How to override login redirects in Jetstream or Fortify

Published on

Recently, I was working on a project using Laravel Jetstream and ran into a scenario where I needed to redirect users to different routes depending on the type of user they were upon login. Imagine you have regular users and admins, and admins have a special dashboard that only they can see. I usually prefer to redirect admins to their special dashboard when they login.

Using Laravel Jetstream or Fortify, it's not immediately apparent how to do this, especially when using two factor authentication.

How authentication works in Jetstream and Fortify

Jetstream uses Laravel Fortify under the hood, so the process is exactly the same for applications running Fortify by itself and projects running Jetstream.

Fortify uses action pipelines to route each request through a series of classes that take care of a single task such as attempting to authenticate the user or redirecting them if they have two factor authentication set up.

How to override the redirection step

Fortify allows you to completely customize these pipelines if you need to, but there's an easier way to override the redirection step.

The last step in the authentication pipeline grabs the Laravel\Fortify\Contracts\LoginResponse class out of the service container and returns it. That means we can override the LoginResponse class with a custom LoginResponse class of our own, and perform the custom redirects there.

The default LoginResponse class looks like this:

 1<?php
 2 
 3namespace Laravel\Fortify\Http\Responses;
 4 
 5use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
 6 
 7class LoginResponse implements LoginResponseContract
 8{
 9    /**
10     * Create an HTTP response that represents the object.
11     *
12     * @param  \Illuminate\Http\Request  $request
13     * @return \Symfony\Component\HttpFoundation\Response
14     */
15    public function toResponse($request)
16    {
17        return $request->wantsJson()
18                    ? response()->json(['two_factor' => false])
19                    : redirect()->intended(config('fortify.home'));
20    }
21}

Since Fortify uses actions that perform a single task, the LoginResponse step is really clean and simple.

To customize the redirects, first let's add our custom LoginResponse class in the app/Http/Responses directory. Then, we can customize the toResponse method to redirect the user to different routes depending on the type of user they are.

 1<?php
 2 
 3namespace App\Http\Responses;
 4 
 5use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
 6 
 7class LoginResponse implements LoginResponseContract
 8{
 9    /**
10     * @param  $request
11     * @return mixed
12     */
13    public function toResponse($request)
14    {
15        $home = auth()->user()->is_admin ? '/admin' : '/dashboard';
16 
17        return redirect()->intended($home);
18    }
19}

Then, in the FortifyServiceProvider, we need to bind our custom LoginResponse class in order to override the default that's provided with Fortify.

 1<?php
 2
 3namespace App\Providers;
 4
 5// ...
 6use App\Http\Responses\LoginResponse;
 7use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
 8
 9class FortifyServiceProvider extends ServiceProvider
10{
11    /**
12     * Bootstrap any application services.
13     *
14     * @return void
15     */
16    public function boot()
17    {
18        // ...
19
20        $this->app->singleton(LoginResponseContract::class, LoginResponse::class);
21    }
22}

Two Factor Authentication

This worked almost perfectly for my needs. There is one missing piece though - two factor authentication. If a user has two factor authentication enabled and logs in, Fortify returns a different response class. Thankfully, the two factor authentication class is also bound to the service container. This time, we'll need to override the Laravel\Fortify\Http\Responses\TwoFactorLoginResponse class in the container. Adding a couple more lines to the FortifyServiceProvider should do the trick.

 1<?php
 2
 3namespace App\Providers;
 4
 5// ...
 6use App\Http\Responses\LoginResponse;
 7use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
 8use Laravel\Fortify\Contracts\TwoFactorLoginResponse as TwoFactorLoginResponseContract;
 9
10class FortifyServiceProvider extends ServiceProvider
11{
12    /**
13     * Bootstrap any application services.
14     *
15     * @return void
16     */
17    public function boot()
18    {
19        // ...
20
21        $this->app->singleton(LoginResponseContract::class, LoginResponse::class);
22        $this->app->singleton(TwoFactorLoginResponseContract::class, LoginResponse::class);
23    }
24}

Note: I'm overriding the TwoFactorLoginResponse class with the same custom LoginResponse class since the functionality should be exactly the same.

Overriding other Jetstream and Fortify functionality

Other features in Jetstream and Fortify can be customized in a very similar way. If you source dive into the FortifyServiceProvider included in the package (not the one specific to your project) and scroll down to the registerResponseBindings method, you should see something similar to this:

 1<?php
 2 
 3namespace Laravel\Fortify;
 4 
 5// ...
 6 
 7class FortifyServiceProvider extends ServiceProvider
 8{
 9    // ...
10 
11    /**
12     * Register the response bindings.
13     *
14     * @return void
15     */
16    protected function registerResponseBindings()
17    {
18        $this->app->singleton(FailedPasswordConfirmationResponseContract::class, FailedPasswordConfirmationResponse::class);
19        $this->app->singleton(FailedPasswordResetLinkRequestResponseContract::class, FailedPasswordResetLinkRequestResponse::class);
20        $this->app->singleton(FailedPasswordResetResponseContract::class, FailedPasswordResetResponse::class);
21        $this->app->singleton(FailedTwoFactorLoginResponseContract::class, FailedTwoFactorLoginResponse::class);
22        $this->app->singleton(LockoutResponseContract::class, LockoutResponse::class);
23        $this->app->singleton(LoginResponseContract::class, LoginResponse::class);
24        $this->app->singleton(TwoFactorLoginResponseContract::class, TwoFactorLoginResponse::class);
25        $this->app->singleton(LogoutResponseContract::class, LogoutResponse::class);
26        $this->app->singleton(PasswordConfirmedResponseContract::class, PasswordConfirmedResponse::class);
27        $this->app->singleton(PasswordResetResponseContract::class, PasswordResetResponse::class);
28        $this->app->singleton(RegisterResponseContract::class, RegisterResponse::class);
29        $this->app->singleton(SuccessfulPasswordResetLinkRequestResponseContract::class, SuccessfulPasswordResetLinkRequestResponse::class);
30    }
31 
32    // ...
33}

That means every one of these response classes can be overridden in your project if needed!