Skip to content

Commit d9a511a

Browse files
committed
first commit
0 parents  commit d9a511a

504 files changed

Lines changed: 65780 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 131 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,131 @@
1+
---
2+
name: fortify-development
3+
description: 'ACTIVATE when the user works on authentication in Laravel. This includes login, registration, password reset, email verification, two-factor authentication (2FA/TOTP/QR codes/recovery codes), profile updates, password confirmation, or any auth-related routes and controllers. Activate when the user mentions Fortify, auth, authentication, login, register, signup, forgot password, verify email, 2FA, or references app/Actions/Fortify/, CreateNewUser, UpdateUserProfileInformation, FortifyServiceProvider, config/fortify.php, or auth guards. Fortify is the frontend-agnostic authentication backend for Laravel that registers all auth routes and controllers. Also activate when building SPA or headless authentication, customizing login redirects, overriding response contracts like LoginResponse, or configuring login throttling. Do NOT activate for Laravel Passport (OAuth2 API tokens), Socialite (OAuth social login), or non-auth Laravel features.'
4+
license: MIT
5+
metadata:
6+
author: laravel
7+
---
8+
9+
# Laravel Fortify Development
10+
11+
Fortify is a headless authentication backend that provides authentication routes and controllers for Laravel applications.
12+
13+
## Documentation
14+
15+
Use `search-docs` for detailed Laravel Fortify patterns and documentation.
16+
17+
## Usage
18+
19+
- **Routes**: Use `list-routes` with `only_vendor: true` and `action: "Fortify"` to see all registered endpoints
20+
- **Actions**: Check `app/Actions/Fortify/` for customizable business logic (user creation, password validation, etc.)
21+
- **Config**: See `config/fortify.php` for all options including features, guards, rate limiters, and username field
22+
- **Contracts**: Look in `Laravel\Fortify\Contracts\` for overridable response classes (`LoginResponse`, `LogoutResponse`, etc.)
23+
- **Views**: All view callbacks are set in `FortifyServiceProvider::boot()` using `Fortify::loginView()`, `Fortify::registerView()`, etc.
24+
25+
## Available Features
26+
27+
Enable in `config/fortify.php` features array:
28+
29+
- `Features::registration()` - User registration
30+
- `Features::resetPasswords()` - Password reset via email
31+
- `Features::emailVerification()` - Requires User to implement `MustVerifyEmail`
32+
- `Features::updateProfileInformation()` - Profile updates
33+
- `Features::updatePasswords()` - Password changes
34+
- `Features::twoFactorAuthentication()` - 2FA with QR codes and recovery codes
35+
36+
> Use `search-docs` for feature configuration options and customization patterns.
37+
38+
## Setup Workflows
39+
40+
### Two-Factor Authentication Setup
41+
42+
```
43+
- [ ] Add TwoFactorAuthenticatable trait to User model
44+
- [ ] Enable feature in config/fortify.php
45+
- [ ] If the `*_add_two_factor_columns_to_users_table.php` migration is missing, publish via `php artisan vendor:publish --tag=fortify-migrations` and migrate
46+
- [ ] Set up view callbacks in FortifyServiceProvider
47+
- [ ] Create 2FA management UI
48+
- [ ] Test QR code and recovery codes
49+
```
50+
51+
> Use `search-docs` for TOTP implementation and recovery code handling patterns.
52+
53+
### Email Verification Setup
54+
55+
```
56+
- [ ] Enable emailVerification feature in config
57+
- [ ] Implement MustVerifyEmail interface on User model
58+
- [ ] Set up verifyEmailView callback
59+
- [ ] Add verified middleware to protected routes
60+
- [ ] Test verification email flow
61+
```
62+
63+
> Use `search-docs` for MustVerifyEmail implementation patterns.
64+
65+
### Password Reset Setup
66+
67+
```
68+
- [ ] Enable resetPasswords feature in config
69+
- [ ] Set up requestPasswordResetLinkView callback
70+
- [ ] Set up resetPasswordView callback
71+
- [ ] Define password.reset named route (if views disabled)
72+
- [ ] Test reset email and link flow
73+
```
74+
75+
> Use `search-docs` for custom password reset flow patterns.
76+
77+
### SPA Authentication Setup
78+
79+
```
80+
- [ ] Set 'views' => false in config/fortify.php
81+
- [ ] Install and configure Laravel Sanctum for session-based SPA authentication
82+
- [ ] Use the 'web' guard in config/fortify.php (required for session-based authentication)
83+
- [ ] Set up CSRF token handling
84+
- [ ] Test XHR authentication flows
85+
```
86+
87+
> Use `search-docs` for integration and SPA authentication patterns.
88+
89+
#### Two-Factor Authentication in SPA Mode
90+
91+
When `views` is set to `false`, Fortify returns JSON responses instead of redirects.
92+
93+
If a user attempts to log in and two-factor authentication is enabled, the login request will return a JSON response indicating that a two-factor challenge is required:
94+
95+
```json
96+
{
97+
"two_factor": true
98+
}
99+
```
100+
101+
## Best Practices
102+
103+
### Custom Authentication Logic
104+
105+
Override authentication behavior using `Fortify::authenticateUsing()` for custom user retrieval or `Fortify::authenticateThrough()` to customize the authentication pipeline. Override response contracts in `AppServiceProvider` for custom redirects.
106+
107+
### Registration Customization
108+
109+
Modify `app/Actions/Fortify/CreateNewUser.php` to customize user creation logic, validation rules, and additional fields.
110+
111+
### Rate Limiting
112+
113+
Configure via `fortify.limiters.login` in config. Default configuration throttles by username + IP combination.
114+
115+
## Key Endpoints
116+
117+
| Feature | Method | Endpoint |
118+
|------------------------|----------|---------------------------------------------|
119+
| Login | POST | `/login` |
120+
| Logout | POST | `/logout` |
121+
| Register | POST | `/register` |
122+
| Password Reset Request | POST | `/forgot-password` |
123+
| Password Reset | POST | `/reset-password` |
124+
| Email Verify Notice | GET | `/email/verify` |
125+
| Resend Verification | POST | `/email/verification-notification` |
126+
| Password Confirm | POST | `/user/confirm-password` |
127+
| Enable 2FA | POST | `/user/two-factor-authentication` |
128+
| Confirm 2FA | POST | `/user/confirmed-two-factor-authentication` |
129+
| 2FA Challenge | POST | `/two-factor-challenge` |
130+
| Get QR Code | GET | `/user/two-factor-qr-code` |
131+
| Recovery Codes | GET/POST | `/user/two-factor-recovery-codes` |

0 commit comments

Comments
 (0)