I need authenticate a user from my controller.
public function index()
{
$user = User::find(1);
Auth::login($user, true);
dd(Auth::check()); // returns true
}
public function dev()
{
dd(Auth::check()); // returns false
}
When I run index() that's ok. Script returns true. But next when I go to dev() - scripts returns false.
I tried with diferrent session drivers (file, cookie, database).
CORRECT CODE:
public function index()
{
$user = User::where('email', 'dekadent111#gmail.com')->first();
Auth::login($user, true);
return view('main');
}
public function dev()
{
var_dump(Auth::user());
}
dd() in the index action is breaks Auth
Related
I'm having a controller with some functions. In every function I get user data by sharing it from the Contoller.php
In controller.php
public function share_user_data() {
$user = Auth::user();
$this->checkValidation($user);
$this->user = $user;
View::share('user', $user);
}
public function checkValidation($user){
if($user->email_activated == 0){
var_dump($user->email_activated); // I get: int(0)
return redirect('/verifyEmail');
}
}
In the other controller
public function viewCategory(Category $category){
$this->share_user_data(); // here's the check
$this->get_site_lang();
$products = $category->products;
return view('category', compact('category','products'));
}
But I get the category view and not redirected to the verifyEmail route. How to fix this and why it's happening?
The controller function called by the route is the one responsible for the response. I guess it is viewCategory() in your example?
Your viewCategory() function is always returning view(). It must return redirect() instead. I think the main function should be responsible for picking the output of the request.
private function checkValidation($user) {
return $user->email_activated == 0;
}
public function viewCategory(Category $category) {
$user = Auth::user();
/* ... call to share_user_data() or whatever ... */
if ($this->checkValidation($user)) {
return redirect('/verifyEmail');
}
return view('category', compact('category','products'));
}
I have a function in my User model which is called isAdmin, if "Admin" is set to 1 in the database, it returns true, if not it returns false.
How is this gonna work with Auth::user()?
When I do Auth::user()->isAdmin(), it returns "Property [admin] does not exist on this collection instance."
Thats why I came to the conclusion it may not use the User model?
User model
public function isAdmin() {
if($this->admin == 1) {
return true;
} else {
return false;
}
}
public function view ()
{
if(Auth::check() && Auth::user()->isAdmin()) {
$user = User::all();
$post = Post::all();
$visit = Visits::all();
return view('admin')->with('post', $post)->with('user', $user)->with('visit', $visit);
} else {
return redirect()->to('/');
}
}
If I may suggest, for this use case, you can actually make do without an extra function. You could just say auth()->user()->admin, specially if the 'admin' column in the database is boolean type.
Otherwise (even admin coloumn is not boolean type) you can set up a mutator method in the model, like so:
public function getIsAdminAttribute()
{
return (bool) $this->admin;
}
Then to check you can access it like so: Auth::user()->isAdmin or auth()->user()->isAdmin
And better yet, you might want to read about Gate and Policies to achieve more robust access controlling. https://laravel.com/docs/5.7/authorization
Suggestion, change the code to just this:
public function isAdmin() {
return $this->admin;
}
This code does exactly the same as you've got above..
Now in your admin.blade.php you are using:
$user->isAdmin();
But in the controller you have:
$user = User::all();
which returns collection.
You should iterate over it, and check on each user instance if it is an admin:
$users = User::all();
In the view:
#foreach($users as $user)
#if($user->isAdmin())
{{ $user->name }} // some code here..
#endif
#endforeach
No Need To do anything just check if login then auth()->check() is return true then auth()->user() return the user
public function view ()
{
if(auth()->check() && auth()->user()->isAdmin()) {
$user = User::all();
$post = Post::all();
$visit = Visits::all();
return view('admin')->with('post', $post)->with('user', $user)->with('visit', $visit);
} else {
return redirect()->to('/');
}
}
public function isAdmin()
{
return $this->admin;
}
I am trying to set up a double authentication page under laravel, for that I add a checkTotp method that verifies that the user has activate double authentication and redirect this user to the page in question.
The problem is that I am not redirected and the code continues to execute.
public function login(Request $request)
{
$this->validateLogin($request);
...
$this->checkTotp($request);
dd('after');
...
}
protected function checkTotp(Request $request)
{
$user = User::where('email', $request->get('email'))->first();
if (!is_null($user->totp_key)) {
$request->session()->put('user_id', $user->id);
return redirect('login/totp');
}
}
What happens is that I enter the checkTotp method but the redirect does not work. My output is the dd('after'). I don't understand why I am not redirected. Can someone help me?
Quentin
The checkTotp function returns a redirect, but you want the login function to return that redirect, such that it is passed to the browser. You might want to move the redirect to the main function and let checkTOTP just return true/false.
public function login(Request $request)
{
$this->validateLogin($request);
...
if ($this->checkTotp($request)) return redirect('login/totp');
dd('after');
...
}
protected function checkTotp(Request $request)
{
$user = User::where('email', $request->get('email'))->first();
if (!is_null($user->totp_key)) {
$request->session()->put('user_id', $user->id);
return true;
}
return false;
}
I know two method:
The first is using a Request object param in the controller's function
public function index(Request $request)
{
$user = $request->user();
return view('home');
}
The second is using directly the Auth facade.
public function index()
{
$user = Auth::user();
return view('home');
}
Are there any diferences? Are one method better that the other one and, if, yes, why?
This is only matter of preference, you can use:
public function index(Request $request)
{
$user = $request->user();
return view('home');
}
or
public function index()
{
$user = Auth::user();
return view('home');
}
or
public function index(Guard $auth)
{
$user = $auth->user();
return view('home');
}
or
public function index()
{
$user = auth()->user();
return view('home');
}
They will all work the same. There is no better or worse method for such simple piece of code.
In controller it doesn't make much difference but in case you write some services and you would like to test them (writing some unit tests for example), better solution would be in my opinion injecting Guard in constructor instead of running Auth facade or auth() helper.
The Auth facade provides a shortcut but the result is the same. You can always use \Auth::user() from your controller or views, on the other hand, if you want to use the $request variable, you need to pass it to your views.
I'm using Laravel 5.3. I've been able to create policy classes but when I try to register a gate closure, it is always denied.
Here is the boot() method in AuthServiceProvider
public function boot()
{
$this->registerPolicies();
Gate::define('view-admin-index', function ($user, $company) {
return true;
});
}
Here is the output when dumped.
dd(Gate::has('view-admin-index')); => true
dd(Gate::allows('view-admin-index', $company)); => false
UPDATE
I also get false instead of "here" if do this:
// In AuthServiceProvider
Gate::define('view-admin-index', function ($user, $company) {
dd('here');
return true;
});
// In controller, output is false
dd(Gate::allows('view-admin-index', $company));
UPDATE 2
// In controller, there is an authenticated user and output is false
dd(auth()->user()); // => User
dd(Gate::allows('view-admin-index', $company)); // => false
Looks like you aren't even getting to call the closure. This will be the behavior if you don't have a user currently authenticated. See Source Here. Are you getting any output if you call dd(Auth::user()) right before Gate::allows('view-admin-index', $company)?
If you need to manually login a user you can always do:
Auth::login(User::find($id));
I have the same problem, it looks like a big bug of Laravel 5.3.28.
It just doesn't accepts Collections as arguments.
Here is my workaround:
Code:
Gate::define('xx', function ($auth, $user) {
return 1;
});
Route::get('example', function()
{
$user = User::first();
dd( Gate::allows('xx', $user) ); //false
});
My workaround:
Route::get('example', function()
{
$user = (object)User::first()->toArray();
dd( Gate::allows('xx', $user) ); //true
});