I'm using custom authentication. Added user status(enable/disable) check in retrieveByCredentials function of my custom provider. Now how can I differentiate the error, whether its coming because user enter wrong credentials or because user is disabled?
So far I looked at following function sendFailedLoginResponse, but there is no way to differentiate.
Any suggestions how can I achieve this?
I've approached this in the following way:
/* LoginController.php */ /** * Override default login username to be used by the controller. * * @return string */ public function username() { return 'username'; } /** * Override default validation of the user login request. * * @param \Illuminate\Http\Request $request * * @return void */ protected function validateLogin(Request $request) { $this->validate($request, [ $this->username() => [ 'required', 'min:4', 'max:30', 'regex:/^[\S]*$/', Rule::exists('users')->where(function ($query) { $query->where('active', 1); }) ], 'password' => 'required|min:6|max:100' ]); } Substituting out whatever the name and expected value of your field is for "active" will enable you to validate depending on whether or not users are active/enabled. You mentioned you've already done this but in this case the validation error will also be the validation message for the "exists" rule. In my application I don't actually need to care why a user failed login but checking the validation message may, I suppose, be enough in your case?
user details of my application is not stored in my database. The users are stored in another user system (internal one, shared among all the other applications). All the user related actions are done through API. Therefore I cannot use exists rule.validateLogin function.