This package implements a "google like" device detection.
You can detect when a user is using a new device and manage the verified status between user and device.
You can also detect a possible device hijacking.
You can install the package via composer:
composer require ivanomatteo/laravel-device-tracking
Publish migrations:
php artisan vendor:publish --provider "IvanoMatteo\LaravelDeviceTracking\LaravelDeviceTrackingServiceProvider" --tag migrationsRun migrations:
php artisan migratePublish config file:
php artisan vendor:publish --provider "IvanoMatteo\LaravelDeviceTracking\LaravelDeviceTrackingServiceProvider" --tag configuse IvanoMatteo\LaravelDeviceTracking\Facades\DeviceTracker;
use IvanoMatteo\LaravelDeviceTracking\Traits\UseDevices;
use IvanoMatteo\LaravelDeviceTracking\Models\Device;
// add the trait to your user model
class User {
use UseDevices;
}
// call on login or when you want update and check the device informations
// by default this function is called when the Login event is fired
// only with the "web" auth guard
// if you want you can disable the detect_on_login option in the config file
$device = DeviceTracker::detectFindAndUpdate();
// flag as verified for the current user
DeviceTracker::flagCurrentAsVerified();
// flag as verified for a specific user
DeviceTracker::flagAsVerified($device, $user_id);
// flag as verified for a specific user by device uuid
DeviceTracker::flagAsVerifiedByUuid($device_uuid, $user_id);
DeviceTracker::flagCurrentAsRogue($note = null, $adminNote = null, $data = null);
DeviceTracker::flagAsRogue($device, $user_id = null, $note = null, $adminNote = null, $data = null);
If you are using Session Authentication it's possible to add the middleware IvanoMatteo\LaravelDeviceTracking\Http\Middleware\DeviceTrackerMiddleware in app/Http/Kernel.php, at the end of web group.
This way, the device will also be checked for subsequents requests to the login request. DeviceTrackerMiddleware will store the md5(request()->ip() . $device_uuid . $user_agent ) inside the session so the detection will be executed again only if the hash does not match.
Following events can be emitted:
-
DeviceCreated
when a new device is detected and stored
-
DeviceUpdated
when some information of a device is changed
-
DeviceHijacked
when critical device information is changed. You can also define a custom DeviceHijackingDetector. After this event, the device will be updated, and the next time, DeviceHijacked will not be emitted, but the device will have the field device_hijacked_at with the last DeviceHijacked event timestamp.
-
UserSeenFromNewDevice
when a user is detected on a device for the first time
-
UserSeenFromUnverifiedDevice
when a user is detected on a device not for the first time and the device is not flagged as verified
-
UserSeenFromRogueDevice
when a user is detected on a device flagged as "rougue"
Please see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.