Laravel: Testing Database Driven applications with PHPUnit Part 4

Welcome back! In part 2 and part 3 of this tutorial series we have been learning how to write tests to verify our application logic. In this final tutorial we won’t be writing tests as such, but we’ll learn how to add custom authentication to our fictional banking application. If you look keenly on our tests they are being execute by an authenticated user. We’re using the user factory to create a dummy user. On the contrary when we run the application on the browser we do so without being authenticated which is not good for a mission critical or a backend application. So let’s proceed with securing our application.

Protecting Routes

To protect routes from unauthorized access we wrap them with auth middleware. See code snippet below:

Run the test suite. All the tests will pass since they are executing with an authenticated user. Now try to access the app on the browser. You’ll see an error as show in the figure below:

Authentication Exception

This is because the app detects that you’re not authenticated and tries to redirect to the login page via login route. Since there’s no login route the exception occurs as shown above.

Creating Custom Authentication

Laravel provides numerous ways to scaffold authentication. But for the sake of simplicity we are going to build our own. Run the following command to create a login controller inside Auth folder.

php artisan make:controller Auth/LoginController

Open the LoginController.php class and update the code like below:

Remember to import the Auth facade.

use Illuminate\Support\Facades\Auth;

Add the routes

Route::get('/login',[LoginController::class, 'login']);
Route::post('/login',[LoginController::class, 'authenticate'])->name('login');

Login routes are publicly accessible thus DO NOT wrap them under the auth middleware. Otherwise the login page will be inaccessible.

Under the views folder create another folder named auth. Under views/auth folder path create a blade file named login.blade.php. Update the code as below:

Since our application is a backend one, we aren’t going to create a registration form. We expect users to be created by the system administrator. Thus we’ll create the default admin user using a database seeder class. Execute the following command to create the seeder.

php artisan make:seeder AdminUserSeeder

AdminUserSeeder.php class will be created under databases/seeders folder path. Open the file and update the code as shown below:

Also update the DatabaseSeeder class as follows:

Run the following command to seed the default user:

php artisan db:seed

Visit http://localhost:8000/login on your browser. You should see a login page. Enter the default user credentials and click login. The credentials as created by the seeder are as below:

Email:johndoe@example.com

Password: password

If you’ve successfully logged in you should be redirected to the customers list.

TODO: You can go an extra and implement the log out. See the Laravel docs on manually authenticating users.

Thank you for making it this far and I hope the tutorials have been of help. Don’t forget to clap and follow me. Also incase some concepts are not clear do not hesitate to ask on the comment section or directly contact me on twitter @kenprogrammer.