Laravel Authentication and Authorisation Flashcards
(25 cards)
What is authentication in Laravel?
Authentication verifies a user’s identity, typically via login credentials.
In Laravel, authentication manages user logins, like WordPress’s wp_login(). It ensures only valid users access protected resources. Freelancers implement login systems for client apps, while enterprise architects integrate with enterprise identity systems, aligning with your WordPress security experience.
What is authorization in Laravel?
Authorization determines what an authenticated user can do, like accessing specific routes.
Similar to WordPress’s current_user_can(), authorization checks permissions. Laravel uses gates and policies for fine-grained control. Freelancers restrict user actions, while enterprise architects enforce role-based access, per your PHP security deck.
What is Laravel Breeze?
Laravel Breeze is a starter kit for authentication, installed with composer require laravel/breeze –dev and php artisan breeze:install.
Breeze provides login, registration, and password reset views, like WordPress’s login page. Freelancers use Breeze for quick setups, while enterprise architects customize it, per your Laravel Fundamentals knowledge.
How do you install Laravel Breeze?
Run composer require laravel/breeze –dev, then php artisan breeze:install and npm install && npm run dev.
Sets up authentication scaffolding. It’s like adding a WordPress login plugin. Freelancers configure Breeze, while enterprise architects integrate with custom auth systems, per your Composer experience.
What is Laravel’s Auth facade?
The Auth facade manages authentication, like Auth::login($user) or Auth::user().
Similar to WordPress’s wp_get_current_user(), it handles user sessions. Freelancers use Auth for login logic, while enterprise architects secure session management, per your WordPress authentication knowledge.
How do you log in a user in Laravel?
Use Auth::login($user);, like Auth::login(User::find(1));.
Authenticates a user, like WordPress’s wp_set_current_user(). Freelancers implement login forms, while enterprise architects ensure secure authentication, per your PHP session management skills.
How do you log out a user in Laravel?
Use Auth::logout();, typically in a controller method.
Ends a user session, like WordPress’s wp_logout(). Freelancers add logout routes, while enterprise architects clear session data securely, per your security deck.
How do you check if a user is authenticated in Laravel?
Use Auth::check();, which returns true if logged in.
Like WordPress’s is_user_logged_in(). Freelancers restrict access, while enterprise architects use it in middleware, per your Routing and Middleware deck.
How do you retrieve the authenticated user?
Use Auth::user();, like $user = Auth::user();.
Returns the current user, like WordPress’s get_current_user(). Freelancers display user data, while enterprise architects validate user state, per your Controllers and Requests deck.
What is the auth middleware in Laravel?
The auth middleware restricts routes to authenticated users, like Route::get(‘/dashboard’, [DashboardController::class, ‘index’])->middleware(‘auth’).
Like WordPress’s admin access checks, it redirects unauthenticated users. Freelancers secure routes, while enterprise architects apply it globally, per your middleware knowledge.
What is the guest middleware in Laravel?
The guest middleware restricts routes to unauthenticated users, like Route::get(‘/login’, [AuthController::class, ‘showLoginForm’])->middleware(‘guest’).
Like WordPress’s login page access, it prevents logged-in users from accessing guest routes. Freelancers manage guest flows, while enterprise architects ensure redirection logic.
How do you hash passwords in Laravel?
Use bcrypt(), like $password = bcrypt(‘secret’);, or Hash::make().
Secures passwords, like WordPress’s wp_hash_password(). Freelancers hash during registration, while enterprise architects use strong algorithms, per your PHP security deck.
How do you verify a password in Laravel?
Use Hash::check(), like if (Hash::check(‘secret’, $user->password)) { /* valid */ }.
Validates login attempts, like WordPress’s wp_check_password(). Freelancers verify credentials, while enterprise architects secure validation, per your security experience.
What is Laravel’s password reset feature?
Laravel’s password reset sends reset links via email, configured with php artisan make:auth or Breeze.
Like WordPress’s password reset, it uses tokens. Freelancers set up reset flows, while enterprise architects customize email delivery, per your PHP core concepts.
How do you protect routes with CSRF in Laravel?
Use the @csrf directive in Blade forms, like <form> @csrf <input></input> </form>.
Prevents CSRF, like WordPress’s nonces (wp_nonce_field()). Freelancers add CSRF tokens, while enterprise architects enforce protection, per your WordPress security deck.
What is a gate in Laravel?
A gate defines authorization logic, like Gate::define(‘edit-post’, function($user, $post) { return $user->id === $post->user_id; });.
Like WordPress’s current_user_can(), gates check permissions. Freelancers restrict actions, while enterprise architects define complex gates, per your authorization needs.
How do you use a gate in Laravel?
Use Gate::allows(), like if (Gate::allows(‘edit-post’, $post)) { /* proceed */ }.
Authorizes actions, like WordPress’s capability checks. Freelancers apply gates, while enterprise architects integrate with policies, per your PHP security deck.
What is a policy in Laravel?
A policy is a class that groups authorization logic, created with php artisan make:policy PostPolicy.
Like WordPress’s role-based permissions, policies organize rules (e.g., update()). Freelancers create policies, while enterprise architects standardize authorization, per your OOP skills.
How do you register a policy in Laravel?
Map models to policies in AuthServiceProvider, like $policies = [Post::class => PostPolicy::class].
Links authorization, like WordPress’s role capabilities. Freelancers register policies, while enterprise architects manage policy mappings, per your Laravel Fundamentals.
How do you use a policy in a controller?
Use authorize(), like $this->authorize(‘update’, $post);
Checks permissions, like WordPress’s user_can(). Throws an exception if unauthorized. Freelancers secure actions, while enterprise architects handle exceptions, per your Controllers and Requests deck.
Question: What is the can middleware in Laravel?
The can middleware restricts routes by authorization, like Route::get(‘/edit’, [PostController::class, ‘edit’])->middleware(‘can:edit,post’).
Like WordPress’s capability checks, it enforces permissions. Freelancers protect routes, while enterprise architects apply fine-grained access, per your middleware knowledge.
How do you implement two-factor authentication (2FA) in Laravel?
Use packages like laravel/fortify with 2FA or custom middleware for OTP verification.
Enhances security, like WordPress’s 2FA plugins. Freelancers add 2FA, while enterprise architects integrate with enterprise 2FA systems, per your security deck.
What is Laravel’s attempt() method?
The attempt() method logs in a user if credentials match, like Auth::attempt([‘email’ => $email, ‘password’ => $password]).
Validates logins, like WordPress’s wp_authenticate(). Freelancers use it for login forms, while enterprise architects secure attempts.
How do you customize Laravel’s authentication guard?
efine a custom guard in config/auth.php, like guards => [‘api’ => [‘driver’ => ‘token’]].
Like WordPress’s custom user roles, it supports alternative auth. Freelancers customize guards, while enterprise architects integrate with APIs, per your API deck.
