Coding

What’s New in Laravel 5.3? – Changes to the Auth Middleware

  • 00:00:00 hi everyone in many of your applications
  • 00:00:02 you probably need to authenticate some
  • 00:00:04 users and we covered of Education on
  • 00:00:07 this channel quite a lot there with
  • 00:00:10 level 5.3 there were some changes to
  • 00:00:13 authentication and I'm not talking about
  • 00:00:15 passport which was a brand new feature
  • 00:00:17 added to it to create your own ofto
  • 00:00:19 server I'll cover this in some extra
  • 00:00:22 videos now I'm talking about the default
  • 00:00:25 of Education and especially route
  • 00:00:27 protection where we do need to make some
  • 00:00:30 adjustments to make our application work
  • 00:00:32 again which adjustments let's have a
  • 00:00:35 look
  • 00:00:38 actually authentication in level 5.3 saw
  • 00:00:42 quite some enhancements especially with
  • 00:00:44 the introduction of passport which is an
  • 00:00:47 extra package integrated into level
  • 00:00:49 which makes it easy for you to set up
  • 00:00:51 your own Oh off to server which is
  • 00:00:54 especially useful for api-related
  • 00:00:57 authentication for example now I will
  • 00:01:00 have dedicated videos or one video I'll
  • 00:01:03 see how many it will be on password in
  • 00:01:07 one of the next weeks in this video I
  • 00:01:09 want to focus on the changes to the
  • 00:01:12 default normal authentication especially
  • 00:01:15 the change of the middleware we can use
  • 00:01:19 to protect some routes so let's compare
  • 00:01:21 the level 5.2 set up on the right here
  • 00:01:26 with the level 5.3 set up on the left
  • 00:01:29 well one thing we can note notice is
  • 00:01:32 that user model in 5.2 looked like this
  • 00:01:37 user extends of indica table and then
  • 00:01:39 well this is the basic user model we may
  • 00:01:42 use for our own authentication in level
  • 00:01:46 5.3 it looks pretty similar but there's
  • 00:01:49 when you think this is this use
  • 00:01:52 notifiable here now I know the code is
  • 00:01:55 not super big to read here but basically
  • 00:01:58 we do have the same setup of the user
  • 00:02:00 models but this use notifiable here is
  • 00:02:02 new now that's not directly connected to
  • 00:02:05 authentication it's a trait we can use
  • 00:02:09 or we need if we want to use levels
  • 00:02:13 notifications which were also added with
  • 00:02:15 5.3 but about which I'm not going to
  • 00:02:17 talk in this video so that's not really
  • 00:02:20 a change impacting authentication so
  • 00:02:23 from this point of view the user model
  • 00:02:26 did not really change now what did
  • 00:02:29 change is if we go any 5.2 setup in the
  • 00:02:33 HTTP folder and then in middle where we
  • 00:02:36 see the authenticate PHP file here which
  • 00:02:39 is the off malware which you could see
  • 00:02:42 in the kernel PHP file was assigned to
  • 00:02:45 off here now to make this a bit more
  • 00:02:49 readable
  • 00:02:50 I'll act
  • 00:02:51 we expand this over the full window size
  • 00:02:53 so this off Miller here was pointing to
  • 00:02:57 the app HTTP milla where authenticate
  • 00:03:00 file so to dis file here and it was this
  • 00:03:03 off Miller where we could use in our
  • 00:03:05 routes file to basically protect a route
  • 00:03:08 with middleware and then simply off like
  • 00:03:12 this and this would make sure that only
  • 00:03:14 authenticated users were able to visit
  • 00:03:16 this you could of course also use DD
  • 00:03:18 syntax with these square brackets and
  • 00:03:20 I'm protected with the middle aware key
  • 00:03:22 cell that was the 5.2 world and any
  • 00:03:27 authentic a PHP file which in the end
  • 00:03:29 was to malware applied you could control
  • 00:03:32 where you want to redirect a user if
  • 00:03:35 authentication fail so if he was not
  • 00:03:37 authenticated that you then want to
  • 00:03:39 redirect the user to the login screen
  • 00:03:41 for example here as a default setup now
  • 00:03:45 in 5.3 that changed if we have a look at
  • 00:03:48 the HTTP middleware folder we see that
  • 00:03:51 we don't have to authenticate PHP file
  • 00:03:54 anymore if we have a look at the kernel
  • 00:03:56 file we see the off malware is still
  • 00:03:59 there but it's pointing to some malware
  • 00:04:01 deeply integrated into the core
  • 00:04:04 framework so it's not a file we can add
  • 00:04:06 it of course you could edit it but we
  • 00:04:08 shouldn't edit any files in the core
  • 00:04:10 framework instead we have to find some
  • 00:04:13 other way to handle authentication
  • 00:04:15 errors or to handle the case that the
  • 00:04:18 user is trying to access around who is
  • 00:04:20 not allowed to access because maybe we
  • 00:04:23 don't want to use the default way
  • 00:04:25 direction pointing to the login view
  • 00:04:27 here but maybe we want to still change
  • 00:04:30 this now how can we change this if the
  • 00:04:33 file is moved to a place where we
  • 00:04:35 shouldn't edit it the answer can be
  • 00:04:38 found in the exceptions folder now with
  • 00:04:41 the authenticated malware being moved to
  • 00:04:42 the core framework what now happens is
  • 00:04:45 it actually throws an error an exception
  • 00:04:49 whenever we try to access a route will
  • 00:04:52 not allow it to access therefore in the
  • 00:04:55 exceptions file the cat the handler PHP
  • 00:04:57 file and as far as not empty and indeed
  • 00:05:00 it already has this part down here the
  • 00:05:03 of unauthenticated
  • 00:05:04 a function here this function here was
  • 00:05:08 is basically triggered whenever we have
  • 00:05:11 an authenticated exception and such and
  • 00:05:14 such an exception is risen whenever
  • 00:05:17 we're trying to access a route we're not
  • 00:05:19 allowed to do so whenever were using a
  • 00:05:22 route which has the off middleware and
  • 00:05:24 were not authenticated then we get the
  • 00:05:27 unauthenticated middleware but exception
  • 00:05:29 excuse me and we reach this a function
  • 00:05:31 now as you can see this function looks
  • 00:05:34 very similar to the old authenticate
  • 00:05:37 middleware here we are still checking if
  • 00:05:40 we do have adjacent requests in which
  • 00:05:42 case we want to return some JSON
  • 00:05:44 otherwise we want to redirect to the
  • 00:05:46 login view with redirect guest and
  • 00:05:48 that's exactly the same logic we had
  • 00:05:50 here in 5.2 in the authenticate PHP file
  • 00:05:53 so long story short the new place to
  • 00:05:56 edit the behavior letter will should
  • 00:05:59 show when you try to access a route
  • 00:06:01 you're not allowed to access is to be
  • 00:06:04 found here in this handler PHP file in
  • 00:06:06 the unauthenticated function so this is
  • 00:06:09 the place where you make edits if you
  • 00:06:11 want to basically change the behavior
  • 00:06:15 level should use there and that's just a
  • 00:06:18 new way of thinking that you're no
  • 00:06:19 longer editing the file but instead the
  • 00:06:22 exception which is now risen bilateral
  • 00:06:24 that's really all and with that you're
  • 00:06:26 still able to attach the off middleware
  • 00:06:28 to any of the routes you want to protect
  • 00:06:30 and it isn't this file here in 5.3 that
  • 00:06:33 you did that you then decide what you
  • 00:06:35 want to do these are the chord changes I
  • 00:06:38 want to talk about in this video as I
  • 00:06:40 said I will have dedicated videos on
  • 00:06:43 Passport to dive deeper into this so see
  • 00:06:46 you in the other videos bye