Laravel 5.2 continues the improvements made in Laravel 5.1 by adding multiple authentication driver support, implicit model binding, simplified Eloquent global scopes, opt-in authentication scaffolding, middleware groups, rate limiting middleware, array validation improvements, and more.
The full Laravel 5.2 upgrade guide is in available in the Laravel documentation.
Authentication Drivers / “Multi-Auth”
In previous versions of Laravel, only the default, session-based authentication driver was supported out of the box, and you could not have more than one authenticatable model instance per application.
However, in Laravel 5.2, you may define additional authentication drivers as well define multiple authenticatable models or user tables, and control their authentication process separately from each other. For example, if your application has one database table for “admin” users and one database table for “student” users, you may now use the Auth methods to authenticate against each of these tables separately.
Authentication Scaffolding
Laravel already makes it easy to handle authentication on the back-end; however, Laravel 5.2 provides a convenient, lightning-fast way to scaffold the authentication views for your front-end. Simply execute the make:auth command on your terminal:
1 php artisan make:auth
This command will generate plain, Bootstrap compatible views for user login, registration, and password reset. The command will also update your routes file with the appropriate routes.
Note: This feature is only meant to be used on new applications, not during application upgrades.
Implicit Model Binding
Implicit model binding makes it painless to inject relevant models directly into your routes and controllers. For example, assume you have a route defined like the following:
1 use AppUser;
2
3 Route::get('/user/{user}', function (User $user) {
4 return $user;
5 });
In Laravel 5.1, you would typically need to use the Route::model method to instruct Laravel to inject the AppUser instance that matches the {user} parameter in your route definition. However, in Laravel 5.2, the framework will automatically inject this model based on the URI segment, allowing you to quickly gain access to the model instances you need.
Laravel will automatically inject the model when the route parameter segment ({user}) matches the route Closure or controller method’s corresponding variable name ($user) and the variable is type-hinting an Eloquent model class.
Middleware Groups
Middleware groups allow you to group several route middleware under a single, convenient key, allowing you to assign several middleware to a route at once. For example, this can be useful when building a web UI and an API within the same application. You may group the session and CSRF routes into a web group, and perhaps the rate limiter in the api group.
In fact, the default Laravel 5.2 application structure takes exactly this approach. For example, in the default AppHttpKernel.php file you will find the following:
1 /**
2 * The application's route middleware groups.
3 *
4 * @var array
5 */
6 protected $middlewareGroups = [
7 'web' => [
8 AppHttpMiddlewareEncryptCookies::class,
9 IlluminateCookieMiddlewareAddQueuedCookiesToResponse::class,
10 IlluminateSessionMiddlewareStartSession::class,
11 IlluminateViewMiddlewareShareErrorsFromSession::class,
12 AppHttpMiddlewareVerifyCsrfToken::class,
13 ],
14
15 'api' => [
16 'throttle:60,1',
17 ],
18 ];
Then, the web group may be assigned to routes like so:
1 Route::group(['middleware' => ['web']], function () {
2 //
3 });
Rate Limiting
A new rate limiter middleware is now included with the framework, allowing you to easily limit the number of requests that a given IP address can make to a route over a specified number of minutes. For example, to limit a route to 60 requests every minute from a single IP address, you may do the following:
1 Route::get('/api/users', ['middleware' => 'throttle:60,1', function () {
2 //
3 }]);
Array Validation
Validating array form input fields is much easier in Laravel 5.2. For example, to validate that each e-mail in a given array input field is unique, you may do the following:
1 $validator = Validator::make($request->all(), [
2 'person.*.email' => 'email|unique:users'
3 ]);
Likewise, you may use the * character when specifying your validation messages in your language files, making it a breeze to use a single validation message for array based fields:
1 'custom' => [
2 'person.*.email' => [
3 'unique' => 'Each person must have a unique e-mail address',
4 ]
5 ],
Eloquent Global Scope Improvements
In previous versions of Laravel, global Eloquent scopes were complicated and error-prone to implement; however, in Laravel 5.2, global query scopes only require you to implement a single, simple method: apply.
For more information on writing global scopes, check out the full Eloquent documentation.