Different solutions for ensuring a Laravel user is authenticated

Authentication Forms

Committed to the LaraBrain by: wjgilmore (@wjgilmore) at November 13, 2015 2:09 pm

Laravel offers a number of different solutions for determining whether a user is authenticated

These days it's rare to build a web application that lacks user authentication. Even so I somehow manage to forget with regularity Laravel's various authentication-related helpers and so thought I'd share a tip here. Unauthenticated LaraBrain users can view but not submit the tip submission form. This was accomplished using Laravel's Auth::check() helper and the ternary operator:

<fieldset {{ Auth::check() ? "" : "disabled=\"disabled\"" }}>
form elements here

Of course, simply disabling the form isn't enough from a security perspective, and so I additionally prevent unauthenticated users from accessing the store action by using the auth middleware within the Tips controller constructor:

public function __construct()
        ['only' => ['store', 'edit', 'update']]);

Finally, just to be extra careful, I use the authorize method found in the TipRequest form request to confirm the submitting user is indeed authenticated:

public function authorize()
    return \Auth::check();