Full Auth Customization with Laravel Jetstream

I currently have to build a new SaaS. Well, not completeley new – there is a 12 year old single page application with a huge database in the back. So I have to adopt this database – especially with the existing „user“ table.

Since I want to use Laravel + Jetstream + Inertia, I have to customize the authentication process, because in the old SaaS it was implemented manually.

Now there are serveral problems to solve, which are not Laravel standard:

  • The users table ist called „user“.
  • There is no email field in the user table
  • A user is identified by a certain number (comparable to a tenant id; the „skz“), a username („sid“) and a password („pass2“).
  • The password is calculated this way: hash(’sha512′, md5($passwd.$static_token.$erfdat).$user_token)
    • where passwd being the user password
    • static_token is a SaaS wide constand string token
    • erf_dat is the users creation date, but
    • there is no upd_erf etc., and
    • user_token is a user specific token.

So then, let’s get started:

  • First I imported the backup of the given database to my local development database
  • Then I installed Laravel and Jetstream with the Inertia-Stack
  • In the .env file I configured the database connection with the credentials of the imported local database
  • In the config/fortify.php file I changed the option „username“ => „email“ to „username“ => „sid“. Otherwise I get an „email field is required“ validation error message at the login page even after customizing the login-logic.
  • After that I told the user model in app/Models/User to look up the right table, renaming the created_at column to the existing „erfdat“ and omitting the updated_at column by setting it to null:
  • Then I changed the Inertia-Login Page from the existing email/password login form to one with „skz“, „sid“ and „password“.
  • Then I changed the rate limiter in the app/Http/Providers/FortifiyServiceProvider.php file from the email being used to a combination of $skz.$id
  • And last and definitely not least I added the Fortify::authenticateUsing callback method to authenticate users the way they have been authenticated in the old SaaS. In case of successfull login return the user (line 57), else return false.
  • I decided not to delete the users migration as well as the create_password_resets and add_two_factor_columns. Just disabled all the cool features in config/fortify.php. And who knows, what comes next? And as long there is no conflict… Then I published the migration for the jobs table (php artisan queue:table) and ran the migrations.
  • Now, the SaaS is ready to log in the existing users!

What to say – Laravel Jetstream is really, really powerful!