Disable user registration in your Laravel application

Nov 15, 2019 by Thibault Debatty - 89 views

Laravel

https://cylab.be/blog/45/disable-user-registration-in-your-laravel-application

Laravel is a powerful framework that comes with a lot of boilerplate code to handle most common cases. One of these is users management (register, login, reset password etc.)

Routes and views

For Laravel 5, you can create routes and views with a single command:

php artisan make:auth

For Laravel 6, you need to install laravel/ui first:

composer require laravel/ui --dev
php artisan ui vue --auth

This will, amongst others, add a line to routes/web.php:

Auth::routes();

The actual code of this method is located in Illuminate/Routing/Router.php, which you can find on GitHub for example.

Until version 5.6, the code for this method was:

public function auth()
{
    // Authentication Routes...
    $this->get('login', 'Auth\LoginController@showLoginForm')
    ->name('login');
    $this->post('login', 'Auth\LoginController@login');
    $this->post('logout', 'Auth\LoginController@logout')->name('logout');

    // Registration Routes...
    $this->get('register', 'Auth\RegisterController@showRegistrationForm')
    ->name('register');
    $this->post('register', 'Auth\RegisterController@register');

    // Password Reset Routes...
    $this->get('password/reset', 
        'Auth\ForgotPasswordController@showLinkRequestForm')
        ->name('password.request');
    $this->post('password/email', 
        'Auth\ForgotPasswordController@sendResetLinkEmail')
        ->name('password.email');
    $this->get('password/reset/{token}',
        'Auth\ResetPasswordController@showResetForm')
        ->name('password.reset');
    $this->post('password/reset', 'Auth\ResetPasswordController@reset');
}

From version 5.7, this code was modified to:

public function auth(array $options = [])
{
    // Authentication Routes...
    $this->get('login', 'Auth\LoginController@showLoginForm')
        ->name('login');
    $this->post('login', 'Auth\LoginController@login');
    $this->post('logout', 'Auth\LoginController@logout')->name('logout');

    // Registration Routes...
    if ($options['register'] ?? true) {
        $this->get('register', 
            'Auth\RegisterController@showRegistrationForm')
            ->name('register');
        $this->post('register', 'Auth\RegisterController@register');
    }

    // Password Reset Routes...
    if ($options['reset'] ?? true) {
        $this->resetPassword();
    }

    // Password Confirmation Routes...
    if ($options['confirm'] ??
        class_exists(
            $this->prependGroupNamespace(
            'Auth\ConfirmPasswordController'))) {
        $this->confirmPassword();
    }

    // Email Verification Routes...
    if ($options['verify'] ?? false) {
        $this->emailVerification();
    }
}

Disable registration

So you have 2 methods to disable registration:

  1. for Laravel 5.7 and more recent, you can use the options argument:
Auth::routes(['register' => false]);
  1. for all versions of Laravel, you can replace Auth::routes() by the actual list of routes that you want to keep:
// Authentication Routes...
Route::get('login', 'Auth\LoginController@showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController@login');
Route::post('logout', 'Auth\LoginController@logout')->name('logout');

// Password Reset Routes...
Route::get('password/reset',
'Auth\ForgotPasswordController@showLinkRequestForm')
->name('password.request');
Route::post('password/email', 
'Auth\ForgotPasswordController@sendResetLinkEmail')
->name('password.email');
Route::get('password/reset/{token}', 
'Auth\ResetPasswordController@showResetForm')
->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController@reset');