Overview
The AuthController manages all authentication-related operations in the Dashboard Laravel application. It handles user login, registration, logout, and provides view methods for authentication forms.
Namespace: App\Http\Controllers
Extends: Controller
Methods
showLogin()
Displays the login form view. Redirects authenticated users to the dashboard.
public function showLogin()
\Illuminate\Http\RedirectResponse|\Illuminate\View\View
Behavior:
- If user is already authenticated (
Auth::check()), redirects to /dashboard
- Otherwise, returns the
home view with the login form
Example:
// Route definition
Route::get('/login', [AuthController::class, 'showLogin']);
Redirects to /dashboard if already authenticated
Returns home view for unauthenticated users
login()
Processes user login with credentials validation.
public function login(Request $request)
User’s email address. Must be a valid email format.
User’s password. Minimum 6 characters required.
Optional “Remember Me” checkbox to persist authentication.
[
'email' => 'required|email',
'password' => 'required|min:6',
]
\Illuminate\Http\RedirectResponse
Implementation:
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required|min:6',
], [
'email.required' => 'El correo es obligatorio.',
'email.email' => 'Ingresa un correo válido.',
'password.required' => 'La contraseña es obligatoria.',
'password.min' => 'Mínimo 6 caracteres.',
]);
if (Auth::attempt($request->only('email', 'password'), $request->has('remember'))) {
$request->session()->regenerate();
return redirect('/dashboard');
}
return back()->withErrors(['email' => 'Credenciales incorrectas.'])->withInput();
}
- Validates email and password fields
- Attempts authentication using
Auth::attempt()
- On success:
- Regenerates session for security
- Redirects to
/dashboard
- On failure:
- Returns back with error message
- Preserves input except password
Session regeneration ($request->session()->regenerate()) prevents session fixation attacks.
Success
Validation Error
Authentication Failed
Redirects to /dashboard on successful authentication
Array of validation error messages in Spanish
{
"email": ["El correo es obligatorio."],
"password": ["Mínimo 6 caracteres."]
}
Invalid credentials error message
{
"email": ["Credenciales incorrectas."]
}
showRegister()
Displays the registration form view. Redirects authenticated users to the dashboard.
public function showRegister()
\Illuminate\Http\RedirectResponse|\Illuminate\View\View
Behavior:
- If user is already authenticated, redirects to
/dashboard
- Otherwise, returns the
signup view with the registration form
Example:
// Route definition
Route::get('/register', [AuthController::class, 'showRegister']);
register()
Processes new user registration with validation and automatic login.
public function register(Request $request)
User’s full name. Maximum 255 characters.
User’s email address. Must be unique in the users table.
User’s password. Minimum 6 characters. Must be confirmed.
Password confirmation field. Must match password.
[
'name' => 'required|string|max:255',
'email' => 'required|email|unique:users,email',
'password' => 'required|min:6|confirmed',
]
\Illuminate\Http\RedirectResponse
Implementation:
public function register(Request $request)
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|email|unique:users,email',
'password' => 'required|min:6|confirmed',
], [
'name.required' => 'El nombre es obligatorio.',
'email.required' => 'El correo es obligatorio.',
'email.unique' => 'Este correo ya está registrado.',
'password.min' => 'Mínimo 6 caracteres.',
'password.confirmed' => 'Las contraseñas no coinciden.',
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
Auth::login($user);
return redirect('/dashboard');
}
- Validates all registration fields
- Creates new user with hashed password (
Hash::make())
- Automatically logs in the new user
- Redirects to
/dashboard
Passwords are hashed using bcrypt via Hash::make() before storage. Never store plain-text passwords.
- Email uniqueness validation prevents duplicate accounts
- Password confirmation (
confirmed rule) requires matching password_confirmation field
- Bcrypt hashing for secure password storage
- Automatic login after registration for better UX
Response:
Redirects to /dashboard after successful registration
Validation errors if registration fails
logout()
Logs out the authenticated user and invalidates their session.
public function logout(Request $request)
The HTTP request instance (injected by Laravel)
\Illuminate\Http\RedirectResponse
Implementation:
public function logout(Request $request)
{
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect('/');
}
- Logs out the user (
Auth::logout())
- Invalidates the current session
- Regenerates CSRF token
- Redirects to home page (
/)
This method implements the recommended Laravel logout flow including session invalidation and CSRF token regeneration to prevent security vulnerabilities.
Auth::logout() - Clears authenticationsession()->invalidate() - Destroys session datasession()->regenerateToken() - Prevents CSRF attacks after logout
Response:
Redirects to / (home page)
Full Source Code
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
class AuthController extends Controller
{
public function showLogin()
{
if (Auth::check()) return redirect('/dashboard');
return view('home');
}
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required|min:6',
], [
'email.required' => 'El correo es obligatorio.',
'email.email' => 'Ingresa un correo válido.',
'password.required' => 'La contraseña es obligatoria.',
'password.min' => 'Mínimo 6 caracteres.',
]);
if (Auth::attempt($request->only('email', 'password'), $request->has('remember'))) {
$request->session()->regenerate();
return redirect('/dashboard');
}
return back()->withErrors(['email' => 'Credenciales incorrectas.'])->withInput();
}
public function showRegister()
{
if (Auth::check()) return redirect('/dashboard');
return view('signup');
}
public function register(Request $request)
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|email|unique:users,email',
'password' => 'required|min:6|confirmed',
], [
'name.required' => 'El nombre es obligatorio.',
'email.required' => 'El correo es obligatorio.',
'email.unique' => 'Este correo ya está registrado.',
'password.min' => 'Mínimo 6 caracteres.',
'password.confirmed' => 'Las contraseñas no coinciden.',
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
Auth::login($user);
return redirect('/dashboard');
}
public function logout(Request $request)
{
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect('/');
}
}
Dependencies
Facades:
Illuminate\Support\Facades\Auth - AuthenticationIlluminate\Support\Facades\Hash - Password hashing
Models:
App\Models\User - User model
Classes:
Illuminate\Http\Request - HTTP request handling
Usage Example
Route Registration
use App\Http\Controllers\AuthController;
// Display forms
Route::get('/login', [AuthController::class, 'showLogin'])->name('login');
Route::get('/register', [AuthController::class, 'showRegister'])->name('register');
// Process forms
Route::post('/login', [AuthController::class, 'login']);
Route::post('/register', [AuthController::class, 'register']);
Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
AJAX Login Example
fetch('/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRF-TOKEN': document.querySelector('meta[name="csrf-token"]').content
},
body: JSON.stringify({
email: '[email protected]',
password: 'password123',
remember: true
})
})
.then(response => response.json())
.then(data => console.log(data));
