually pretty darn clean. So create a new article with the attributes from the form. And then we say, get the authenticated user's articles, and we're going to save a new one. And we just pass through that article object. Now remember, at this point, the article doesn't have the user ID set. Behind the scenes, Laravel will do that automatically for us, since we reference it in this way. But now, how did we get articles from the user object? Well, if we go to user.php, and we scroll down, don't forget that we set up this relationshipBut now, how did we get articles from the user object? Well, if we go to user.php, and we scroll down, don't forget that we set up this relationship in the very last video. So because we've prepared and done a lot of the work already, this will just work right out of the box. Now remember, we're not doing it like this. Auth user articles. Don't forget, when you reference this in that way, you're going to get a collection of all the articles. But in our case, we want to continue chaining.the articles. But in our case, we want to continue chaining. We already talked about all this stuff. So that's why we reference it as a method and say, save this new article that I have here. Okay? So let's see if this works. And if it does, we'll call it a day. I'm going to switch back and create a new article by John and the body, and we'll publish it on today.I'm going to switch back and create a new article by John and the body, and we'll publish it on today. So we run that, and everything seemed to work. So let's do a quick inspection with phpArtisanTinker to make sure that it did. App, article, first, to array. And there we go. The user ID was automatically set by Laravel to the authenticated user's ID, which means so we could say John equals app user, where his name is John Joe, and grab the first result. Okay. So we have John.Okay. So we have John. We've already reviewed this in the eloquent lesson. And if we now want to grab all of the articles that John has written, then we can do that. And we'll cast those to an array, and we should get one. So to finish up, and just to make sure this is really clear, because it was a little confusing for me when I was first learning, let's go through that process again with Tinker. Article equals new app article. The title will be new. The body will be new.The title will be new. The body will be new. And then finally, the published ad will be carbon carbon now. Okay. So that looks good. We have our article. I can cast that to an array. However, don't forget, there is no user ID on that yet. So that's when we can use this technique. John, the user, for his articles, I want you to save this new one that we created.So that's when we can use this technique. John, the user, for his articles, I want you to save this new one that we created. There we go. The user ID was applied, and the article was persisted. Which means if we now do article to array this time, you'll see that it has now been updated with the user ID as well as the timestamps. All right. So I hope you're getting the hang of this. In the next video, we'll dig into this concept of middleware.In the next video, we'll dig into this concept of middleware.
