Forem: Fouladgar.dev

Authentication with Laravel OTP

Fouladgar.dev — Tue, 01 Mar 2022 12:29:10 +0000

Nowadays most web applications prefer to use OTP(One-Time Password) instead of using username/password which was a classic authentication system to validate users. Because, this way is more secure and in contrast to static passwords, they are not vulnerable to replay attacks.

Maybe you are also worried about implementing a one-time password as a web developer in the Laravel framework.

There are many concerns about that such as :

How can I generate a secure token?
Where should I store generated token?
Is token valid or not? Is token expired or not?
How can I have an integrated and also usable system for different user providers?
etc…

Well, good news! We have just released a package to resolve your concerns. Here you are. This is Laravel OTP package.

Let’s start a practical implementation step by step.

Getting started

First, you should install OTP package via composer:



composer require fouladgar/laravel-otp

Then, publish config/otp.php file by running:



php artisan vendor:publish --provider="Fouladgar\OTP\ServiceProvider" --tag="config"

And Finally migrate the database:



php artisan migrate

Model Preparation

As next step, make sure the user model implement Fouladgar\OTP\Contracts\OTPNotifiable, and also use Fouladgar\OTP\Concerns\HasOTPNotify trait:

SMS Client

There is a default OTPSMSChannel which needs a SMS client for sending generated token to the user mobile phone. So, you should specify your SMS client and implement Fouladgar\OTP\Contracts\SMSClient contract. This contract requires you to implement sendMessage method.

This method will return your SMS service API results via a Fouladgar\OTP\Notifications\Messages\MessagePayload object which contains user mobile and token message:

Next, you should set the client wrapper SampleSMSClient class in config/otp.php file:

It’s almost over…

Setup Routes and Controller

We need some routes to send and validate the token. Let’s make them and implement our controller.

You may add those in the web or api routes. It depends on you want to use OTP as Full Stack or API Back-End. It’s up to you. In this article I prefer use the second way.

Well, open the routes/api.php and put this routes:

And then create a AuthController.php class like this:

Finish. Now, you can call the routes like below:



// send otp request
curl --request POST \
  --url http://localhost/api/send-otp \
  --data '{
 "mobile" : "09389599530"
}'

// validate otp request
curl --request POST \
  --url http://localhost:8585/api/validate-otp \
  --data '{
 "mobile" : "09389599530",
 "token" : "94352"
}'

That’s it.

For more details, please check out the documentation in GitHub:

mohammad-fouladgar / laravel-otp

This package provides convenient methods for sending and validating OTP notifications to users for authentication.

Laravel OTP(One-Time Password)

Introduction

Most web applications need an OTP(one-time password) or secure code to validate their users. This package allows you to send/resend and validate OTP for users authentication with user-friendly methods.

Version Compatibility

Laravel	Laravel-OTP
11.0.x	4.2.x
10.0.x	4.0.x
9.0.x	3.0.x
6.0.x to 8.0.x	1.0.x

Basic Usage:

<?php
/*
|--------------------------------------------------------------------------
| Send OTP via SMS.
|--------------------------------------------------------------------------
*/
OTP()->send('+98900000000'); 
// Or
OTP('+98900000000');

/*
|--------------------------------------------------------------------------
| Send OTP via channels.
|--------------------------------------------------------------------------
*/
OTP()->channel(['otp_sms', 'mail', \App\Channels\CustomSMSChannel::class])
     ->send('+98900000000');
// Or
OTP('+98900000000', ['otp_sms', 'mail', \App\Channels\CustomSMSChannel::class]);

/*
|--------------------------------------------------------------------------
| Send OTP for specific user provider
|--------------------------------------------------------------------------
*/
OTP()->useProvider('

…

View on GitHub

Hope to useful this package. I’m waiting your opinions and comments.

Thank you for sharing your valuable time with me.

Laravel Mobile Verification

Fouladgar.dev — Sat, 01 Feb 2020 12:19:37 +0000

Many web applications require users to verify their mobile numbers before using the application. Rather than forcing you to re-implement this on each application, ‘Laravel Mobile Verification’ is a package that provides convenient methods and features for send, verify and resend verification codes.

Basic Setup

In the beginning, verify that your User model implements the MustVerifyMobile interface and use respected trait:

Next, you should specify your SMS service which any service (i.e. Nexmo, Twilio) are applicable. For sending SMS notifications via this package, you need to implement the SMSClient interface. This interface requires you to implement sendMessage method and this method will return your SMS service API result via a Payload object which contains user mobile number and token message:

In order to set your SMS Client, you should publish the mobile_verifier.php config file with:

php artisan vendor:publish --provider="Fouladgar\MobileVerification\ServiceProvider" --tag="config"

And set your client class:

Usage

Here is how you can send a verification token after user registration:

Verify

You should send token message of an authenticated user to this route /auth/mobile/verify:

curl -X POST \
      http://example.com/auth/mobile/verify \
      -H 'Accept: application/json' \
      -H 'Authorization: YOUR_JWT_TOKEN' \
      -F token=YOUR_VERIFICATION_TOKEN

Resend

If you need to resend a verification token message, you can use this route /auth/mobile/resend for an authenticated user:

curl -X POST \
      http://example.com/auth/mobile/resend \
      -H 'Accept: application/json' \
      -H 'Authorization: YOUR_JWT_TOKEN'

For more details, please check out the documentation:

mohammad-fouladgar / laravel-mobile-verification

This package provides convenient methods for sending and verifying mobile verification requests.

Laravel Mobile Verification

Introduction

Many web applications require users to verify their mobile numbers before using the application. Rather than forcing you to re-implement this on each application, this package provides convenient methods for sending and verifying mobile verification requests.

Installation

You can install the package via composer:

composer require fouladgar/laravel-mobile-verification

Laravel 5.5 uses Package Auto-Discovery, so you are not required to add ServiceProvider manually.

Laravel <= 5.4.x

If you don't use Auto-Discovery, add the ServiceProvider to the providers array in config/app.php file

'providers' => [
  /*
   * Package Service Providers...
   */
  Fouladgar\MobileVerification\ServiceProvider::class,
],

Configuration

To get started, you should publish the config/mobile_verification.php config file with:

php artisan vendor:publish --provider="Fouladgar\MobileVerification\ServiceProvider" --tag="config"

If you’re using another table name for users table or different column name for mobile or even mobile_verification_tokens table, you can customize their values in config file:

// config/mobile_verification.php
<?php
return

…

View on GitHub

Laravel Eloquent Filter (All in one)

Fouladgar.dev — Wed, 01 Jan 2020 08:48:14 +0000

Have you ever stuck in a situation which a lot of parameters should be send to your API? and you must create tons of queries based on them? If your answer is yes, do not stop reading!

First of all, if you haven’t read This article about Eloquent filters before, I strongly advise you to take a look at it. In the mentioned article you will learn how to make advance query filters for your Eloquent model.

Also, You may need a secure filter. Secure filters will authorize the user for applying a given filter, which you can find the related article here.

Now, what if your Laravel project is not following default directory structure?

Define Filters Per Domain/Module

In a small Laravel project, you can use the default architecture (MVC) and its respective directory structure as below:

.
├── app
│   ├── Console
├── EloquentFilters // Default directory for filters
│   └── Product
│       ├── PriceMoreThanFilter.php
│   └── User
│       ├── AgeMoreThanFilter.php
│       └── GenderFilter.php
└── Exceptions
│   ├── Http
│   │   ├── Controllers
│   │   ├── Middleware
│   │   └── Requests
│   └── Providers
├── bootstrap
├── config
├── database
├── public
├── resources
├── routes
├── storage

And you can using EloquentBuilder like this:

But when your project grows by the time, the default structure is not enough. Eventually, this problem leads you to use a different architecture (i.e. Domain-Driven-Desgin, HMVC, …) or modifying current one. Therefore changing the directory structure in inevitable. Take a look at this one:

.
├── app
├── bootstrap
├── config
├── database
├── Domains
│   ├── Product
│   │   ├── database
│   │   │   └── migrations
│   │   ├── src
│   │       ├── Filters //Custom directory for Product model filters
│   │       │   └── PriceMoreThanFilter.php
│   │       ├── Entities
│   │       ├── Http
│   │          └── Controllers
│   │       ├── routes
│   │       └── Services
│   ├── User
│   │   ├── database
│   │   │   └── migrations
│   │   ├── src
│   │       ├── Filters //Custom directory for User model filters
│   │       │   └── AgeMoreThanFilter.php
│   │       ├── Entities
│   │       ├── Http
│   │          └── Controllers
│   │       ├── routes
│   │       └── Services
...

In this week, EloquentBuilder v2.0 has been released. In this version a new setFilterNamespace method added to the package to let you create custom filters “per domain/module” by setting filters namespace of the fly.

Now we can use filters for each model as below:

Conclusion

Dealing with API incoming parameters is a tedious job, so getting help from a black box package helps you to handle them without any concern and complexity. Furthermore, now there is a possibility to use this advantage in larger projects with different structures.

Special thanks to 50bhan for this awesome PR:

Add domain/module support #53

50bhan posted on Dec 29, 2019

With this feature, now we can how multiple filters in multiple directories to support domain/module directory structure. For detailed information, please read the documentation (customize-per-domain/module section).

This PR will closed issue #51

View on GitHub

Laravel: Making secure filters for Eloquent Models

Fouladgar.dev — Mon, 22 Jul 2019 15:15:40 +0000

Introduction

In the previous post, I introduced a package that allowed you to filter for your Eloquent models in Laravel.As you can see here.

The latest version of this package is available in Github repository: v1.0.1

As I explained earlier,you may need to filter a model in your project like User model.For example, filtering users based on gender, age, online / offline status and etc... .

Now, you may check if the authenticated user actually has the authority to apply a given filter. For example, you may determine if a user has a premium account or is admin, can apply the StatusFilter to get listing the online or offline people.

Let's have a practical example below for a better understanding.

Setup EloquentBuilder package

In the first, if you have not Laravel,run below command:

$ composer create-project --prefer-dist laravel/laravel authorize-filter

Now go to root of the your application and install EloquentBuilder:

$ cd authorize-filter
$ composer require mohammad-fouladgar/eloquent-builder

Now, you should create a new directory in the ‍‍app directory as EloquentFilters.This directory is the storage place of the model filters.

Create Route and Controller

In this step, we need to create a Route for users listing.So open your routes/web.php file and add following route:

Route::get('users', 'UserController@index');

Then,you should create a controller named UserController:

Now you can open bellow url on your browser:

http://localhost:8000/users

If you running this URL, users listing will be returned.
In the next step, we will implement the gender and status filters.

Gender Filter

At this point, we want to filter users based on gender.
First of all, you should create a new directory as User inside EloquentFilters.This directory contains user model filters.
Next, create a new file named GenderFilter.php:

app/EloquentFilters/User/GenderFilter.php

after creating above filter, open your browser and run this url for apply filter on your query:

http://localhost:8000/users?filter[gender]=male

By running this url,users are listed who have the gender as male.

StatusFilter

This filter has a authorize method.within method we want to check if a user has a premium account, can apply the StatusFilter to get listing the online or offline people.

Take a look at the following filter:

app/EloquentFilters/User/StatusFilter.php

For apply the above filter,in browser open the below url:

http://localhost:8000/users?filter[gender]=male&filter[status]=online

For see more details click here please.

Conclusion

In this article, we learned how to use the EloquentBuilder package in the Laravel framework.

Also learned:

How to make a filter for a model
How to apply filters on query builder
How to check the authorization to apply a given filter

And finally having a clean code, readable and extensible.

I hope this article will be of interest to you. I'm glad to have your valuable comments.

Good luck...

Making the advanced search query with Eloquent-Builder in Laravel

Fouladgar.dev — Wed, 05 Sep 2018 09:39:04 +0000

We needed an advanced search system in the recent project. This system included many filters that required a flexible and scalable search system.
I decided to implement a package for this system that you can see it in the GitHub and use it in your project.

What's the problem?

The problem is that you will encounter with a set of filters that you must check for a lot of conditions to add to the query.

Writing a lot of terms will surely reduce the readability of your code and slow down the development process.

Also, you can only use the filters and terms in the same scope and they will not be reusable.

But the Solution

You must Refactor your code!

To solve this problem, you need to Refactor your code by replacing many of your conditionals with Polymorphism.

Click here to learn more about this design pattern.

Practical Example:

Suppose we want to get the list of the users with the requested parameters as follows:

http://dev.to/api/users/search?age_more_than=25&gender=male&has_published_post=true

The Requested parameter will be as follows:

[ 
  'age_more_than' => '25',
  'gender' => 'male',
  'has_published_post' => 'true',
]

In a common implementation, following code will be expected:

We check out a condition for each request parameter.

In the future, we will have more parameters that should be checked and applied in the code above that causes us to have a dirty code.

Use the Eloquent-Builder

After installing the package presented,change your code as follows:

You just send the model and parameters to ‘to’ method.Then, you need to define the filter for each parameter that you want to add to the query.

So easy!

Defining a filter

For example, I’ll implement one of the above example filters. Follow the example below:

For more details check out the GitHub repository.

mohammad-fouladgar / eloquent-builder

This package provides an advanced filter for Laravel model based on incoming requets.

Provides a Eloquent query builder for Laravel

This package allows you to build eloquent queries, based on incoming request parameters. It greatly reduces the complexity of the queries and conditions, which will make your code clean and maintainable.

Version Compatibility

Laravel	EloquentBuilder
11.0.x to 12.0.x	5.x.x
10.0.x	4.2.x
9.0.x	4.0.x
6.0.x to 8.0.x	3.0.x
5.0.x	2.2.2

Basic Usage

Suppose you want to get the list of the users with the requested parameters as follows:

//Get api/user/search?age_more_than=25&gender=male&has_published_post=true
[
    'age_more_than'  => '25',
    'gender'         => 'male',
    'has_published_post' => true,
]

In a common implementation, following code will be expected:

<?php
namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\Request;

class UserController extends Controller
{
    public function index(Request $request)
    {
        $users = User::where

…

View on GitHub

Good luck and thank you for sharing your valuable time with me.

Happy Coding!