I was able to check Auth::check() via controller before redirecting to my other route that needed to passthrough a middleware to check if the Auth::check() == true, however, when i'm trying to check the value of Auth::check() via my Middleware it returned a FALSE / NULL value. Any Idea guys ??
Did the following already:
Set session via ENV file to database
Tried using multiple Guard as i needed this feature. though for the sake of making it working first, i disabled the Guard setup.
When Laravel is running through your middlewares, the authentication code still hasn't ran and hence why you get null as if there was no user logged in.
Enclose the routes in your web.php which utilize Authenticate middleware with the auth middleware.
That's when your Auth facade will work the same way it'd work in your controller.
Related
I was using this middleware:
Route::get('/{id}/edit',[PostController::class,'edit'])->name('post.edit')->middleware('password.confirm');
of laravel fortify so that it asks me for the password before accessing a route, but this depends on
'password_timeout'=>10800 in auth.php, so I need it to ask me for password whenever the route calls, try to set the value to 'password_timeout'=>1, but it is no longer possible to submit the form, it no longer returns Request validations from the controller. You could guide me to solve this problem. Thanks!
I am trying to make authentication based on API in laravel. Here is my process flow. First of all, I get data from API. If it is valid then I keep true value in the session. Through middleware, I check every route if it is authenticated or not. Am I on right track?
Session::put('authenticated', true);
session::get('authenticated');
Should I add anything to make it more efficient? Here the problem is I can not handle /login route. After successful login, it can be the visit the login page. Also I can't get session value in LoginController function __construct() . Thanks in advance. I am using laravel 5.5
I am using Laravel Passport (auth:api), all works well however I've came with the idea to log record user requests on a specific route.
When an GET request is made to /movie/65 I would like to store in movie_view the following data: user_id, movie_id (if the user is logged in)
However in my controller I am unable to call $request->user() without setting auth:api middleware.
What is the best practice you recommend to achieve this?
Default Auth Type should be set to 'api' in config/auth.php
Source: https://laracasts.com/discuss/channels/general-discussion/optional-authentication-for-api?page=0 (it was very hard to find)
Best way to do this is:
if (\Auth::guard('api')->check()) {
$user = \Auth::guard('api')->user();
}
you have to setup the guard to 'api', the default one is 'web'.
You can create a custom middleware as suggested here -- https://laracasts.com/discuss/channels/laravel/how-to-handle-route-with-optional-authentication. Then apply api guard to it. Let say you assign that custom middleware as auth.optional in Kernel.php, then you can use that middleware as auth.optional:api (with that api guard). Then you can access user thru $request->user() in your case above.
SO community!
I have a project, that I've built on Laravel 5.2. As its authorization I am using the built in one, that can be generated by running
php artisan make:auth
It serves well, but the system's users will be mostly invited by the administrator, whose account is created by the built-in auth action under the route /register. There will be multiple instances of my project hosted separately.
Once the system is set up I do need the route to create the administrator account, but after that I would like the route to be not be accessible.
The customization I need is as follows:
I am thinking about an "if" that would check how many administrator accounts there currently are. If there is at least one, the /register route would redirect to /login.
Something like this:
$administrators = User::where( 'role', User::ROLE_ADMIN )->get();
if ( count( $administrators ) != 0 ) return redirect( url('/login') );
It is a simple piece of code, but I do not know where to put it.
First possible solution:
At first I was thinking that I would need to customize the register action by adding the check to it, but the AuthController does not have register action and I do not understand how the AuthController works.
Second possible solution:
I was thinking of creating a middleware with the admin count check for the /register route, but in the routes file the built-in authorization routes are somehow condensed and added with this piece of code:
Route::auth();
Is there some way of extracting the /register route out of that, so I bind the middleware on to it?
Or maybe there is a better way of adding the check.
Any help will be much appreciated!
in my user table I have a active_id column to track this user account is still active or not.
Is it possible when a logged in user visit our website, check if it's not a active user then logout the logged in user.
Or when the logged in inactive user perform a post request , log out the user immediately .
Is it possible ?
You can accomplish this very easily with Middleware
Do the console command php artisan make:middleware CheckUserIsActive
Go to the generated file at app/Http/Middlewares/CheckUserIsActive
In the handle method
public function handle($request, Closure $next)
{
if (! $user = auth()->user()->is_active) {
auth()->user()->logout();
}
return $next($request);
}
Edit the app/Http/Kernel.php file: find web key on middlewareGroups property and append your new middleware \App\Http\Middlewares\CheckUserIsActive::class,
With this approach the check will be fired off on each request on your app, assuming that in your routes.php file you have web group middleware applied to all your routes, which is the case if you installed laravel and didn't change it.
Take a closer look at middlewares in the Documentation
Also note, that this will work only when there is an authenticated user. If there isn't then auth()->user() will return null and you'll get and error like 'Trying to call method logout() on null'. To avoid this error you need to make sure that there is an authenticated user and only then check if he's active. To do so Laravel provides built in auth middleware. Just append it to the middlewaresGroups's web key before your own middleware.
But again this is to work if it's fit your projects needs. If you do require user to be authenticated to go to any of the pages of your app then do this approach. if not - you need to limit some requests to be filtered by middlewares. Again, you may find this on docs or ask here if needed, I'll provide samples