How I can disable password reset? I need prevent resetting passwords on login page. How I can do it?
I tried do:
Auth::routes(['register' => false, 'password.request' => false, 'password.reset' => false]);
But not working. Password reset is working.
Change,
'password.reset' => false
To,
'reset' => false
If that doesn't work, in ForgotPasswordController, you will see that a trait SendsPasswordResetEmails is used, in that you will find the function showLinkRequestForm which you can override:
public function showLinkRequestForm()
{
return view('auth.passwords.email');
}
and replace it with a redirect to go back, or a 404, or something else that you want.
Alternatively, you could override the routes.
Inside of :
Auth::routes();
You can use :
// Authentication Routes...
Route::get('login', 'Auth\LoginController#showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController#login');
Route::post('logout', 'Auth\LoginController#logout')->name('logout');
// Registration Routes...
Route::get('register', 'Auth\RegisterController#showRegistrationForm')->name('register');
Route::post('register', 'Auth\RegisterController#register');
// Password Reset Routes...
Route::get('password/reset', 'Auth\ForgotPasswordController#showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController#sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController#showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController#reset')->name('password.update');
And delete which you don't want.
Because I can not add a comment yet, I'd like to add to Omid Reza Heidari's comment. Using
Route::post('password/reset', 'Auth\ResetPasswordController#reset');
without ->name('password.update') will results in error "Route [password.update] not defined" when using the default view. The last route should thus be
Route::post('password/reset', 'Auth\ResetPasswordController#reset')->name('password.update');
Related
I want to disable access to register route without login in laravel 8. I am using laravel jetstream with livewire.
Here is code in routes\web.php. I have not changed anything in route file.
Route::get('/', function () {
return view('welcome');
});
Route::middleware(['auth:sanctum', 'verified'])->get('/dashboard', function () {
return view('dashboard');
})->name('dashboard');
To disable registration go to config/fortify.php and comment out Features::registration().
'features' => [
//Features::registration(),
Features::resetPasswords(),
// Features::emailVerification(),
Features::updateProfileInformation(),
Features::updatePasswords(),
Features::twoFactorAuthentication(),
],
it work with Fortify you can control its appearance in
`config/fortify.php Features::registration(),
you can customize the register logic validation ... from App\Actions\Fortify CreatesNewUsers
I have a Laravel structure like this:
app/
Http/
Controllers/
Api/
Auth/
RegisterController
and the API route:
// AUTH
Route::namespace('Api')->group(function () {
Route::post('password/email', 'Auth\ForgotPasswordController#sendResetLinkEmail');
Route::post('password/reset', 'Auth\ResetPasswordController#reset');
Route::post('register', 'Auth\RegisterController#register');
});
But the POST request to http://domain.xx/api/register return an internal error:
Class App\Http\Controllers\Api\Auth\RegisterController does not exist
in file...
I've tried pointing to '..\Auth\RegisterController#register' but I got same error:
Class ..\Auth\RegisterController does not exist in file
It should be simple to fix lol... but... can you help me?
Routes Group
Route::group(['prefix' => 'api', 'namespace' => 'App\Http\Controllers'], function()
{
Route::post('password/email', 'Auth\ForgotPasswordController#sendResetLinkEmail');
Route::post('password/reset', 'Auth\ResetPasswordController#reset');
Route::post('register', 'Auth\RegisterController#register');
});
You can delete folder App\Http\Controllers\Api, you can use PREFIX on
your group routes
I fixed it
// AUTH
Route::namespace('Auth')->group(function () {
Route::post('password/email', 'ForgotPasswordController#sendResetLinkEmail');
Route::post('password/reset', 'ResetPasswordController#reset');
Route::post('register', 'RegisterController#register');
});
I have a path in Laravel it is like subdomain.mydomain.com/admin/login
I am trying to call
subdomain.mydomain.com and need to get the login page straight.
Currently, it's not working
This is the function I am using in routerserviceprovider.php
protected function mapAdminRoutes()
{
Route::middleware('subdomain.mydomain.com')
->prefix('admin')
->namespace($this->namespace)
->group(base_path('routes/admin.php'));
}
and in admin.php there is a resource group shows like this:
Route::group(['prefix' => 'admin', 'namespace' => 'Admin'], function() {
//Login Routes...
Route::view('login','admin.login');
});
can anyone help with this?
Add following route
Route::get('/',function(){ return view('login.index'); })->name('admin.login');
i hope it helps
I've been creating authentification for users and for admins with Laravel Hesto / multi Auth...
I've also created other views that can be reached only by admins. I also created the routes to access those pages...
Route::group(['prefix' => 'admin'], function () {
Route::get('/', function (){
return redirect('/admin/login');
});
Route::get('/login', 'AdminAuth\LoginController#showLoginForm')->name('login');
Route::post('/login', 'AdminAuth\LoginController#login');
Route::post('/logout', 'AdminAuth\LoginController#logout')->name('logout');
Route::get('/register', 'AdminAuth\RegisterController#showRegistrationForm')->name('register');
Route::post('/register', 'AdminAuth\RegisterController#register');
Route::post('/password/email', 'AdminAuth\ForgotPasswordController#sendResetLinkEmail')->name('password.request');
Route::post('/password/reset', 'AdminAuth\ResetPasswordController#reset')->name('password.email');
Route::get('/password/reset', 'AdminAuth\ForgotPasswordController#showLinkRequestForm')->name('password.reset');
Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController#showResetForm');
// Routes settings admin
Route::resource('/settings/langs', 'Admin\LangController');
// Route core application
Route::resource('/mappings/sectors', 'Admin\SectorController');
});
My problem is that the route for settings/langs and mapping/sectors can be reached by not logged users ... And those page should be restricted...
Just wrapp them under auth middleware
Route::group(['prefix' => 'admin'], function () {
Route::get('/', function (){
return redirect('/admin/login');
});
Route::get('/login', 'AdminAuth\LoginController#showLoginForm')->name('login');
Route::post('/login', 'AdminAuth\LoginController#login');
Route::post('/logout', 'AdminAuth\LoginController#logout')->name('logout');
Route::get('/register', 'AdminAuth\RegisterController#showRegistrationForm')->name('register');
Route::post('/register', 'AdminAuth\RegisterController#register');
Route::post('/password/email', 'AdminAuth\ForgotPasswordController#sendResetLinkEmail')->name('password.request');
Route::post('/password/reset', 'AdminAuth\ResetPasswordController#reset')->name('password.email');
Route::get('/password/reset', 'AdminAuth\ForgotPasswordController#showLinkRequestForm')->name('password.reset');
Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController#showResetForm');
Route::group(['middleware'=>'auth'], function(){
// Routes settings admin
Route::resource('/settings/langs', 'Admin\LangController');
// Route core application
Route::resource('/mappings/sectors', 'Admin\SectorController');
});
});
This will prevent non-auth users to access those routes.
I have a form submission that posts to indexController#postSwitch. I get the submitted data in the postSwitch action, but when I do the same thing in my middleware, it returns null. This is a global middleware, and I'm just trying to see if I have access to the submitted data. This documentation shows that I should be able to get the form data.
Like this..
// Form: just a simple form that posts `id` to /switch
// Complete routes
Route::group(['middleware' => ['auth'], function() {
Route::get('/', 'IndexController#dashboard');
Route::post('/switch', 'IndexController#postSwitch');
Route::get('/settings', 'IndexController#settings');
});
Route::get('auth/login', 'Auth\AuthController#getLogin');
Route::post('auth/login', 'Auth\AuthController#postLogin');
Route::get('auth/logout', 'Auth\AuthController#getLogout');
Route::get('auth/register', 'Auth\AuthController#getRegister');
Route::post('auth/register', 'Auth\AuthController#postRegister');
Route::get('password/email', 'Auth\PasswordController#getEmail');
Route::post('password/email', 'Auth\PasswordController#postEmail');
Route::get('password/reset/{token}', 'Auth\PasswordController#getReset');
Route::post('password/reset', 'Auth\PasswordController#postReset');
// Middleware
public function handle($request, Closure $next)
{
$id = $request->input('id');
dd($id); // null
return $next($request);
}
// IndexController#switch
public function postSwitchBrand(Request $request)
{
$id = $request->input('id'); // Has the submitted data
}
This middleware is registered globally. i.e. appended to the $middleware property in \App\Http\Kernel. What am I missing?
Based on our discussion in the comments, I see that there is a small glitch here, which is not defined in the documentation. I've raised an Issue on laravel Git repository stating the problem there.
Here's the link to the issue: https://github.com/laravel/framework/issues/11278
Link on the laravel Forum :: http://laravel.io/forum/12-11-2015-form-data-not-accessible-in-middleware-via-request
Try to use following:
$request->id;
To access request parameters.
It is tricky but looks as though something like the following works:
$request->getContent()
or if getting a json payload for the request:
$request->json()