Laravel Auth Checker

Laravel Auth Checker is a plugin to collect login info and devices used when an user authenticate. It makes it easy to catch user authentication, attempts and lockouts from new IP address or new devices.

• Requirements
• Installation
• Access Collected Data
  • Logins
  • Devices
• Events
• Practical usage
• Tests
• Contributors

Requirements

• Laravel >= 5.4
• PHP >= 5.6

Installation

• Require it with Composer:

composer require lab404/laravel-auth-checker

• Add the service provider at the end of your config/app.php:

'providers' => [
    // ...
    Lab404\AuthChecker\AuthCheckerServiceProvider::class,
],

• Add to your User model the Lab404\AuthChecker\Models\HasLoginsAndDevices trait and the Lab404\AuthChecker\Interfaces\HasLoginsAndDevicesInterface interface.

use Lab404\AuthChecker\Models\HasLoginsAndDevices;
use Lab404\AuthChecker\Interfaces\HasLoginsAndDevicesInterface;

class User extends Authenticatable implements HasLoginsAndDevicesInterface
{
    use Notifiable, HasLoginsAndDevices;  
}

• Publish migrations and migrate your database:

php artisan vendor:publish --tag=migrations
php artisan db:migrate

Note: Migrations are published in case you need to customize migrations timestamps to integrate your existing project.

Access collected data

This library brings to you logins data and devices data for your users.

Logins

// Your user model:
$logins = $user->logins;
// Output: 
[
    [
        'ip_address' => '1.2.3.4',
        'device_id' => 1, // ID of the used device
        'type' => 'auth',
        'device' => [
            // See Devices
        ],
        'created_at' => '2017-03-25 11:42:00',
    ],
    // ... and more
]

Also, you can directly access logins by their type:

• $user->auths, returns successful logins (via Login::TYPE_LOGIN)
• $user->fails, returns failed logins (via Login::TYPE_FAILED)
• $user->lockouts, returns locked out logins (via Login::TYPE_LOCKOUT)

Devices

// Your user model:
$devices = $user->devices;
// Outputs:
[
    [
        'platform' => 'OS X',
        'platform_version' => '10_12_2',
        'browser' => 'Chrome',
        'browser_version' => '54',
        'is_desktop' => true,
        'is_mobile' => false,
        'language' => 'fr-fr',
        'login' => [
          // See logins
        ],
    ],
    // ... and more
]

Roadmap

• Log user authentication
• Collect IP addresses
• Collect devices
• Get user's login history
• Get devices history
• Capture failed logins
• Capture lockout logins
• Trust / Untrust devices
• Notify user when an unknow device log in

Events

There are many events available that can be used to add features to you app:

• LoginCreated is fired when a user authenticate.
• DeviceCreated is fired when a new device is created for an user.
• FailedAuth is fired when an user fails to log in.
• LockoutAuth is fired when authentication is locked for an user (too many attempts).

Each events pass to your listeners a Login model and a Device model.

Practical usage

Once the trait HasLoginsAndDevices is added to your User model, it is extended with these methods:

• logins() returns all logins
• auths() returns all successful login attemps
• fails() returns all failed login attempts
• lockouts() returns all lockouts login attempts

Each login returned is associated with the Device model used.

• devices() returns all devices used by the user to authenticate.

Tests

vendor/bin/phpunit

Contributors

• MarceauKa
• and all others contributors

Licence

MIT