在某些情况下,我试图阻止用户登录。
我的想法是在使用Laravel的Auth系统后执行一些附加检查。 至于登录/注册和恢复密码系统,一切正常。但是我似乎无法注销用户并在登录页面上显示自定义错误。
我要做的就是在确认用户是否被暂停之后,在“电子邮件地址”字段下显示一条自定义的“您的帐户已被暂停”消息。
我的代码(HomeController)以及我的一些解决方案:
public function index(Request $request)
{
// After Laravel logs the user through its authentication system
$user = Auth::user();
if (!isset($user)) {
return redirect('/');
} else {
// we perform some checks of our own
if ($user->suspended != 0) { // suspended by an administrator
$error = trans('errors_login.SUSPENDED_BY_ADMIN');
// return redirect()->route('logout', array('error_msg' => $error));
// return redirect()->route('logout')->withErrors('email','There was an error'); // trying to replace the "email" error
Auth::logout();
$error = ['loginError'=> trans('errors_login.SUSPENDED_BY_ADMIN')];
return view('auth.login', $error);
}
}
...
仅说明“登出”路线是什么:
Route::get('/logout', '\App\Http\Controllers\Auth\LoginController@logout');
我正在使用Laravel生成的登录视图:
...
<div class="form-group row">
<label for="email" class="col-md-4 col-form-label text-md-right">E-Mail Address</label>
<div class="col-md-6">
<input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" name="email" value="{{ old('email') }}" required autofocus>
@if ($errors->has('email'))
<span class="invalid-feedback" role="alert">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
似乎没有任何效果。 我对Laravel还是很陌生,所以我一定想念一些东西。
谢谢。
答案 0 :(得分:2)
Laravel的默认登录控制器(App\Http\Controller\Auth\LoginController
)在后台使用称为AuthenticatesUsers
的特征。
因此,每当用户通过身份验证时,它都会在返回登录响应之前调用authenticated()
方法,这意味着您可能可以执行以下操作。
在App\Http\Controller\Auth\LoginController
中添加一个新的authenticated()
方法,该方法将覆盖AuthenticatesUsers::authenticated()
。
protected function authenticated(Request $request, $user)
{
if ($user->suspended) {
Auth::logout();
return back()
->with('loginError', trans('errors_login.SUSPENDED_BY_ADMIN'));
}
return redirect()->intended($this->redirectPath());
}
答案 1 :(得分:0)
我也是用这个做的:
protected function sendFailedLoginResponse(Request $request)//this will get triggered if the method above (attemptLogin(Request $request)) returns false.
{
$credentials = [
'email' => $request['email'],
'password' => $request['password'],
];
$valid = Auth::attempt($credentials);
if ($valid == false) { //if user credentials are incorrect
$errors = [$this->username() => trans('auth.failed')];
Auth::logout();
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors($errors);
} else { // //if user credentials are correct check additional conditions
$user = User::where('email', $request->input('email'))->first();
if ($user->locked == 1) {
$errors = [$this->username() => trans('auth.locked')];
Auth::logout();
throw ValidationException::withMessages([
$this->username() => [trans('auth.locked')],
]);
} else {
$errors = [$this->username() => trans('auth.notactivated')];
Auth::logout();
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors($errors);
}
}
}
不确定是否足够好,但它也有效。