I'm using the HMVC package to consume my own API. However it also includes some POST requests which require authenticaton. Obviously I can't just dump in my password in the request nor do I find ENV variables an elegant solution.
Is there a way to check inside the basic auth filter whether the request is made internally?
The filter is applied to the controller, not the route
First option
You could add the exception test on the filter, so that you only apply the filter rule if the request is not from localhost.
Second option
You would apply the filter on the Route, so that you wouldn't have problems accessing the controller locally.
Route::get('profile', array('before' => 'auth', function()
{
// Only authenticated users may enter...
}));
Source: http://laravel.com/docs/4.2/security#protecting-routes
Third option
It doesn't seem an elegant solution either, but a workaroung would be to look if the request comes from localhost, you could manually authenticate the user.
$user = User::find(1);
Auth::login($user);