How to create http basic Authentication in Laravel 5?

Question

How to create http basic Authentication in Laravel 5?

I have read the documentation here: https://laravel.com/docs/5.0/authentication#http-basic-authentication

I want to create a fixed password, meaning only one password for the complete site.

But still is not clear to me how to create it.

I understand that I have to create a Middleware like this:

public function handle($request, Closure $next)
{
    return Auth::onceBasic() ?: $next($request);
}

But then I am not sure what else to do. For example, I want to protect this route:

Route::get('/', function () {
    return view('welcome');
});

And also, where do I store the HTTP BASIC password on the server ?

Thanks

Answer 1

The Laravel HTTP Basic Authentication service relies in an user account already registered in the database.

The name of this service indeed suggests it would be coming from a http basic password on the server.

You could cheat by hard coding the password in the middleware.

Answer 2

To protect a set of routes i wrap them in a group like this;

Route::group([
     'middleware' => 'name_of_your_middleware',
], function () {

// Place your routes here as normal, eg

Route::get('/page', 'YourController@controllerMethod');

Route::get('/', function () { return view('welcome'); });

// Then close the middleware group

});

Must admit i'm not entirely sure about a single password for the whole site, my quick and dirty method would be to use a single user account and not bother creating any registration views or logic for storing new user accounts, but that's still stored DB Side and requires a model :(

Could it be worth skipping Laravel auth and using .htaccess to wall off sections of your site?

Answer 3

I use this package:

Intervention/httpauth

Then in my controller I want the auth to protect, I just add:

Httpauth::secure();