在laravel 5.1中,我试图修改我的登录过程,要求用户在登录之前确认他们的电子邮件。我有确认电子邮件的过程,但我在哪里检查登录尝试以验证email_confirmed是真的?
我的登录路径是这样的:
Route::post('login', [
'as' => 'login',
'uses' => 'AuthAuthController@postLogin'
]);
但是登录函数不在authcontroller中,它通过特性AuthenticatesAndRegistersUsers连接到authcontroller;它基本上包含了AuthenticatesUsers特性,该特性实际上包含getLogin和postLogin函数。
这已经深入到框架文件中了,所以我不应该再搞那些了。此外,如果我更新laravel,我放在那里的任何东西都可能被覆盖。
那么,当用户试图登录时,只有在确认了自己的电子邮件地址后才允许登录,我可以把支票放在哪里呢?也许在中间件/Authenticate.php中(只是猜测…)
我研究了这个问题:如何更改内置的Laravel 5身份验证系统?它说你可以通过将postLogin函数复制到authController中来覆盖它,但如果我这样做的话,我仍然看不出我在哪里检查user->email_confirmed是否为true。
以下是laravel的postLogin默认值:
/**
* Handle a login request to the application.
*
* @param IlluminateHttpRequest $request
* @return IlluminateHttpResponse
*/
public function postLogin(Request $request)
{
$this->validate($request, [
$this->loginUsername() => 'required', 'password' => 'required',
]);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
$throttles = $this->isUsingThrottlesLoginsTrait();
if ($throttles && $this->hasTooManyLoginAttempts($request)) {
return $this->sendLockoutResponse($request);
}
$credentials = $this->getCredentials($request);
if (Auth::attempt($credentials, $request->has('remember'))) {
return $this->handleUserWasAuthenticated($request, $throttles);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
if ($throttles) {
$this->incrementLoginAttempts($request);
}
return redirect($this->loginPath())
->withInput($request->only($this->loginUsername(), 'remember'))
->withErrors([
$this->loginUsername() => $this->getFailedLoginMessage(),
]);
}
好吧,下面是我所做的:将上述postLogin函数复制到AuthController添加了使用Illuminate\Support \ Facades\Auth;
替换:
if (Auth::attempt($credentials, $request->has('remember'))) {
return $this->handleUserWasAuthenticated($request, $throttles);
}
带有:
if (Auth::attempt(['email' => $credentials['email'], 'password'=>$credentials['password'],
'disabled_at' => null, 'email_confirmed' => true], $request->has('remember'))) {
return $this->handleUserWasAuthenticated($request, $throttles);
}
现在,这将检查电子邮件是否已确认,并且作为身份验证的一部分,用户是否未被禁用。