SessionGuard
class SessionGuard implements StatefulGuard, SupportsBasicAuth (View source)
Traits
These methods are typically the same across all guards.
Properties
| protected Authenticatable|null | $user | The currently authenticated user. |
from GuardHelpers |
| protected UserProvider | $provider | The user provider implementation. |
from GuardHelpers |
| static protected array | $macros | The registered string macros. |
from Macroable |
| string | $name | The name of the guard. Typically "web". |
|
| protected Authenticatable | $lastAttempted | The user we last attempted to retrieve. |
|
| protected bool | $viaRemember | Indicates if the user was authenticated via a recaller cookie. |
|
| protected int | $rememberDuration | The number of minutes that the "remember me" cookie should be valid for. |
|
| protected Session | $session | The session used by the guard. |
|
| protected QueueingFactory | $cookie | The Illuminate cookie creator service. |
|
| protected Request | $request | The request instance. |
|
| protected Dispatcher | $events | The event dispatcher instance. |
|
| protected Timebox | $timebox | The timebox instance. |
|
| protected bool | $rehashOnLogin | Indicates if passwords should be rehashed on login if needed. |
|
| protected bool | $loggedOut | Indicates if the logout method has been called. |
|
| protected bool | $recallAttempted | Indicates if a token user retrieval has been attempted. |
Methods
Determine if the current user is authenticated. If not, throw an exception.
Get the ID for the currently authenticated user.
Mix another object into the class.
Dynamically handle calls to the class.
Dynamically handle calls to the class.
Create a new authentication guard.
Get the currently authenticated user.
Pull a user from the repository by its "remember me" cookie token.
Log a user into the application without sessions or cookies.
Log the given user ID into the application without sessions or cookies.
Validate a user's credentials.
Attempt to authenticate using HTTP Basic Auth.
Perform a stateless HTTP Basic login attempt.
Attempt to authenticate using basic authentication.
Get the credential array for an HTTP Basic request.
Get the response for basic authentication.
Attempt to authenticate a user using the given credentials.
Attempt to authenticate a user with credentials and additional callbacks.
Determine if the user matches the credentials.
Determine if the user should login by executing the given callbacks.
Rehash the user's password if enabled and required.
Log the given user ID into the application.
Update the session with the given ID.
Create a new "remember me" token for the user if one doesn't already exist.
Create a "remember me" cookie for a given ID.
Log the user out of the application.
Log the user out of the application on their current device only.
Remove the user data from the session and cookies.
Invalidate other sessions for the current user.
Rehash the current user's password for logging out other devices via AuthenticateSession.
Register an authentication attempt event listener.
Fire the attempt event with the arguments.
Fire the login event if the dispatcher is set.
Fire the authenticated event if the dispatcher is set.
Fire the other device logout event if the dispatcher is set.
Fire the failed authentication attempt event with the given arguments.
Get the last user we attempted to authenticate.
Get a unique identifier for the auth session value.
Get the name of the cookie used to store the "recaller".
Determine if the user was authenticated via "remember me" cookie.
Get the number of minutes the remember me cookie should be valid for.
Set the number of minutes the remember me cookie should be valid for.
Get the cookie creator instance used by the guard.
Get the event dispatcher instance.
Get the session store used by the guard.
Return the currently cached user.
Get the current request instance.
Set the current request instance.
Get the timebox instance used by the guard.
Details
Authenticatable
authenticate()
Determine if the current user is authenticated. If not, throw an exception.
__construct(string $name, UserProvider $provider, Session $session, Request|null $request = null, Timebox|null $timebox = null, bool $rehashOnLogin = true)
Create a new authentication guard.
protected mixed
userFromRecaller(Recaller $recaller)
Pull a user from the repository by its "remember me" cookie token.
Authenticatable|false
onceUsingId(mixed $id)
Log the given user ID into the application without sessions or cookies.
Response|null
basic(string $field = 'email', array $extraConditions = [])
Attempt to authenticate using HTTP Basic Auth.
Response|null
onceBasic(string $field = 'email', array $extraConditions = [])
Perform a stateless HTTP Basic login attempt.
protected bool
attemptBasic(Request $request, string $field, array $extraConditions = [])
Attempt to authenticate using basic authentication.
protected array
basicCredentials(Request $request, string $field)
Get the credential array for an HTTP Basic request.
bool
attempt(array $credentials = [], bool $remember = false)
Attempt to authenticate a user using the given credentials.
bool
attemptWhen(array $credentials = [], array|callable|null $callbacks = null, bool $remember = false)
Attempt to authenticate a user with credentials and additional callbacks.
protected bool
hasValidCredentials(mixed $user, array $credentials)
Determine if the user matches the credentials.
protected bool
shouldLogin(array|callable|null $callbacks, Authenticatable $user)
Determine if the user should login by executing the given callbacks.
protected void
rehashPasswordIfRequired(Authenticatable $user, array $credentials)
Rehash the user's password if enabled and required.
Authenticatable|false
loginUsingId(mixed $id, bool $remember = false)
Log the given user ID into the application.
protected void
ensureRememberTokenIsSet(Authenticatable $user)
Create a new "remember me" token for the user if one doesn't already exist.
protected void
queueRecallerCookie(Authenticatable $user)
Queue the recaller cookie into the cookie jar.
void
logoutCurrentDevice()
Log the user out of the application on their current device only.
This method does not cycle the "remember" token.
protected void
cycleRememberToken(Authenticatable $user)
Refresh the "remember me" token for the user.
Authenticatable|null
logoutOtherDevices(string $password)
Invalidate other sessions for the current user.
The application must be using the AuthenticateSession middleware.
protected Authenticatable|null
rehashUserPasswordForDeviceLogout(string $password)
Rehash the current user's password for logging out other devices via AuthenticateSession.
protected void
fireAttemptEvent(array $credentials, bool $remember = false)
Fire the attempt event with the arguments.
protected void
fireValidatedEvent(Authenticatable $user)
Fires the validated event if the dispatcher is set.
protected void
fireLoginEvent(Authenticatable $user, bool $remember = false)
Fire the login event if the dispatcher is set.
protected void
fireAuthenticatedEvent(Authenticatable $user)
Fire the authenticated event if the dispatcher is set.
protected void
fireOtherDeviceLogoutEvent(Authenticatable $user)
Fire the other device logout event if the dispatcher is set.
protected void
fireFailedEvent(Authenticatable|null $user, array $credentials)
Fire the failed authentication attempt event with the given arguments.
protected int
getRememberDuration()
Get the number of minutes the remember me cookie should be valid for.
$this
setRememberDuration(int $minutes)
Set the number of minutes the remember me cookie should be valid for.