Laravel Auth Checker is a plugin to collect login info and devices used when a user authenticates. It makes it easy to catch user authentication attempts and lockouts from new IP address or new devices.
- Laravel 9 to 10
- PHP 8.0 to 8.2
Version | Release |
---|---|
9, 10 | 2.0 |
8, 9 | 1.7 |
6, 7 | 1.6 |
5.8 | 1.2 |
5.7, 5.6 | 1.1 |
- Require it with Composer:
composer require lab404/laravel-auth-checker
- Add to your User model the
Lab404\AuthChecker\Models\HasLoginsAndDevices
trait and theLab404\AuthChecker\Interfaces\HasLoginsAndDevicesInterface
interface.
use Lab404\AuthChecker\Models\HasLoginsAndDevices;
use Lab404\AuthChecker\Interfaces\HasLoginsAndDevicesInterface;
class User extends Authenticatable implements HasLoginsAndDevicesInterface
{
use Notifiable, HasLoginsAndDevices;
}
- Publish migrations and migrate your database:
php artisan vendor:publish --tag=auth-checker
php artisan migrate
Note: Migrations are published in case you need to customize migration timestamps to integrate to your existing project.
This library collects login data and devices data about your users.
// Your user model:
$logins = $user->logins;
// Output:
[
[
'ip_address' => '1.2.3.4',
'device_id' => 1, // ID of the used device
'type' => 'auth',
'device' => [
// See Devices
],
'created_at' => '2017-03-25 11:42:00',
],
// ... and more
]
Also, you can directly access logins by their type:
-
$user->auths
, returns successful logins (viaLogin::TYPE_LOGIN
) -
$user->fails
, returns failed logins (viaLogin::TYPE_FAILED
) -
$user->lockouts
, returns locked out logins (viaLogin::TYPE_LOCKOUT
)
// Your user model:
$devices = $user->devices;
// Outputs:
[
[
'platform' => 'OS X',
'platform_version' => '10_12_2',
'browser' => 'Chrome',
'browser_version' => '54',
'is_desktop' => true,
'is_mobile' => false,
'language' => 'fr-fr',
'login' => [
// See logins
],
],
// ... and more
]
- [x] Log user authentication
- [x] Collect IP addresses
- [x] Collect devices
- [x] Get user's login history
- [x] Get devices history
- [x] Capture failed logins
- [x] Capture lockout logins
- [ ] Trust / Untrust devices
- [ ] Notify user when an unknown device log in
There are many events available that can be used to add features to your app:
-
LoginCreated
is fired when a user authenticates. -
DeviceCreated
is fired when a new device is created for a user. -
FailedAuth
is fired when a user fails to log in. -
LockoutAuth
is fired when authentication is locked for a user (too many attempts).
Each event passes a Login
model and a Device
model to your listeners.
Once the trait HasLoginsAndDevices
is added to your User
model, it is extended with these methods:
-
logins()
returns all logins -
auths()
returns all successful login attemps -
fails()
returns all failed login attempts -
lockouts()
returns all lockouts
Each login returned is associated with the Device
model used.
-
devices()
returns all devices used by the user to authenticate.
vendor/bin/phpunit
- MarceauKa
- and all others contributors
MIT