C.A.R. 911 uses Laravel’s built-in authentication system to secure access to the application. The authentication system handles user login, logout, registration, and password reset functionality.
Login System
The login system is managed by the LoginController which uses Laravel’s AuthenticatesUsers trait.
Login Controller
The authentication controller is located at:
app/Http/Controllers/Auth/LoginController.php
The system uses the guest middleware to prevent authenticated users from accessing login pages. The exception is the logout route, which requires authentication.
Login Flow
Access Login Page
Navigate to the root URL (/) which displays the login view:Route::get('/', function () {
return view('auth.login');
})->name('login.view');
Submit Credentials
Enter your email and password. The system validates credentials using Laravel’s authentication mechanism.
Redirect After Login
Upon successful authentication, users are redirected to the home page:protected $redirectTo = RouteServiceProvider::HOME;
Middleware Protection
The LoginController applies middleware to control access:
public function __construct()
{
$this->middleware('guest')->except('logout');
}
Logout Functionality
The logout functionality is included in the AuthenticatesUsers trait. Users can log out by accessing the logout route, which is protected by authentication middleware.
After logging out, users are redirected to the login page and must re-authenticate to access protected resources.
Password Reset
C.A.R. 911 includes a complete password reset system for users who forget their credentials.
Forgot Password
The ForgotPasswordController handles password reset email requests:
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
class ForgotPasswordController extends Controller
{
use SendsPasswordResetEmails;
}
Reset Password Flow
Request Reset Link
Users request a password reset by providing their email address. The system sends a reset link via email.
Click Reset Link
Users click the link in the email, which contains a secure token.
Set New Password
Users enter and confirm their new password. The ResetPasswordController processes the request:use Illuminate\Foundation\Auth\ResetsPasswords;
class ResetPasswordController extends Controller
{
use ResetsPasswords;
protected $redirectTo = RouteServiceProvider::HOME;
}
Redirect to Home
After successfully resetting the password, users are automatically logged in and redirected to the home page.
Authentication Routes
Laravel’s authentication routes are registered using:
Reference: routes/web.php:50
This automatically registers the following routes:
GET|POST /login - Login page and authenticationPOST /logout - Logout functionalityGET|POST /register - User registrationGET|POST /password/reset - Password reset requestGET|POST /password/email - Send password reset email
Protected Routes
All application routes are protected by the auth middleware:
Route::group(['middleware' => ['auth']], function () {
// All protected routes
});
Users must be authenticated to access any route within the middleware group. Unauthenticated users are automatically redirected to the login page.
User Model
The User model extends Laravel’s Authenticatable class and includes authentication-related traits:
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable, HasRoles;
}
Hidden Attributes
For security, sensitive authentication data is hidden from JSON responses:
protected $hidden = [
'password',
'remember_token',
];
System Optimization
You can optimize the authentication system and clear caches:
Route::get('optimizar', function () {
Artisan::call('optimize:clear');
Artisan::call('config:cache');
Artisan::call('route:cache');
Artisan::call('view:cache');
Auth::logout();
return redirect()->route('login.view')
->with('status', '✅ Optimización completada correctamente');
});
Running the optimization route will log out all users and clear all application caches. Use this only during maintenance or deployment.