SessionGuard
class SessionGuard implements StatefulGuard, SupportsBasicAuth (View source)
Traits
These methods are typically the same across all guards.
Properties
protected Authenticatable|null | $user | The currently authenticated user. |
from GuardHelpers |
protected UserProvider | $provider | The user provider implementation. |
from GuardHelpers |
static protected array | $macros | The registered string macros. |
from Macroable |
string | $name | The name of the guard. Typically "web". |
|
protected Authenticatable | $lastAttempted | The user we last attempted to retrieve. |
|
protected bool | $viaRemember | Indicates if the user was authenticated via a recaller cookie. |
|
protected int | $rememberDuration | The number of minutes that the "remember me" cookie should be valid for. |
|
protected Session | $session | The session used by the guard. |
|
protected QueueingFactory | $cookie | The Illuminate cookie creator service. |
|
protected Request | $request | The request instance. |
|
protected Dispatcher | $events | The event dispatcher instance. |
|
protected Timebox | $timebox | The timebox instance. |
|
protected bool | $rehashOnLogin | Indicates if passwords should be rehashed on login if needed. |
|
protected bool | $loggedOut | Indicates if the logout method has been called. |
|
protected bool | $recallAttempted | Indicates if a token user retrieval has been attempted. |
Methods
Determine if the current user is authenticated. If not, throw an exception.
Get the ID for the currently authenticated user.
Mix another object into the class.
Dynamically handle calls to the class.
Dynamically handle calls to the class.
Create a new authentication guard.
Get the currently authenticated user.
Pull a user from the repository by its "remember me" cookie token.
Log a user into the application without sessions or cookies.
Log the given user ID into the application without sessions or cookies.
Validate a user's credentials.
Attempt to authenticate using HTTP Basic Auth.
Perform a stateless HTTP Basic login attempt.
Attempt to authenticate using basic authentication.
Get the credential array for an HTTP Basic request.
Get the response for basic authentication.
Attempt to authenticate a user using the given credentials.
Attempt to authenticate a user with credentials and additional callbacks.
Determine if the user matches the credentials.
Determine if the user should login by executing the given callbacks.
Rehash the user's password if enabled and required.
Log the given user ID into the application.
Update the session with the given ID.
Create a new "remember me" token for the user if one doesn't already exist.
Create a "remember me" cookie for a given ID.
Log the user out of the application.
Log the user out of the application on their current device only.
Remove the user data from the session and cookies.
Invalidate other sessions for the current user.
Rehash the current user's password for logging out other devices via AuthenticateSession.
Register an authentication attempt event listener.
Fire the attempt event with the arguments.
Fire the login event if the dispatcher is set.
Fire the authenticated event if the dispatcher is set.
Fire the other device logout event if the dispatcher is set.
Fire the failed authentication attempt event with the given arguments.
Get the last user we attempted to authenticate.
Get a unique identifier for the auth session value.
Get the name of the cookie used to store the "recaller".
Determine if the user was authenticated via "remember me" cookie.
Get the number of minutes the remember me cookie should be valid for.
Set the number of minutes the remember me cookie should be valid for.
Get the cookie creator instance used by the guard.
Get the event dispatcher instance.
Get the session store used by the guard.
Return the currently cached user.
Get the current request instance.
Set the current request instance.
Get the timebox instance used by the guard.
Details
Authenticatable
authenticate()
Determine if the current user is authenticated. If not, throw an exception.
bool
hasUser()
Determine if the guard has a user instance.
bool
check()
Determine if the current user is authenticated.
bool
guest()
Determine if the current user is a guest.
int|string|null
id()
Get the ID for the currently authenticated user.
$this
setUser(Authenticatable $user)
Set the current user.
$this
forgetUser()
Forget the current user.
UserProvider
getProvider()
Get the user provider used by the guard.
void
setProvider(UserProvider $provider)
Set the user provider used by the guard.
static void
macro(string $name, object|callable $macro)
Register a custom macro.
static void
mixin(object $mixin, bool $replace = true)
Mix another object into the class.
static bool
hasMacro(string $name)
Checks if macro is registered.
static void
flushMacros()
Flush the existing macros.
static mixed
__callStatic(string $method, array $parameters)
Dynamically handle calls to the class.
mixed
__call(string $method, array $parameters)
Dynamically handle calls to the class.
void
__construct(string $name, UserProvider $provider, Session $session, Request|null $request = null, Timebox|null $timebox = null, bool $rehashOnLogin = true)
Create a new authentication guard.
Authenticatable|null
user()
Get the currently authenticated user.
protected mixed
userFromRecaller(Recaller $recaller)
Pull a user from the repository by its "remember me" cookie token.
protected Recaller|null
recaller()
Get the decrypted recaller cookie for the request.
bool
once(array $credentials = [])
Log a user into the application without sessions or cookies.
Authenticatable|false
onceUsingId(mixed $id)
Log the given user ID into the application without sessions or cookies.
bool
validate(array $credentials = [])
Validate a user's credentials.
Response|null
basic(string $field = 'email', array $extraConditions = [])
Attempt to authenticate using HTTP Basic Auth.
Response|null
onceBasic(string $field = 'email', array $extraConditions = [])
Perform a stateless HTTP Basic login attempt.
protected bool
attemptBasic(Request $request, string $field, array $extraConditions = [])
Attempt to authenticate using basic authentication.
protected array
basicCredentials(Request $request, string $field)
Get the credential array for an HTTP Basic request.
protected void
failedBasicResponse()
Get the response for basic authentication.
bool
attempt(array $credentials = [], bool $remember = false)
Attempt to authenticate a user using the given credentials.
bool
attemptWhen(array $credentials = [], array|callable|null $callbacks = null, bool $remember = false)
Attempt to authenticate a user with credentials and additional callbacks.
protected bool
hasValidCredentials(mixed $user, array $credentials)
Determine if the user matches the credentials.
protected bool
shouldLogin(array|callable|null $callbacks, Authenticatable $user)
Determine if the user should login by executing the given callbacks.
protected void
rehashPasswordIfRequired(Authenticatable $user, array $credentials)
Rehash the user's password if enabled and required.
Authenticatable|false
loginUsingId(mixed $id, bool $remember = false)
Log the given user ID into the application.
void
login(Authenticatable $user, bool $remember = false)
Log a user into the application.
protected void
updateSession(string $id)
Update the session with the given ID.
protected void
ensureRememberTokenIsSet(Authenticatable $user)
Create a new "remember me" token for the user if one doesn't already exist.
protected void
queueRecallerCookie(Authenticatable $user)
Queue the recaller cookie into the cookie jar.
protected Cookie
createRecaller(string $value)
Create a "remember me" cookie for a given ID.
void
logout()
Log the user out of the application.
void
logoutCurrentDevice()
Log the user out of the application on their current device only.
This method does not cycle the "remember" token.
protected void
clearUserDataFromStorage()
Remove the user data from the session and cookies.
protected void
cycleRememberToken(Authenticatable $user)
Refresh the "remember me" token for the user.
Authenticatable|null
logoutOtherDevices(string $password)
Invalidate other sessions for the current user.
The application must be using the AuthenticateSession middleware.
protected Authenticatable|null
rehashUserPasswordForDeviceLogout(string $password)
Rehash the current user's password for logging out other devices via AuthenticateSession.
void
attempting(mixed $callback)
Register an authentication attempt event listener.
protected void
fireAttemptEvent(array $credentials, bool $remember = false)
Fire the attempt event with the arguments.
protected void
fireValidatedEvent(Authenticatable $user)
Fires the validated event if the dispatcher is set.
protected void
fireLoginEvent(Authenticatable $user, bool $remember = false)
Fire the login event if the dispatcher is set.
protected void
fireAuthenticatedEvent(Authenticatable $user)
Fire the authenticated event if the dispatcher is set.
protected void
fireOtherDeviceLogoutEvent(Authenticatable $user)
Fire the other device logout event if the dispatcher is set.
protected void
fireFailedEvent(Authenticatable|null $user, array $credentials)
Fire the failed authentication attempt event with the given arguments.
Authenticatable
getLastAttempted()
Get the last user we attempted to authenticate.
string
getName()
Get a unique identifier for the auth session value.
string
getRecallerName()
Get the name of the cookie used to store the "recaller".
bool
viaRemember()
Determine if the user was authenticated via "remember me" cookie.
protected int
getRememberDuration()
Get the number of minutes the remember me cookie should be valid for.
$this
setRememberDuration(int $minutes)
Set the number of minutes the remember me cookie should be valid for.
QueueingFactory
getCookieJar()
Get the cookie creator instance used by the guard.
void
setCookieJar(QueueingFactory $cookie)
Set the cookie creator instance used by the guard.
Dispatcher
getDispatcher()
Get the event dispatcher instance.
void
setDispatcher(Dispatcher $events)
Set the event dispatcher instance.
Session
getSession()
Get the session store used by the guard.
Authenticatable|null
getUser()
Return the currently cached user.
Request
getRequest()
Get the current request instance.
$this
setRequest(Request $request)
Set the current request instance.
Timebox
getTimebox()
Get the timebox instance used by the guard.