Download the PHP package wefabric/token-login without Composer
On this page you can find all versions of the php package wefabric/token-login. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download wefabric/token-login
More information about wefabric/token-login
Files in wefabric/token-login
Package token-login
Short Description Laravel package to login users by unique tokens
License MIT
Informations about the package token-login
Laravel Token Login
Allows to login an user by an unique token.
Security Concerns: Using tokens for login is a security concern because it’s the equivalent of storing a password in plain text.
Table of Contents
- Background
- Install
- Usage
- Concerns
- Token creation
- Login
- Refresh tokens
- Delete expired tokens
- Delete all tokens
- Exclude users
- Helper
- Contributing
- License
Background
For private and closed applications we created this package to allow users to quickly sign in. For example: We provide updates to users by mail, in this mail we provide a one click login url (with an unique token for each user). The user doesn't have to fill in the login credentials and can quickly see it's private data.
Install
This project uses Laravel 7+ and requires PHP 7.4 as minimum version.
Publish the config and migration:
Check the configuration (config/token-login.php). By the default the token and expiration will be setup for the default User model. To use it with a custom model change the configuration accordingly. When you are all setup. Run the migration
Usage
This package adds commands to manage the tokens. By default configuration the user table will contain two new fields ('login_token' and 'login_token_expires_at').
Concerns
Add the following traits to the user model.
Token creation
After the traits are added, you need to run the following command to generate the tokens and expiration dates.
Login
When the tokens are created, it is possible to login by the token. The package adds the route /users/token-login by default (to change it, change the 'login_path' variable in the config/token-login.php file). You can do a GET and POST request to login, like the following:
When the token is correct and not expired. The user will be redirected to the default redirect path (see config/token-login.php). You can also specify a redirect as parameter.
https://site.test/users/token-login?token={TOKEN}&redirect=https://site.test/my-redirect
Refresh tokens
The token expires after a certain period. To refresh the tokens, you can use the following command.
This will refresh all expired tokens.
Use this command in your scheduler. For example, let it run every five minutes.
Delete expired tokens
To delete all expired tokens run the following command
Delete all tokens
To delete all tokens run the following command
Exclude users
To exclude users from the token generation, change the following in the config (config/token-login.php)
Helper
There is a helper available for using this package.
To check if the token login is enabled:
To retrieve the login url for a specific model:
Maintainers
Contributing
Feel free to dive in! Open an issue or submit PRs.
Contributors
- Leo Flapper
- All Contributors
License
MIT © Wefabric