Question 15886 in Laravel Question posted in
The official Laravel Documentation can be found here.

disable login from inactive user using Laravel Breeze

I want to disable inactive user from login, and logout the user if already logged in,
using breeze pack:
breeze pack

i"m having a boolean column: "active"
in users table.

i understand that i should edit
appHttpRequestsAuthLoginRequest.php

i understand that i should edit the current code:

public function authenticate(): void
    {
        $this->ensureIsNotRateLimited();

        if (! Auth::attempt($this->only('email', 'password'), $this->boolean('remember'))) {
            RateLimiter::hit($this->throttleKey());

            throw ValidationException::withMessages([
                'email' => trans('auth.failed'),
            ]);
        }

        RateLimiter::clear($this->throttleKey());
    }

1.What and how should i edit that (or other) code ?

2.Is it possible to show a message "only active users allowed to login" to inactive user, without make it complecated ?

Tags:

2

Answers


  1. 0

    To disable inactive users from logging in, you need to add a condition in the code to check the active status of the user, and to show a message to inactive users, you can add another condition and throw a custom exception with a message.

    public function authenticate(): void
{
$this->ensureIsNotRateLimited();

    $credentials = $this->only('email', 'password');
    $user = User::where('email', $credentials['email'])->first();
    if (!$user) {
        RateLimiter::hit($this->throttleKey());

        throw ValidationException::withMessages([
            'email' => trans('auth.failed'),
        ]);
    }
    if (!$user->active) {
        throw ValidationException::withMessages([
            'email' => 'Only active users are allowed to login',
        ]);
    }
    if (! Auth::attempt($credentials, $this->boolean('remember'))) {
        RateLimiter::hit($this->throttleKey());

        throw ValidationException::withMessages([
            'email' => trans('auth.failed'),
        ]);
    }

    RateLimiter::clear($this->throttleKey());
}
    Login or Signup to reply.
  2. 0

    For this I would turn to registering global middleware that can be checked on each route. You can generate middleware via the php artisan make:middleware YourMiddlewareName command.

    Within the generated middleware file:

    public function handle(Request $request, Closure $next)
{
    if (Auth::check()) {
        $user = Auth::user();
        if ($user->active === 0) {
            //Log them out
            //Redirect them somewhere with a message
        }
    }

    return $next($request);
}

    In this code we can see that we first check that there is a user logged in, then checking if that logged in user is active. From there you can do whatever steps you need to take.

    The problem with performing this action within the login request is that the user would not be affected until they log in again. Registering global middleware will make this fire on every request they make.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search