Authorization in Laravel, through social networks (Ulogin). Simple, flexible and efficient.

Hello friends. Today I want to share my view on how you can make simple and effective user authorization / registration through any social network using the Ulogin plugin. Why through this plugin? Because it can save the developer from the heap of headaches that will arise when synchronizing with each social network separately. Plus, you can get data from the plugin in a single beautiful format.

I assume that the reader understands the Laravel 5.3 framework. Therefore, I will not chew on simple things. So where to start? First we need to connect the JS plugin on the registration and authorization page. Personally, I do this through creating a separate template auth / social.blade.php In which I put the following simple code:

{{-- Social buttons--}} <div class="text-center margin-bottom-20" id="uLogin" data-ulogin="display=panel;theme=flat;fields=first_name,last_name,email,nickname,photo,country; providers=facebook,vkontakte,odnoklassniki,mailru;hidden=other; redirect_uri={{ urlencode('http://' . $_SERVER['HTTP_HOST']) }}/ulogin;mobilebuttons=0;"> </div> @section('js') <script src="//ulogin.ru/js/ulogin.js"></script> @endsection 

A few explanations to the code. We use urlencode to encode a string to a normal one for transmitting via http. On redirect_uri there will be a response from the Ulogin server with statuses and data. In the fields field we indicate what data we need to get from the social network. At the end of the template, I connect the plugin itself. Please note that this is where the code is inserted into the 'js' block, which must be entered into the main template: yield ('js')

Yes, one moment. If you are working over SSL, instead of 'http: //' specify 'https: //'. Then there will be no warning about unsafe data transfer.
')
When the template is ready, we simply connect it on the registration and login page where we need it, simply by inserting one line into the template: include ('auth.social')

That's it, now a nice widget with a choice of social networks will appear on the registration page. When you click on the social network button, a new window will open for authorization in a specific social network (if you are not authorized, of course).

Now we need to write the backend part. Namely, create a controller and a route. The route will receive a response from the Ulogin server and transmit it to our controller.

We create a controller with the name UloginController.php and put in it a public login method in which we transmit the request.

Create a route: Route :: post ('ulogin', 'UloginController @ login');

There is one more nuance! Laravel has protection against CSRF attacks. This means that transferring data from another server will not have a security token and a security error will occur. In order to fix this, it is necessary in the middleware VerifyCsrfToken.php to set an exception for our route (path): protected $ except = ['ulogin'];

Now, when the server returns a response to '/ ulogin', the security token will be ignored and no error will occur.

Now we will write the controller itself:

 <?php /** * Ulogin.ru auto registration or login. */ namespace App\Http\Controllers; use App\User; use Auth; use Hash; use Illuminate\Http\Request; use Redirect; class UloginController extends Controller { // Login user through social network. public function login(Request $request) { // Get information about user. $data = file_get_contents('http://ulogin.ru/token.php?token=' . $_POST['token'] . '&host=' . $_SERVER['HTTP_HOST']); $user = json_decode($data, TRUE); $network = $user['network']; // Find user in DB. $userData = User::where('email', $user['email'])->first(); // Check exist user. if (isset($userData->id)) { // Check user status. if ($userData->status) { // Make login user. Auth::loginUsingId($userData->id, TRUE); } // Wrong status. else { \Session::flash('flash_message_error', trans('interface.AccountNotActive')); } return Redirect::back(); } // Make registration new user. else { // Create new user in DB. $newUser = User::create([ 'nik' => $user['nickname'], 'name' => $user['first_name'] . ' ' . $user['last_name'], 'avatar' => $user['photo'], 'country' => $user['country'], 'email' => $user['email'], 'password' => Hash::make(str_random(8)), 'role' => 'user', 'status' => TRUE, 'ip' => $request->ip() ]); // Make login user. Auth::loginUsingId($newUser->id, TRUE); \Session::flash('flash_message', trans('interface.ActivatedSuccess')); return Redirect::back(); } } } 

As you can see from the code, we first check if there is a user in our database with such an email address. If there is, then we immediately log in. If not, then we first create a user in the database, and then log in. The likelihood that someone will create an account on a social network with the email address of the person who is already registered on your site, in order to log in to someone else's account, is practically reduced to zero, since social networks require verification of the specified address.

What fields in the database can be seen from the code. To display a text message, I use the trans () translation function, which allows me to use any languages ​​on the site.

That's all. Simple, effective and very flexible. Next time, if there is a time, I will write about how you can automatically login / register a user when a guest likes a post or presses a comment button on your site. There everything is more difficult, but also flexible and effective.