/laravel-device-tracking

a library that allow to track different devices used

Primary LanguagePHPMIT LicenseMIT

A library that allows you to track different devices used per user

Latest Version on Packagist

Total Downloads

This package implements a "google like" device detection.

You can detect when an user is using a new device and manage the verified status between user and device.

You can also detect a possible device hijacking.

Installation

You can install the package via composer:

composer require ivanomatteo/laravel-device-tracking

php artisan migrate

Publish config file:

php artisan vendor:publish --provider "IvanoMatteo\LaravelDeviceTracking\LaravelDeviceTrackingServiceProvider" --tag config

Usage

// add the trait to your user model
class User{
    //...
    use IvanoMatteo\LaravelDeviceTracking\Traits\UseDevices;
    //...
}


// call on login or when you want update and check the device informations
$device = \DeviceTracker::detectFindAndUpdate();


// flag as verified for the current user
\DeviceTracker::flagCurrentAsVerified();

// flag as verified for a specific user
\DeviceTracker::flagAsVerified($device, $user_id);

// flag as verified for a specific user by device uuid
\DeviceTracker::flagAsVerifiedByUuid($device_uuid, $user_id);



// if you are using laravel/ui (classic scaffolding)
// a good place where detectFindAndUpdate() is in the login controller
// App\Http\Controllers\Auth\LoginController
// by adding this method:
protected function authenticated(Request $request, $user)
{
    $device = \DeviceTracker::detectFindAndUpdate();

    //
}

If you are using Session Autentication it's possible to add the middleware IvanoMatteo\LaravelDeviceTracking\Http\Middleware\DeviceTrackerMiddleware in app/Http/Kernel.php, at the end of web group.

This way, the device will also be checked for subsequents requests to the login request. DeviceTrackerMiddleware will store the md5( $device_uuid . $user_agent ) inside the session so the detection will be executed again only if the hash does not match.

Following events can be emitted:

  • DeviceCreated

    when a new device is detected and stored

  • DeviceUpdated

    when some information of a device is changed

  • DeviceHijacked

    when critical device information is changed. You can also define a custom DeviceHijackingDetector. After this event, the device will be updated, and the next time, DeviceHijacked will not be emitted, but the device will have the field device_hijacked_at with the last DeviceHijacked event timestamp.

  • UserSeenFromNewDevice

    when an user is detected on a device for the first time

  • UserSeenFromUnverifiedDevice

    when an user is detected on a device not for the first time and the device is not flagged as verified

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email ivanomatteo@gmail.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.