Is it advisable to bind application data to request in Laravel 5

Question

Would it be advisable, if i am doing authentication in a middleware and adding some data to the \Illuminate\Http\Request $request object and using that data in the controller by injecting \Illuminate\Http\Request $request into the controller method?

The reason, the app needs to make a database call to find out if the credentials are valid and if it is, it returns something like a primary key that i use in subsequent db operations.

At the moment, everything is done in the controller. If i were to use a separate middleware for authentication, can i bind the data that my controller needs to the request object if the middleware check passes? if so, how should i go about doing it?

Inspiration - Expressjs way of binding and passing data along the request through a stack of middlewares / routes.

Laurence · Answer 1 · 2015-05-11T10:45:31.900

7

I dont understand - why dont you just use the Laravel authenticator?

You say:

The reason, the app needs to make a database call to find out if the credentials are valid and if it is, it returns something like a primary key that i use in subsequent db operations.

And that is exactly what the Laravel Authenticator does?

Then in your controller you can just do

`auth()->user()` // gives you the user record
`auth()->id()` // user_id from the DB
`auth()->user()->name` // gives you the `name` column off the record. You can change it to anything.

Edit: Meanwhile - you can still use the Laravel Authenticator package whilst using a legacy system for authentication. In your middleware you can do something like this:

if (doLegacyCheckHere()) {
      Auth::loginUsingId(1);
}

This means you can do your check via the neo4j graph db - and if it returns true that the user is authenticated correctly - then you just log them into the Laravel system yourself.

edited May 11 '15 at 10:45

answered May 11 '15 at 07:16

Laurence

58,936
21
171
212

I wanted to attach it to request as i wanted my middlewares to have no prior knowledge of the stack. Or am i wrong in wanting to do this? – Swaraj Giri May 11 '15 at 08:41
But why do you *want* to do that? I still dont understand? You are using the Laravel framework - so I dont understand why you are not using the Laravel Authenticator instead of rolling your own? (There might be a valid reason - but unless we know why - it makes it difficult to answer your question) – Laurence May 11 '15 at 08:45
Reasons - Using apikeys to validate requests using a legacy neo4j graph db that i cannot make changes to. – Swaraj Giri May 11 '15 at 08:51
I've updated my answer. You can just do the check against the neo4j graph DB - but still log them into the Laravel Authentication system. This means you get all the benefits of Laravel `auth()` - but still check them against the legacy system. – Laurence May 11 '15 at 09:15
Can do that, what i was more interested in is passing some values via the request. – Swaraj Giri May 11 '15 at 09:29
+1 for using the built-in auth() objects. You want to extend the built-in UserInterface objects and overwrite the auth lookups. We have an underlying LDAP auth through Laravel and I have extended the UserInterface and RemindableInterface to provide some of this functionality. I would post examples but our code is too woven into LDAP to help you here. – akahunahi May 14 '15 at 23:19

score 2 · Answer 2 · answered Apr 13 '15 at 12:15

2

Yes, that is probably a good way to do it, as the build-in Laravel Authentication system works the same way: you can access a logged in user via $request::user(). See http://laravel.com/docs/5.0/authentication#retrieving-the-authenticated-user

answered Apr 13 '15 at 12:15

Jeroen Noten

3,574
1
17
25

Just because you can access the current user with `user()` doesn't mean it's stored in the request object. – lukasgeiter Apr 13 '15 at 12:16
@Jeroen - Don't think laravel binds it to request – Swaraj Giri Apr 20 '15 at 08:33
You're both right, thanks for your comments. It was not a very strong argument. But I still don't think it is very bad design. – Jeroen Noten Apr 20 '15 at 18:38

score 1 · Answer 3 · answered May 12 '15 at 10:03

It is ok to validate auth in the middleware. In my application we are using the same functionality to check if user sends the right access_code to access to the API methods. Even Laravel itself handles protected routes by Authenticate middleware.

The problem is, there is no silver bullet of how or where to store additional data.

One method is to store this in the user's session.

The second is to use Illuminate\Foundation\Application class itself. You can inject it into your middleware __constructor() and use it to save your data. Application class extends Container class that implements ArrayAccess interface that allows you to access to it's properties like it is an array. That allows you not only to get variables from the Application but to store them too. Not the best way though the simplest.

public function __construct(\Illuminate\Foundation\Application $app)
{
    $app['_foo'] = 'bar';
}

There are more such hacks but these are the simplest.

How about making middleware propagate a tuple of [$request, $payload] instead of just the $request object? — Olle Härstedt, Sep 08 '20 at 18:20

Is it advisable to bind application data to request in Laravel 5

3 Answers3

Linked