GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → DarkGhostHunter → Passless

DarkGhostHunter / Passless

Licence: MIT license
Passwordless Authentication Driver for Laravel. Just add water.

Programming Languages

PHP
23972 projects - #3 most used programming language

Labels

laravelauthenticationpasswordless

Projects that are alternatives of or similar to Passless

magic-admin-python
Magic admin Python SDK makes it easy to leverage Decentralized ID tokens to protect routes and restricted resources for your application.
Stars: ✭ 20 (-54.55%)
Mutual labels:  passwordless
laravel-magiclink
Create link for authenticate in Laravel without password or get private content
Stars: ✭ 135 (+206.82%)
Mutual labels:  passwordless
webauthn-demo
WebAuthn demo with Ionic/Angular and Spring Boot
Stars: ✭ 22 (-50%)
Mutual labels:  passwordless
passwordless
Passwordless authentication server, supports OTP, WebAuthn, plan to implement TOTP and mobile biometric authentication
Stars: ✭ 34 (-22.73%)
Mutual labels:  passwordless
powerauth-crypto
PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.
Stars: ✭ 48 (+9.09%)
Mutual labels:  passwordless
crowdfunding-backend
[DEPRECATED] A crowdfunding backend written with NodeJS, Apollo and PostgreSQL. Features an extensive data model, mult. payment integrations, passwordless auth, statistics and admin endpoints.
Stars: ✭ 23 (-47.73%)
Mutual labels:  passwordless
line-fido2-server
FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples.
Stars: ✭ 350 (+695.45%)
Mutual labels:  passwordless
paw.js
Passwordless Authentication Wallet (PAW) is key-based authentication for the web. The library helps manage identities, their associated public/private keypairs, and signing operations in the browser.
Stars: ✭ 38 (-13.64%)
Mutual labels:  passwordless
magic-admin-js
Magic admin Node.js SDK makes it easy to leverage Decentralized ID tokens to protect routes and restricted resources for your application.
Stars: ✭ 62 (+40.91%)
Mutual labels:  passwordless
logto
🧑‍🚀 Logto helps you build the sign-in, auth, and user identity within minutes. We provide an OIDC-based identity service and the end-user experience with username, phone number, email, and social sign-in, with extendable multi-language support.
Stars: ✭ 3,421 (+7675%)
Mutual labels:  passwordless
privx-on-aws
PrivX - Just-in-time Access Management
Stars: ✭ 18 (-59.09%)
Mutual labels:  passwordless
webauthn.me
webauthn.me, learn more about the Web Authentication API or try the debugger.
Stars: ✭ 30 (-31.82%)
Mutual labels:  passwordless
laravel-login-links
Create (passwordless) login links for users
Stars: ✭ 13 (-70.45%)
Mutual labels:  passwordless
powerauth-mobile-sdk
PowerAuth Mobile SDK for adds capability for authentication and transaction signing into the mobile apps (ios, watchos, android).
Stars: ✭ 27 (-38.64%)
Mutual labels:  passwordless
passport-magic
Magic is a Passport.js strategy that enables passwordless authentication middleware for any Express.js based application.
Stars: ✭ 35 (-20.45%)
Mutual labels:  passwordless

This package has been abandoned. If you need Passwordless Authentication, migrate to Laravel Passwordless Login.

Robert Gramner - Unsplash (UL) #as2iiiiFdqk

Latest Stable Version License Coverage Status Maintainability

Passless

Passwordless Authentication Driver for Laravel. Just add water.

Requirements

  • Laravel 6 or Laravel 7

Check older releases for older Laravel versions.

What includes

  • Passless Authentication Guard Driver
  • Passless Login Controller
  • LoginAuthentication Notification
  • Little magic

Install

Just fire up Composer and require it into your Laravel project:

composer require darkghosthunter/passless

How it works

This guards extends the default SessionGuard and only overrides the authentication method to not check the password, only if the user exists by the given credentials (email or whatever keys you set in your form or controller).

To register your users without a password, allow in your migration files the password string to be nullable(). Alternatively, pass an empty string on registration.

Schema::create('users', function (Blueprint $table) {
    // ...
    
    $table->string('password')->nullable();
    
    $table->rememberToken();
    $table->timestamps();
});

In your login form, you can discard the password input and leave only the email or username.

<form action="{{ route('auth.login') }}" method="post">
    @csrf
    <input name="email" type="email" placeholder="Put your email">
    <button type="Submit">
</form

This will allow users to login through an email (if they're are registered), and throw an auth error if it doesn't.

When the user signs-in, an email is dispatched. The Email contains a temporarily signed URL which directs the user to the Passless LoginController, which will login the user into your application.

How to use

Passless is easy to integrate into your application, but before start using it you should change some strings in your configuration to point your app to use this package.

Don't worry, it doesn't breaks your Laravel installation in any way.

1) Add the Guard Driver

Go into your config/auth.php and add passless as the driver for your guard.

'guards' => [
    'web' => [
        'driver' => 'passless',
        'provider' => 'users',
    ],
    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
],

Remember to set the correct guard (in this case, web) to use the passless driver in your Login and Register Controllers.

2) Disable the password validation

In your login form you shouldn't have the password input. If you're using the default Auth\LoginController class, you should override the validateLogin() method and disable the password validation.

/**
 * Validate the user login request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return void
 */
protected function validateLogin(Request $request)
{
    $this->validate($request, [
        $this->username() => 'required'
        // 'password' => 'required
    ]);
}

3) Add the proper Login response

Since the user won't be logged in immediately into your application when your credentials are validated, you should return a view which Notifies the user to check his email with a message or alert.

While you are free to use any View to inform the user, you can just simply add a flash notification in your Login route, along with the proper markup to retrieve and show the notification in the view.

If you're using the default controller, add or replace this code:

/**
 * The user has been authenticated.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  mixed  $user
 * @return \Illuminate\Http\Response
 */
protected function authenticated(Request $request, $user)
{ 
    $request->flashOnly(['email']);

    $request->session()->flash('success', 'Check your email to log in!');

    return response()->view('auth.login');
}

Since there is no password check in the login form, you may want to add a throttler middleware like throttle:60,3 to your Login route to avoid mail asphyxiation.

Configuration

For fine tuning, publish the Passless configuration:

php artisan vendor:publish --provider="DarkGhostHunter\Passless\PasslessServiceProvider"

You should definitively edit this config file if:

  • You're using a custom authentication controllers.
  • You're using additional middleware across your routes.
  • Need a different Login for Passless.
  • Need a better Notification for your Login Email.

The contents of the config file are self-explanatory, so check the comments over each setting key.

License

This package is licenced by the MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].