I want to disable logins for users who have deleted logic (soft-delayed)

Asked 2 months ago, Updated 2 months ago, 3 views

Thank you for your continuous support.

Regarding the captioned matter, I tried coding by referring to the website below.

Implementing logical deletion of user information (soft delete) with Ravel's authentication capabilities


but
the email address and password of the soft-delivered user. If you enter it on the login screen, you will be able to log in.

I'd like to ask you in the first place, even if you're a soft-delivered user
Is it the specification that allows me to log in?

By the way, the environment is as follows.

Ravel 5.5
PHP 7.2.7
MySQL 5.7.22

Thank you for your cooperation.

*The following is the coded content.
Create Migration Files, Run Migration

$phpartisan make:migration add_column_softDeletes_users_table --table=users

$view2018_07_12_045301_add_column_soft_deletes_users_table.php

<?php

use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migration;

classAddColumnSoftDeletesUsersTable extensions Migration
{
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::table('users', function(Blueprint$table){
            $table->softDeletes();
        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::table('users', function(Blueprint$table){
            $table->dropColumn('deleted_at');
        });
    }
}

Create Model

$phpartisan make:model Models/Users

$viewUsers.php

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\SoftDeletes;

class Users extensions Model
{
    use SoftDeletes;

    protected$table='users';
    protected $dates = ['deleted_at'];
}

We have soft-delivered the user with the SQL statement below.

update users set deleted_at='2018-07-1201:03:26'where id=1;

If you try to log in with the user who soft-delivered in the previous section, you will be able to log in.

php laravel-5

2022-09-30 14:09

1 Answers

In the first place, Ravel (Eloquent ORM) SoftDeletes trains are not concerned about whether or not the users tables to which they are applied are used for user authentication, so it is the responsibility (i.e., to implement softdeletes).

a. However, for example,

$user=App\Models\Users::where(['name'=>'admin','password'=>'[email protected]'])->first();

If you implement the login process via the Users model with the SoftDeletes trace as shown in , you will naturally be able to achieve such a specification, so if you intend to do so, you have to check the code around the authentication process.

b. But if

$user=DB::table('users') ->where(['name'=>'admin', 'password'=>'[email protected]'])->first();

If you implement the login process with the code for the , it does not go through the Users model with the SoftDeletes trace, so the logical deleted records will also be returned regardless of the value in the deleted_at column.

c. Of course, logical deletion using the deleted_at column (provided by the SoftDeletes trace) is not considered when SQL is issued using PDOs or other MySQL drivers.

Anyway, make sure that the login authentication processing is implemented using the Users model, i.e., "Isn't there a query for user authentication without going through Eloquent ORM?" (consider attaching the actual authentication processing code as well.)


2022-09-30 14:09

If you have any answers or tips


© 2022 OneMinuteCode. All rights reserved.