Back to blog
General

Safeguarding Your Laravel Application Against Unwanted Sign-Ups

Apr 25, 2024
.
Volodymyr Otreshko

Hello there! Today, I would like to share with you a new feature that we have included in our Laravel package CraftablePRO. Our main motivation for developing this feature was to create a plug-and-play functionality for self-registration with some additional features. This feature would be very useful and a must-have for internal corporate projects where only selected users can register. You do not want to share your internal data with people from outside. The feature we have implemented is a whitelisted domain for self-registration. Now, let us get straight to the point, There is no need to beat around the bush.

Step 1 → Setup CraftablePRO package

I would like to share a link to the documentation because it provides detailed information about the topic. However, since this is still a guide, I will quickly go over the main points. And of course here is the link to the documentation: Craftable PRO – Craftable PRO Documentation

Basic Laravel setup

For this example, we will need a Laravel project older than version 9. You can execute a well-known command in the terminal to accomplish this:

curl -s "https://laravel.build/example-app?with=pgsql" | bash

This command will set up all the necessary settings for you, and then you will only need one more command to launch the created project. The previous command will instruct you to do so, but to save you time, you can copy it from here:

cd example-app && ./vendor/bin/sail up -d

Install CraftablePRO

After obtaining a valid Craftable PRO license, you will need to add our private repository to your composer.json.

composer config repositories.craftable-pro composer https://packages.craftable.pro/

To install the package using Composer, you will need to provide your username and password. Use your email address as the username and the license key you received after purchasing the license as the password. Another option is to create an auth.json file with your credentials. This file can be created either locally or globally. For more detailed instructions on how to create the auth.json file, please refer to the Composer documentation.

composer require brackets/craftable-pro

We are almost there; now just run the following:

php artisan craftable-pro:install     # Package install
npm install                           # Install npm packages
npm run craftable-pro:build           # Build FE assets

Congratulations! We are ready to go. Test your installation here: http://localhost/admin

Step 2 → Enable self-registration

To enable self-registration, we need to publish a configuration file to our project. Quite by chance, we've just created a terminal command for this:

php artisan vendor:publish --tag=craftable-pro-config

There are multiple configurations available, and you can find a detailed explanation in our documentation: Config file – Craftable PRO Documentation. But for now, we are only interested in some fields. By default, the ability for users to self-register is disabled, so we need to set it to true.

'self_registration' => [ 
    // define if users can self-register into the Craftable Pro interface 
    'enabled' => true, 
    ... 
],

And the next step is our COOL feature—an array of allowed domains for registration. This feature enables us to whitelist specific domains for registration, which helps prevent spam registrations and unwanted sign-ups. For this guide, we can add some dummy domains as examples to the whitelist:

'self_registration' => [ 
    ... 
    'allowed_domains' => ['example.com', 'lol.lol'] // use '*' for allowing any domain 
],

Step 3 → Setup mails testing

Last but not least, we need to set up an email service to test our self-registration feature. I recommend using Mailtrap, which is a free and user-friendly service. If you're not familiar with Mailtrap, don't worry—it's easy to install. Simply register and copy the configurations to your local .env file. The configurations should look like this:

Step 3 → Let’s explore our setup

After completing the three quick setup steps, let's proceed to test our creation. First, let's try the happy path by registering with a whitelisted domain.

If you are already logged in, please log out and then visit http://localhost/admin/register. Here, you will need to fill in some information for registration.

And now, if your Mailtrap setup was successful, you should receive a confirmation email there. Check this link in your Mailtrap inbox:

After pressing the verification button, you will be redirected to the users listing page:

Congratulations! Our happy path is working. Now, let's test our error path. Please log out and visit the registration page again by going to http://localhost/admin/register. Fill out the registration fields but use an unwhitelisted domain. Click on the register:

Aaaand, you receive an error.

Conclusion

I hope that you enjoyed my guide. The self-registration feature with domain whitelisting is a great way to keep your application secure and well-managed. It ensures that only users from approved domains can register, which is especially useful for internal or community-based platforms. Setting up this feature correctly helps maintain a safe and user-friendly registration environment that meets your specific needs.