 |
VOOZH | about |
|
VOOZH | about |
This document details the customer authentication system in the GP247/Shop module, covering login, registration, password recovery, and password reset functionality. The authentication system provides a secure way for customers to access their accounts and interact with the shop. For information about customer account management after authentication, see Customer Account Management.
The GP247/Shop customer authentication system leverages Laravel's authentication infrastructure through the ShopCustomer model, which extends Illuminate\Foundation\Auth\User as Authenticatable. The system provides custom frontend UI templates and functionality specific to e-commerce operations. The authentication system supports:
LoginSocial pluginHasApiTokens trait)The ShopCustomer model src/Models/ShopCustomer.php12-17 uses the following traits:
Notifiable - for sending notificationsHasApiTokens - for Sanctum API authenticationModelTrait, UuidTrait, SocialAccountTrait - for GP247 core functionalitySources: src/Models/ShopCustomer.php1-195
Login Flow with Route and Guard Details
The login form src/Views/front/auth/login.blade.php10 submits to route customer.postLogin. The authentication uses Laravel's standard Auth::attempt() method with the customer guard.
Sources: src/Views/front/auth/login.blade.php1-59
Registration Flow with Model Methods
The registration process uses ShopCustomer::createCustomer() src/Models/ShopCustomer.php121-142 which:
gp247_clean()gp247_customer_address_mapping()$user->addresses()->save()gp247_custom_field_update()gp247_event_customer_created()Sources: src/Views/front/auth/register.blade.php1-260 src/Models/ShopCustomer.php121-142
Sources: src/Views/front/auth/forgot.blade.php1-40 src/Views/front/auth/reset.blade.php1-73
The ShopCustomer model serves as the foundation for customer authentication.
ShopCustomer Class Structure
| Method | Purpose | Implementation |
|---|---|---|
sendPasswordResetNotification($token) | Sends password reset email | Calls gp247_customer_sendmail_reset_notification($token, $email) src/Models/ShopCustomer.php55-59 |
isVerified() | Checks if email is verified | Returns !is_null($this->email_verified_at) src/Models/ShopCustomer.php169-172 |
hasVerifiedEmail() | Checks if verification is needed | Returns !$this->isVerified() && gp247_config('customer_verify') src/Models/ShopCustomer.php179-182 |
sendEmailVerify() | Sends verification email | Calls gp247_customer_sendmail_verify($email, $id) src/Models/ShopCustomer.php188-194 |
createCustomer(array) | Creates new customer with address | Static method handling registration src/Models/ShopCustomer.php121-142 |
updateInfo($data, $id) | Updates customer information | Static method with custom field support src/Models/ShopCustomer.php101-115 |
The model uses UuidTrait to automatically generate customer IDs with prefix "CUS" during creation src/Models/ShopCustomer.php88-92:
Sources: src/Models/ShopCustomer.php1-195
The login form src/Views/front/auth/login.blade.php10-59 submits to route customer.postLogin. The form structure:
Login Form Components
The social login integration src/Views/front/auth/login.blade.php45-51 conditionally includes the LoginSocial plugin render view if the plugin is active.
Sources: src/Views/front/auth/login.blade.php1-59
The registration form is highly configurable, with many optional fields that can be enabled or disabled through configuration settings:
The registration process is handled by the customer.postRegister route, which validates the submitted data and creates a new customer account.
Sources: src/Views/front/auth/register.blade.php10-254
The password recovery process involves two steps:
The forgot password form submits to the customer.password_email route, which sends a password reset link to the provided email address.
The password reset form submits to the customer.password_request route, which updates the customer's password in the database.
Sources: src/Views/front/auth/forgot.blade.php16-34 src/Views/front/auth/reset.blade.php20-66
The authentication system uses gp247_config() and gp247_config_admin() functions to control field visibility and behavior. These configurations are stored in the admin_config table and queried dynamically.
| Configuration Key | Access Function | Purpose | Used In |
|---|---|---|---|
customer_verify | gp247_config('customer_verify') | Enable email verification requirement | Middleware, registration flow |
customer_lastname | gp247_config_admin('customer_lastname') | Split name into first/last name fields | Registration, profile forms |
customer_name_kana | gp247_config_admin('customer_name_kana') | Enable Japanese kana name fields | Registration, profile forms |
customer_phone | gp247_config_admin('customer_phone') | Enable phone number field | Registration, profile forms |
customer_postcode | gp247_config_admin('customer_postcode') | Enable postal code field | Registration, profile forms |
customer_address2 | gp247_config_admin('customer_address2') | Enable address line 2 | Registration, profile forms |
customer_address3 | gp247_config_admin('customer_address3') | Enable address line 3 | Registration, profile forms |
customer_company | gp247_config_admin('customer_company') | Enable company field | Registration form |
customer_country | gp247_config_admin('customer_country') | Enable country selection | Registration, profile forms |
customer_sex | gp247_config_admin('customer_sex') | Enable gender field | Registration, profile forms |
customer_birthday | gp247_config_admin('customer_birthday') | Enable birthday field | Registration, profile forms |
customer_group | gp247_config_admin('customer_group') | Enable customer group assignment | Registration, profile forms |
The registration and admin forms use Blade conditionals to show/hide fields based on configuration:
This pattern is used throughout src/Views/front/auth/register.blade.php and src/Views/admin/screen/customer_edit.blade.php24-332
Registration validation rules are constructed dynamically based on enabled configuration options. The controller checks which fields are required before applying validation rules.
Sources: src/Views/front/auth/register.blade.php14-218 src/Views/admin/screen/customer_edit.blade.php24-332 src/Middleware/EmailIsVerifiedMiddleware.php19
The email verification system enforces verification for customer accounts when enabled via configuration.
The EmailIsVerifiedMiddleware src/Middleware/EmailIsVerifiedMiddleware.php1-39 controls access to customer routes based on email verification status.
Email Verification Middleware Flow
The middleware is registered in routes that require authentication. When verification is enabled via gp247_config('customer_verify') src/Middleware/EmailIsVerifiedMiddleware.php19 it:
customer()->user()->hasVerifiedEmail() src/Middleware/EmailIsVerifiedMiddleware.php26customer.verify route| Method | Purpose | Implementation |
|---|---|---|
isVerified() | Checks email_verified_at column | !is_null($this->email_verified_at) |
hasVerifiedEmail() | Checks if verification needed | !$this->isVerified() && gp247_config('customer_verify') |
sendEmailVerify() | Sends verification email | gp247_customer_sendmail_verify($this->email, $this->id) |
The verification email is sent automatically after registration when gp247_config('customer_verify') is enabled.
Sources: src/Middleware/EmailIsVerifiedMiddleware.php1-39 src/Models/ShopCustomer.php169-194
The social authentication system integrates with the optional LoginSocial plugin to provide OAuth-based login.
Social Login Check and Render
The login view src/Views/front/auth/login.blade.php45-51 conditionally includes social login buttons:
The ShopCustomer model uses SocialAccountTrait src/Models/ShopCustomer.php16 which provides a relationship to social account records. This enables tracking which OAuth provider was used for customer creation.
The admin dashboard component src/Views/admin/component/new_customer.blade.php24-26 displays the provider information when available:
And shows provider data src/Views/admin/component/new_customer.blade.php35-37:
Sources: src/Views/front/auth/login.blade.php45-51 src/Models/ShopCustomer.php16 src/Views/admin/component/new_customer.blade.php24-37
The ShopCustomer model includes Laravel Sanctum support for API authentication via the HasApiTokens trait src/Models/ShopCustomer.php17
API Authentication Components
This enables token-based authentication for customer API endpoints (documented in section 8). Customers can generate API tokens for accessing order history, profile information, and other customer-specific resources without session-based authentication.
Sources: src/Models/ShopCustomer.php10-17
All authentication forms include error handling to display validation errors to the user. This is implemented using Laravel's validation system, with errors displayed below the relevant form fields.
Example error handling pattern:
This pattern is consistent across all authentication forms, providing clear feedback to users when validation fails.
Sources: src/Views/front/auth/login.blade.php16-30 src/Views/front/auth/register.blade.php20-246 src/Views/front/auth/reset.blade.php31-58
All authentication views extend the master layout template defined by $GP247TemplatePath.'.layout', ensuring consistent styling and user experience across the shop application. The authentication pages are rendered within a section named block_main, which is defined in the master layout.
Sources: src/Views/front/auth/login.blade.php1-3 src/Views/front/auth/register.blade.php1-3 src/Views/front/auth/forgot.blade.php7-9 src/Views/front/auth/reset.blade.php9-11
The registration and password recovery forms support CAPTCHA integration for enhanced security. The CAPTCHA is included via the $viewCaptcha variable, which is passed to the view by the controller.
Sources: src/Views/front/auth/register.blade.php248 src/Views/front/auth/forgot.blade.php30
The registration form supports custom fields through the inclusion of a partial view:
This allows for extending the registration form with additional fields without modifying the core registration template.
Sources: src/Views/front/auth/register.blade.php220-225
The GP247/Shop customer authentication system provides a comprehensive solution for e-commerce applications, with support for standard authentication flows, social login, and extensive customization options. The system is designed to integrate seamlessly with the Laravel framework while providing shop-specific functionality.
Refresh this wiki