Admin Auth

This package handles authentication into Admin UI interface. It provides these features:

  • User authentication
  • Reset password
  • Account activation

Provided functionality is ready to use - package exposes a set of routes, it has controllers and views (based on brackets/admin-ui admin template).

Basic usage

Let's point our browser to /admin/login.

Admin login form

Tadaaa :) You should be able to see login form.

Let's create some user, so you can sign into the admin interface. We're gonna use php artisan tinker:

>>> factory(Brackets\AdminAuth\Models\User::class)->create(['email' => '', 'password' => bcrypt('password123')]);

Now you can authenticate.

Admin homepage

You should be able to see an empty Admin UI interface (with no content to manage).

{info} If you are getting If you are getting UnauthorizedException, see instructions in Authorization section.


Authentication part of this package is based on standard Authentication provided by Laravel, with some adjustments and more configurable options.

During the authentication process, depends on the configuration, more checks are made than just checking email and password:

  • activated - if activation is enabled, then we additionally check for activated == true on user, see more in Activation
  • forbidden - if forbidden functionality is enabled, then we check for forbidden == false (user's authentication can be forbidden)

Password reset

Password reset is also based on Laravel standard password reset classes.

We have introduced redirect configuration.

We have added a strong password constrain (consisting from at least 7 chars at least one digit etc.).


This package provides complete functionality around user activation. Main purpose of activation is to confirm user's e-mail address is really an address user has access to. This feature can be disabled with config admin-auth.activation_enabled. If this feature is turned on, user can not log in, unless his account is activated. After user is created, activation email with custom link is sent to the user. After visiting this link, user will be activated.

User Model

For activation to work properly with default Laravel User model, the User model has to implement Brackets\AdminAuth\Activation\Contracts\CanActivate interface. This can be done with Brackets\AdminAuth\Activation\Traits\CanActivate trait.

Also users table need to have activated column. The provided migration will do the trick.

Self-activation form

If you will enable admin-auth.self_activation_form_enabled, user can visit form where he can request to resend the activation e-mail.

Admin middleware

Our package also comes with Brackets\AdminAuth\Http\Middleware\CanAdmin middleware, which checks if the Auth user has the ability called admin.

Package also provides route middleware called admin with two middleware Brackets\AdminAuth\Http\Middleware\CanAdmin and Brackets\AdminAuth\Http\Middleware\ApplyUserLocale. The second one will set locale based on Admin User preferences.

You can protect your routes using the middleware you just set up:

Route::group(['middleware' => ['admin']], function () {

If the user does not have the ability, response is 403 Unauthenticated. You can use this middleware, if it suites your need.