josrom/laravel-developer-logins
Composer 安装命令:
composer require josrom/laravel-developer-logins
包简介
Quick developer authentication for Laravel applications in local/staging environments
README 文档
README
Quick developer authentication for Laravel applications in local/staging environments. Skip the login form during development by clicking a button to authenticate as any predefined user.
⚠️ Security Warning: This package is designed for development and staging environments only. Never enable it in production!
Features
- 🚀 One-click authentication as any configured user
- 🔒 Safe defaults (disabled in production by default)
- 🎯 Works with Laravel Fortify + Inertia.js
- 🔐 Optional 2FA bypass for developer logins
- 🌐 Multiple authentication guard support
- 🛡️ IP whitelist support (optional)
- 📝 Activity logging for security auditing
- ⚙️ Highly configurable via environment variables
Requirements
- PHP 8.1+
- Laravel 10.x, 11.x, 12.x, or 13.x
- Laravel Fortify (for authentication)
Installation
1. Install via Composer
composer require josrom/laravel-developer-logins --dev
2. Publish Configuration
php artisan vendor:publish --tag="developer-logins-config"
3. Configure Users
By default, the package fetches the first 10 users from your database automatically. You can customize this in config/developer-logins.php:
Option 1: Dynamic users from database (Recommended)
'users' => fn () => App\Models\User::limit(10)->pluck('email', 'name')->toArray()
Option 2: Static predefined users
'users' => [ 'Admin' => 'admin@example.com', 'User' => 'user@example.com', ]
4. Configure Environment Variables
Add to your .env file:
# Enable/disable developer logins DEVELOPER_LOGINS_ENABLED=true # Optional: Bypass 2FA for developer logins (default: false) DEVELOPER_LOGINS_BYPASS_2FA=false # Optional: IP whitelist (comma-separated) DEVELOPER_LOGINS_ALLOWED_IPS=127.0.0.1,::1
5. Integration
For Blade Views
Add to your login view (e.g., resources/views/auth/login.blade.php):
@if(config('developer-logins.enabled')) <x-developer-logins::login-buttons /> @endif
For Inertia.js + Vue
The package automatically shares developer logins data with Inertia. Add to your Login component:
<template> <div v-if="$page.props.developerLogins" class="mt-4 space-y-2"> <div class="text-sm text-amber-600 font-semibold"> ⚠️ Developer Logins Enabled </div> <form v-for="(credentials, label) in $page.props.developerLogins" :key="credentials" method="POST" :action="route('developer-logins.login-as')" > <input type="hidden" name="_token" :value="$page.props.csrf_token"> <input type="hidden" name="credentials" :value="credentials"> <button type="submit" class="w-full px-4 py-2 bg-amber-100 hover:bg-amber-200 rounded border border-amber-300" > Login as {{ label }} ({{ credentials }}) </button> </form> </div> </template>
Configuration
The configuration file (config/developer-logins.php) provides extensive customization options:
return [ // Enable/disable globally (default: only in local environment) 'enabled' => env('DEVELOPER_LOGINS_ENABLED', env('APP_ENV') === 'local'), // User model class 'model' => App\Models\User::class, // Column to match against (email, username, etc.) 'column' => 'email', // Authentication guard (or null for default) 'guard' => null, // Users for quick login (static array or closure) // Option 1: Dynamic from database (Recommended) 'users' => fn () => App\Models\User::limit(10)->pluck('email', 'name')->toArray(), // Option 2: Static predefined users // 'users' => [ // 'Admin' => 'admin@example.com', // 'User' => 'user@example.com', // ], // Redirect after successful login 'redirect_to' => '/admin/dashboard', // Bypass 2FA for developer logins (default: false) 'bypass_2fa' => env('DEVELOPER_LOGINS_BYPASS_2FA', false), // IP whitelist (empty = allow all) 'allowed_ips' => array_filter(explode(',', env('DEVELOPER_LOGINS_ALLOWED_IPS', ''))), // Log developer login attempts 'log_attempts' => env('DEVELOPER_LOGINS_LOG', true), // Show warning message on login page 'show_warning' => true, // Throw exception if enabled in production 'prevent_production' => true, ];
Usage
Basic Usage
Once configured, developer login buttons will appear on your login page. Click any button to authenticate as that user instantly.
Multiple Authentication Guards
To use a specific guard:
// In config/developer-logins.php 'guard' => 'admin',
Or specify per-user in a custom configuration.
IP Whitelist
Restrict developer logins to specific IP addresses:
# .env
DEVELOPER_LOGINS_ALLOWED_IPS=127.0.0.1,::1,192.168.1.100
Logging
All developer login attempts are logged by default:
// Log channel: 'stack' (default Laravel) // Log level: 'info' // Log format: "Developer login attempt: {email} from IP: {ip}"
Disable logging in .env:
DEVELOPER_LOGINS_LOG=false
Two-Factor Authentication (2FA)
By default, developer logins still require 2FA if enabled on the user account. To bypass 2FA:
# .env
DEVELOPER_LOGINS_BYPASS_2FA=true
⚠️ Security Note: Only enable 2FA bypass in trusted local environments.
Security
Built-in Safety Features
✅ Disabled by default in production - Set APP_ENV=production and the package won't work
✅ Exception on production - Throws ConfigurationException if enabled in production (configurable)
✅ IP whitelist support - Restrict to specific IPs
✅ Activity logging - All attempts logged for auditing
✅ CSRF protection - Uses Laravel's CSRF tokens
✅ Warning messages - Visual indicators on login page
✅ 2FA respect - Honors 2FA by default (bypass is opt-in)
Best Practices
❌ Never enable in production
✅ Use environment-specific .env files
✅ Add to .env.example with safe defaults
✅ Enable IP whitelist in shared staging environments
✅ Keep logging enabled for security auditing
✅ Only bypass 2FA in local environments
Troubleshooting
Buttons not appearing
- Check
APP_ENV- Must belocalorstaging(or setDEVELOPER_LOGINS_ENABLED=true) - Verify users exist in database with configured emails
- Clear config cache:
php artisan config:clear - Check logs:
storage/logs/laravel.log
"User not found" error
Ensure the configured email/username exists in your database:
php artisan tinker >>> User::where('email', 'admin@example.com')->first();
IP whitelist blocking access
Check your IP address:
curl ifconfig.me
Add it to .env:
DEVELOPER_LOGINS_ALLOWED_IPS=127.0.0.1,::1,YOUR_IP_HERE
Production exception
If you see ConfigurationException: Developer logins should not be enabled in production!:
- Set
APP_ENV=productionin.env - Or set
DEVELOPER_LOGINS_ENABLED=false - Or set
prevent_production => falsein config (not recommended)
Testing
composer test
Changelog
Please see CHANGELOG for recent changes.
Contributing
Contributions are welcome! Please see CONTRIBUTING for details.
Security Vulnerabilities
If you discover a security vulnerability, please email security@example.com.
Credits
License
The MIT License (MIT). Please see License File for more information.
josrom/laravel-developer-logins 适用场景与选型建议
josrom/laravel-developer-logins 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 29 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 02 月 12 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「login」 「development」 「laravel」 「developer」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 josrom/laravel-developer-logins 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 josrom/laravel-developer-logins 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 josrom/laravel-developer-logins 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
WeChat OAuth SDK
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Debugging a problem and need to login as one of your customers? This allows you to authenticate as any of your customers.
Library with classes to help you do batch.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
统计信息
- 总下载量: 29
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 17
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-02-12