I am using laravel 5.8 and i want a middleware or some technique that can stops unprivileged user to visit any other URL except an specific URL.
When unprivileged user visit a url, he/she should immediately be redirected to a specific allowed page.
Route::get('/home', 'HomeController#index')->name('home')->middleware(['verified',...]);
In you routes file you should run all routes where only authenticated user should have access through the auth middlware.
Route::group(['middleware' => ['auth']], function() {
Route::get('/home', 'HomeController#index')->name('home');
// more routes
});
To specify where the user should be redirected to you can open the middleware at app/Http/Middlware/Authentication.php and check the method
protected function redirectTo($request)
Related
I have done laravel auth with is_admin field like:
if(auth()->user()->is_admin == 1){
return $next($request);
}
and defined it in route so if the user is admin, can be redirected to voyager dashboard page.
Route::group(['prefix' => 'admin'], function()
{
Voyager::routes();
Route::get('admin', 'HomeController#admin')->middleware('admin');
});
When I login, it's redirected to specific page but with error message:
Target class [VoyagerController] does not exist.
What should I do to return voyager admin page?
You can use middleware admin.user.
Route::group(['prefix' => 'admin'], function()
{
Voyager::routes();
Route::get('admin', 'HomeController#admin')->middleware('admin.user');
});
Hope this will work.
This will:
Access route only when user is logged in.
Redirect to voyager login page when accessing the restricted route.
Question
How can I set up Laravel routing so that:
navigating to mysite.com/login uses the LoginController
navigating to somecompany.mysite.com/login uses the TenantLoginController
What I'm doing
I'd have a Laravel 5.7 app that has a typical login page at say, mystite.com/login
I'd like to set up a subdomain for this app like somecompany.mysite.com that will have it's own authentication.
I'd like the somecompany users to log in at somecompany.mysite.com/login
What I've tried
The route definition for the main site login
Route::group(['namespace' => 'App\Http\Controllers\Auth', 'middleware' => ['web']], function () {
Route::get('login', 'LoginController#showLoginForm')->name('login');
});
The rout definition for the subsomain login
Route::domain('somecompany.mysite.com')->group(function ($router) {
$router->group(['namespace' => 'App\Http\Controllers\Tenant\Auth', 'middleware' => ['web']], function($router) {
$router->get('login', 'TenantLoginController#showLoginForm')->name('somecompany.login');
});
});
What Happened
I can navigate to somecompany.mysite.com/login and the URL bar says somecompany.mysite.com/login but when I do, the request is actually routed to the 'LoginController#showLoginForm' controller not the expected 'TenantLoginController#showLoginForm' and the typical login form is desplayed, not the subdomain's login form.
If I change the path to $router->get('tenant-login' and navigate to somecompany.mysite.com/tenant-login the subdomain login form is shown, and somecompany.mysite.com/login shows the main login form.
Since you did not specify a domain in the first route (handled by LoginController), it should also be valid for the somecompany.mysite.com subdomain.
To work around that, I would suggest trying to add more specificity to that first route, enclosing it with Route::domain('mysite.com').
The Laravel router always takes the first matching route, and that first one matches just fine in the end.
Developing a Laravel packages and in the routes I have this routes
Route::middleware(['web'])->group(function () {
Route::get('/pckOne', 'Frutdev\LaravPck\Controllers\PckController#getIndex');
Route::get('/pckZone', 'Frutdev\LaravPck\Controllers\PckController#getZone');
Route::post('/pckZone', 'Frutdev\LaravPck\Controllers\PckController#postZone');
Route::get('/pckUsers', 'Frutdev\LaravPck\Controllers\PckController#getUsers');
Route::get('/pckUser', 'Frutdev\LaravPck\Controllers\PckController#getCurrentUser');
Route::get('/pckArea', 'Frutdev\LaravPck\Controllers\PckController#getArea');
Route::post('/pckArea', 'Frutdev\LaravPck\Controllers\PckController#postArea');
Route::get('/{Area}/pckZones', 'Frutdev\LaravPck\Controllers\PckController#getAreaZones');
Route::post('/{Area}/pckZone', 'Frutdev\LaravPck\Controllers\PckController#postAreaZone');
});
The routes are not being authenticated.
I tried with the web middleware but can still see/access the routes while not logged in.
I tried with the auth middleware but even after logging in with the default Laravel loggin in system(which wasn't altered) I can't access the routes. It says I'm unauthorized, even after logging in. Any idea?
GET /login whenever I try to go with the auth middleware to /pckOne returns a 302 Found status.
To have the auth middleware functional you need something like the following:
Auth::routes();
Route::group(['middleware' => ['auth']], function () {
// Home Controller After Logging In
Route::get('/', 'HomeController#index')->name('home');
});
This means it will check auth before running the GET route. If you're signed in then great it'll run, if not your middleware will throw the sufficient redirect back to the login page as an example.
I want to make prevent access to visited page after logout from the laravel project. Here I have used laravel middleware
Route::group(['middleware' => ['web']], function ()
{
Route::get('/logout',[
'uses'=>'UserController#getLogout',
'as'=>'logout'
]);
});
I have included the all the routes in above Route::group route
and used auth facade. I want to prevent to access visited page after logout and after accidentally pressing the back button from the browser.
Laravel Route middleware can be used to allow only authenticated users to access a given route. All you need to do is attach the middleware to a route definition:
Route::get('profile', ['middleware' => 'auth', function() {
// Only authenticated users may enter...
}]);
Check this Laravel Auth Documentation
I am new to laravel framework and trying to build up authentication for a website. There is something really strange thats happening and I am not able to figure out whats wrong.
I issue php artisan make:auth command and I could see the corresponding files getting generated under controllers and the resources/views. I am able to login and see the homepage (after login). I am able to logout as well and everything works smoothly so far.
now sometimes there seems to be a problem when I am away from the browser for sometime, and come back to the website, it starts acting wierd. the app loses the information about the current logged in user. If I go to the home page (the actual homepage of the website and not the page after the login), then the login page ("/login") does not show up. I have to manually logout (by typing "/logout" in the url) and then try the login url to see the login form.
this is my routes file:
Route::get("/", "PagesController#home")->name("home");
Route::get("/search/{query}","APIController#index")->name("search");
Route::get("/searchBook/{id}","APIController#searchBook")->name("searchBook");
Route::get("/stories","PagesController#stories")->name("stories");
Route::get("/user/{id}/deleteBooks/{book_id}","UserController#deleteBooks")->name('user.delete.books');
Route::get("/user/{id}/showBooks/{book_id}","UserController#showBooks")->name('user.show.books');
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::resource('user', 'UserController');
Route::get('/user/{user}/books',"UserController#books")->name('user.get.books');
Route::post("/user/{user}/createBooks","UserController#createBooks")->name('user.create.books');
Route::get('/home', 'PagesController#dashboard')->name("dashboard");
Route::post("/savemap","UserController#savemap")->name("savemap");
});
Also, It seems the app in itself is not really taking care of the authentication. I manually have to check the authentication (by Auth::check()) at lot of steps and it is painful. For example at many places I have to manually do
if (Auth::check()) {
// some code
}
else{
Auth::logout();
return redirect()->route('home'); //named route
}
This is an update : A route which was giving me issues was not placed under the web middleware in the routes.php file. So when I placed the concerned route under the web middleware, I was actually able to access all the Auth:: parameters and the current logged in user.
Does this mean that I have to place all my "logged-in" routes (available routes after logging in) inside the web middleware? and what about the /login, /logout routes... Should they be places any middleware?
Any route you need sessions (which Auth uses) needs to have the 'web' middleware group applied.
If you want to do auth checks you can use the 'auth' middleware which will do those checks for you.
Example:
Route::group(['middleware' => ['web', 'auth']], function() {
Route::get('mustbeauthed', 'SomeController#someMethod');
});
In this case going to the 'mustbeauthed' will redirect you away if you are not authenticated and let you pass through to it if you are authenticated.