Skip to content

juliomotol/laravel-auth-timeout

Repository files navigation

Laravel Auth Timeout

Software License StyleCI Latest Version on Packagist Total Downloads

A small Laravel 6+ package that handles Authentication Timeouts.

When upgrading to v2, please see the CHANGELOG.md.

Why Laravel Auth Timeout?

There are times where we want to log out a user when they haven't done and request in a set of time. There is a workaround (below):

/* Somewhere in config/session.php */
'lifetime' => 15,

But this also affects the CSRF token and we don't want that. That is where Laravel Auth Timeout comes in.

Laravel Auth Timeout is a small middleware package that checks if the user had made any request in a set of time. If they have reached the idle time limit, they are then logged out on their next request. Thanks to Brian Matovu's article.

Tables of Contents

Installation

composer require juliomotol/laravel-auth-timeout

This package uses auto-discovery, so you don't have to do anything. It works out of the box.

Config

If you want to make changes in the configuration you can publish the config file using:

php artisan vendor:publish --provider="JulioMotol\AuthTimeout\ServiceProvider"

Content of the configuration

Key Default value Description
session "last_activity_time" The name of the session token to be used.
timeout 15 The timeout duration in minutes.
redirect null The path to redirect the user when timed out. (For more flexibilty, see Redirection)

Usage

Quick Start

For a simple usage, include the AuthTimeoutMiddleware in your Kernel.php and use that middleware on the route you want this to take effect in.

/* Kernel.php */

protected $routeMiddleware = [
    ...
    'auth.timeout' => \JulioMotol\AuthTimeout\Middleware\AuthTimeoutMiddleware::class,
    ...
];

/* Routes.php */
Route::get('/admin', [
    'uses' => 'FooBarController@Foobar',
    'middleware' => ['auth.timeout']
]);

Custom Guards

You might have multiple guards and only want to apply AuthTimeoutMiddleware to certain ones. We got you covered, AuthTimeoutMiddleware accepts a $guard as its parameter.

// Lets say you have added a 'web.admin' guard in your config/auth.php...

/* Routes.php */
Route::get('/admin', [
    'uses' => 'FooBarController@Foobar',
    'middleware' => ['auth.timeout:web.admin'] // Add the guard name as a parameter for the auth.timeout middleware.
]);

This package only works with guards that uses session as its driver

AuthTimeoutEvent

The AuthTimeoutMiddleware will dispatch an AuthTimeoutEvent every time a user has timed out. You can assign a listener for this event in your EventServiceProvider.

protected $listen = [
    \JulioMotol\AuthTimeout\Events\AuthTimeoutEvent::class => [
        // Your Listeners...
    ],
];

AuthTimeoutEvent has two properties that you can access in your EventListener.

class FooEventListener
{
    public function handle(AuthTimeoutEvent $event)
    {
        $event->user;   // The user that timed out.
        $event->guard;  // The authentication guard.
    }
}

Redirection

For a simple and straight forward redirection, you can publish the config file and change the redirect option to where you want to redirect the user when they timed out.

Alternatively, you can extend the AuthTimeoutMiddleware then override the redirectTo() method to provide much flexibility.

<?php

namespace App\Http\Middleware;

use JulioMotol\AuthTimeout\Middleware\AuthTimeoutMiddleware as BaseMiddleware;

class AuthTimeoutMiddleware extends BaseMiddleware
{
    /**
     * Get the path the user should be redirected to when they timed out.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  mixed    $guard
     *
     * @return string|null
     */
    protected function redirectTo($request, $guard = null)
    {
        switch($guard){
            case 'web.admin':
                return route('auth.admin.login');
            default:
                return route('auth.login');
        }
    }
}

Don't forget to use your extended AuthTimeoutMiddleware in the Kernel.php.

Contributing

Contributions are welcome and will be fully credited. We accept contributions via Pull Requests on Github.

Please read and understand the contribution guide before creating an issue or pull request.

Pull Requests

Before submitting a pull request:

  • Make sure to write tests!
  • Document any change in behaviour. Make sure the README.md and any other relevant documentation are kept up-to-date.
  • One pull request per feature. If you want to do more than one thing, send multiple pull requests.

License

This project and the Laravel framework are open-sourced software licensed under the MIT license.