Laravel Auth Cheat Sheet
This cheat sheet provides a concise reference of Laravel's Auth facade methods for user authentication and session handling, as well as Gate-based authorization techniques, including ability definitions, permission checks, policy generation, and controller or middleware integration.
Laravel's Auth facade offers a convenient set of methods for handling user authentication, session management, and credential validation.
Common functions include:
auth();</code>
<code>Auth::check();</code>
<code>Auth::guest();</code>
<code>Auth::guard();</code>
<code>Auth::user();</code>
<code>Auth::id();</code>
<code>Auth::attempt(['email' => $email, 'password' => $password]);</code>
<code>Auth::attempt($credentials, true); // remember me</code>
<code>Auth::attempting($callback);</code>
<code>Auth::once($credentials);</code>
<code>Auth::onceUsingId($id);</code>
<code>Auth::login(User::find(1), $remember = false);</code>
<code>Auth::viaRemember();</code>
<code>Auth::loginUsingId(1, $remember = false);</code>
<code>Auth::logout();</code>
<code>Auth::logoutOtherDevices('password', $attribute = 'password');</code>
<code>Auth::validate($credentials);</code>
<code>Auth::basic('username');</code>
<code>Auth::onceBasic();</code>
<code>Password::remind($credentials, function($message, $user) {});Authorization is managed through Laravel's Gate facade, allowing developers to define abilities and check permissions.
// Define abilities</code>
<code>Gate::define('update-post', 'Class@method');</code>
<code>Gate::define('update-post', function ($user, $post) { ... });</code>
<code>Gate::define('delete-comment', function ($user, $post, $comment) { ... });</code>
<code>Gate::resource('posts', 'App\Policies\PostPolicy');</code>
<code>// Check abilities</code>
<code>Gate::has('update-post');</code>
<code>Gate::allows('update-post', $post);</code>
<code>Gate::denies('update-post', $post);</code>
<code>Gate::check('update-post', $post);</code>
<code>Gate::forUser($user)->allows('update-post', $post);</code>
<code>// Model based checks</code>
<code>User::find(1)->can('update-post', $post);</code>
<code>User::find(1)->cannot('update-post', $post);</code>
<code>User::find(1)->cant('update-post', $post);</code>
<code>// Global callbacks</code>
<code>Gate::before(function ($user, $ability) { ... });</code>
<code>Gate::after(function ($user, $ability, $result, $arguments) { ... });</code>
<code>// Blade directives</code>
<code>@can('update-post', $post)</code>
<code>@endcan</code>
<code>@cannot('update-post', $post)</code>
<code>@endcannot</code>
<code>// Policy generation</code>
<code>php artisan make:policy PostPolicy</code>
<code>php artisan make:policy PostPolicy --model=Post</code>
<code>policy($post)->update($user, $post);</code>
<code>// Controller authorization</code>
<code>$this->authorize('update', $post);</code>
<code>$this->authorizeForUser($user, 'update', $post);</code>
<code>$this->authorizeResource(Post::class, 'post');</code>
<code>// Middleware usage</code>
<code>Route::put('/post/{post}', function (Post $post) { ... })->middleware('can:update,post');</code>
<code>Route::post('/post', function () { ... })->middleware('can:create,App\Post');These snippets serve as a quick reference for developers implementing authentication and authorization features in Laravel applications.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Laravel Tech Community
Specializing in Laravel development, we continuously publish fresh content and grow alongside the elegant, stable Laravel framework.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.