How to run custom code after authentication in Laravel Fortify?

2
votes

I am using Laravel 8 with Fortify. Users on my site can make actions that create database records before logging in, associated by their session ID. Once they log in or register, I need to find the records by session ID and assign their user ID instead.

Being a newbie to Laravel, I don't know (and can't find any other relevant questions relating to Fortify) where to place the code to do this. Please can someone point me in the right direction?

1
laravellaravel-8laravel-fortify
what have you done so far?Wahyu Kristianto
I've installed Fortify and got the registration and login processes workingb4tch

1 Answers

2
votes
  1. Use built-in Laravel authentications events

You could use the built-in laravel authentication events, and hook on the login or register one to do your own business. So you would need:

  • create a new Event listener for the Illuminate\Auth\Events\Registered or Illuminate\Auth\Events\Login event. This listener will handle your customs business. The Login event already sets the user as a parameter so it'll be available in your Listener. enter image description here
  • edit your EventServiceProvider to add your new listener configuration as per documentation
  • you then need your Session ID. If you cannot easily override the default Login event to add your custom parameter, you may need to create your own event for your listener. As it's not recommended to use Session or Request helpers from an event listener (see my notes below) (edited line after some research)
  • run composer dump-autoload && PHP artisan clear-compiled

2 - going with Fortify

As per documentation, you could use the Fortify::authenticateUsing method to override the login process. You could also "hook" to the registration process.

From here what you could do:

  • keep the authenticateUsing or register process as they are (or replicate the default behavior as you don't need to change the auth process provided by Fortify)
  • add to the one you want (login success or register success), a new Laravel event that will be triggered only on successful login and/or successful register
  • you can then handle your custom queries from the event listener. Your event can receive the corresponding user, and the session parameter from the $request parameter in Fortify::authenticateUsing, or request(), or Session helpers.

Note: you may need to send the full session ID as event parameter, to make it available in your listener.

If you use queued events, and your driver is not sync. And so, you have another server listening and executing your queued jobs/events, or a CRON, or supervisor. In these kinds of cases, the Laravel Session helpers on your "task server" or "listener" may not work as expected. As it's another PHP process that's running the listener business, not the one from the user.

So the "frontend" server handling the user request must add to the dispatched Event all the required data (builtin Login event already has the user as a parameter), that the "task server" cannot get from the database (User can be retrieved from DB (see documentation about Event parameters injection and Serialized model), Session params cannot as they are "user session" specific).

I don't know if you'll be able to override the Login event to add your session parameter, but I think it'll be easy to google about Laravel Login custom events. Those are not required if you don't queue your job, and so they are executed synchronously by the same PHP process and server.