Masonite comes with some authentication out of the box but leaves it up to the developer to implement. Everything is already configured for you by default. The default authentication model is the
app/User model but you can change this in the
config/auth.py configuration file.
There is only a single
config/auth.py configuration file which you can use to set the authentication behavior of your Masonite project. If you wish to change the authentication model, to a
Company model for example, feel free to do in this configuration file.
Again the default authentication model is the
app/User model which out of the box comes with a
__auth__ class attribute. This attribute should be set to the column that you want to authenticate with. By default your
app/User model will default to the
name, you can do so here. This will lead your model to look like:
class User(Model):__fillable__ = ['name', 'email', 'password']__auth__ = 'name'
If you want to authenticate a model, you can use the
Auth class that ships with Masonite. This is simply a class that is used to authenticate models with a
In order to authenticate a model this will look like:
from masonite.auth import Authdef show(self, request: Request):Auth(request).login('[email protected]', 'password')
This will find a model with the supplied username, check if the password matches using
bcrypt and return the model. If it is not found or the password does not match, it will return
You may change the column to be authenticated by simply changing the column value of the
__auth__ class attribute. This will look something like:
class User(Model):__fillable__ = ['name', 'email', 'password']__auth__ = 'email'
This will look inside the
Sometimes you will want to authenticate using either the username or the email. You can set the columns to authenticate against as a list:
class User(Model):__fillable__ = ['name', 'email', 'password']__auth__ = ['email', 'name']
This will now authenticate using the password supplied and EITHER the
username OR the
You may of course feel free to roll your own authentication system if you so choose but Masonite comes with one out of the box but left out by default. In order to scaffold this authentication system you can of course use a
$ craft auth
This will create some controllers, views and routes for you. This command should be used primarily on fresh installs of Masonite but as long as the controllers do not have the same names as the controllers being scaffolded, you will not have any issues.
The views scaffolded will be located under
After you have ran the
craft auth command, just run the server and navigate to
http://localhost:8000/login and you will now have a login, registration and dashboard. Pretty cool, huh?
Masonite ships with a
LoadUser middleware that will load the user into the request if they are authenticated. Masonite uses the
token cookie in order to retrieve the user using the
remember_tokencolumn in the table.
LoadUser middleware you can retrieve the current user using:
def show(self, request: Request):request.user()
If you wish not to use middleware to load the user into the request you can get the request by again using the
from masonite.auth import Authdef show(self, request: Request):Auth(request).user()
If you would like to simply check if the user is authenticated,
Auth(request).user() will return
False if the user is not authenticated. This will look like:
def show(self, request: Request):if request.user():user_email = request.user().email
You can easily log users into your application using the Auth class which takes the request object as a dependency:
from masonite.auth import Authdef show(self, request: Request):Auth(request).login(request.input('username'),request.input('password'))
If you need more direct control internally, you can login by the models ID:
from masonite.auth import Authdef show(self):Auth(request).login_by_id(1)
You are now logged in as the user with the ID of 1.
If you only want to login "once", maybe for just authenticating an action or verifying the user can supply the correct credentials, you can login without saving any cookies to the browser:
from masonite.auth import Authdef show(self):Auth(request).once().login_by_id(1)
You can do the same for the normal login method as well:
from masonite.auth import Authdef show(self, request: Request):Auth(request).once().login(request.input('username'),request.input('password'))
Masonite ships with an authentication middleware. You can use this middleware as a route middleware to protect certain routes from non authenticated users. This is great for redirecting users to a login page if they attempt to go to their dashboard.
You can use this middleware in your routes file like so:
Get().route('/dashboard', '[email protected]').middleware('auth')
By default this will redirect to the route named
login. If you wish to redirect the user to another route or to a different URI, you can edit the middleware in
If you wish to end the session for the user and log them out, you can do so by using the
Auth class. This looks like:
This will delete the cookie that was set when logging in. This will not redirect the user to where they need to go. A complete logout view might look like:
def logout(self, request: Request):Auth(request).logout()return request.redirect('/login')
If you wish to require a user to verify their email address and automatically send them an email, you can extend the
from masonite.auth import MustVerifyEmailclass User(Model, MustVerifyEmail):__fillable__ = ['name', 'email', 'password']__auth__ = 'name'
When a user registers this will automatically send them an email asking them to confirm their email address.
You can use the
VerifyEmailMiddleware class to redirect an unverified user.
You can use this middleware in your routes file like so:
Get().route('/dashboard', '[email protected]').middleware('verified')
Great! You’ve mastered how Masonite uses authentication. Remember that this is just out of the box functionality and you can create a completely different authentication system but this will suffice for most applications.