Download the PHP package lahaxearnaud/laravel-token without Composer

Laravel token

Table of Contents

• Installation
  • Database
  • Provider
  • Facade
• Usage
  • Create token
  • Crypt token
  • Validate token
  • Route filter
  • Exceptions
  • Events
• Commands
  • Delete expired tokens
  • Truncate the table
• API
  • Security
  • Creation
  • Deletion
  • Validation
  • Find

Installation

Database

Provider

Facade

Usage

Create token

If $allowLogin is set to true the token can be use to authentification via route filter.

Crypt token

If $allowLogin is set to true the token can be use to authentification via route filter.

Validate token

If you crypt your token

If you don't crypt your token:

If you use those functions the token is not burn. It can be use many times.

For one shot usage token:

Route filter

Simple token protection:

Authentification by token:

The token used for an authentification must be a login token, pleaserefer to the token creation section

In order to use the authentification by token your class User need to implements Lahaxearnaud\LaravelToken\Models\UserTokenInterface

The method loggableByToken is called when a user try to authentificate with a token.

If an error occur on token validation a TokenExeption is throw, please go to Exceptions section.

By default you can send your token in parameter or header. The default name of the field is token but you can change it by publishing and change the configuration:

Then change the tokenFieldName config/packages/lahaxearnaud/laravel-token/config.php.

You can get the token instance via:

Exceptions

If you use route filter you need to handle some Exceptions. Add the following error handler in you filter.php to catch them. This is basic example, change the behavior to fit your needs (redirect, log...).

Events

You can listen events:

• Token not found
  • name: token.notFound
  • parameters:
    • the token string
• Token not valid
  • name: token.notValid
  • parameters:
    • the token object
• Token doesn't allow to be used for login
  • name: token.notLoginToken
  • parameters:
    • the token object
• The user can't logged with a token
  • name: token.notLoggableUser
  • parameters:
    • the token object
    • the user object
• Token burn
  • name: token.burned
  • parameters:
    • the token object
• Token created
  • name: token.created
  • parameters:
    • the token object
• Token saved
  • name: token.saved
  • parameters:
    • the token object

Commands

A new artisan command is added to your project in order to help you to clean your token table

### Delete expired tokens
    Without any option the command delete all expired tokens.

### Truncate the table
    If you specified ``--all`` all token will be deleted

API

Security

Crypt a string token in order to get a public token

Uncrypt a public token in order to get the private token

Creation

Create a Token instance (directly saved in database)

If $allowLogin is set to true the token can be use to authentification via route filter.

Deletion

Delete the token

Validation

Fetch the token, check id the token has the good user ID and if it is not expired

Same as isValidToken but uncrypt the token before trying to find him

Only validate if the token is expired

Find

Find the token by ID

Find the token by token string

Find all token for an user

Todo

• config to allow only one token by user and type