Laravel Stronghold is an extended version of Laravel Fortify that adds profile management, social authentication, and enhanced security features to your Laravel application. It provides a robust authentication foundation with OAuth support, new location confirmation, and user profile management out of the box.
You can install the package via composer:
composer require miguilim/laravel-strongholdNote
If you have Laravel Fortify installed in your composer.json, please remove it as this package extends Fortify's functionality.
After installation, run the install command:
php artisan stronghold:installThis will publish the configuration file, migrations, and action stubs.
Run the migrations:
php artisan migrateFirst, add the OAuth provider configurations to your config/services.php file:
'github' => [
'client_id' => env('GITHUB_CLIENT_ID'),
'client_secret' => env('GITHUB_CLIENT_SECRET'),
'redirect' => '/oauth/github/callback',
],
'google' => [
'client_id' => env('GOOGLE_CLIENT_ID'),
'client_secret' => env('GOOGLE_CLIENT_SECRET'),
'redirect' => '/oauth/google/callback',
],
// Add other providers as needed...Then add the corresponding environment variables to your .env file:
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# Add other providers as needed...This package adds an option to the user to upload a profile photo. You need to change the Fortify UpdateUserProfileInformation to support that:
Validator::make($input, [
'name' => ['required', 'string', 'max:255'],
'email' => [
'required',
'string',
'email',
'max:255',
Rule::unique('users')->ignore($user->id),
],
'photo' => ['nullable', 'file', 'mimes:jpg,jpeg,png,gif', 'max:2048'],
])->validateWithBag('updateProfileInformation');
if (isset($input['photo'])) {
$user->updateProfilePhoto($input['photo']);
}
if ($input['email'] !== $user->email &&
$user instanceof MustVerifyEmail) {
$this->updateVerifiedUser($user, $input);
} else {
$user->forceFill([
'name' => $input['name'],
'email' => $input['email'],
])->save();
}Configure which features to enable in config/stronghold.php:
'features' => [
'confirm-new-location',
'sign-in-notification',
'socialite',
],Important
The confirm-new-location feature is not applied when:
- The user has two-factor authentication (2FA) enabled
- The user is logging in via OAuth providers
Users can authenticate using OAuth providers:
/oauth/{provider} # Redirect to OAuth provider
/oauth/{provider}/callback # Handle OAuth callback
Add the provided traits to your User model to enable additional functionality:
use Miguilim\LaravelStronghold\Traits\HasConnectedAccounts;
use Miguilim\LaravelStronghold\Traits\HasProfilePhoto;
class User extends Authenticatable
{
use HasConnectedAccounts;
use HasProfilePhoto;
// Your existing model code...
}Register custom views in your FortifyServiceProvider:
use Miguilim\LaravelStronghold\Stronghold;
Stronghold::confirmLocationView(function () {
return view('auth.confirm-location');
});
Stronghold::profileView(function (array $data) {
return view('profile.show', $data);
});Note
It is preferable that if you are using the two factor feature, you set the confirmPassword option to false.
Define custom logic for detecting new locations:
use Miguilim\LaravelStronghold\Stronghold;
Stronghold::detectNewLocationUsing(function ($request, $user) {
return true; // true if it is a new location (default is always true)
});Laravel Stronghold is open-sourced software licensed under the MIT license.