I'm in the process of upgrading our web app from laravel 4.2 to laravel 5.2. I've managed to solve most of the problems but this particular problem is leading me in loops.
This is how the route group for admin dashboard looks like:
Route::group(['middleware' => 'web','prefix' => 'adm'], function ()
{
Route::get('login', ['as' => 'admin.login.view', 'uses' => 'AdminLoginController#loginView']);
Route::post('login', ['as' => 'admin.login.attempt', 'uses' => 'AdminLoginController#attempt']);
Route::get('logout', ['as' => 'admin.logout', 'uses' => 'AdminLoginController#logout']);
...other routes pertaining to admin dashboard
}
The login functions and all functions within the admin panel work as expected. The only problem is when the user logs out, any one can access the remaining routes in the admin panel (no login required). I have placed Auth::check() and checked for auth in various controllers, the login and logout work as expected.
Auth::check() fails if user is not logged in and passes if user has logged in.
How do I make sure all the routes within this group are accessible only to logged in users. I have tried creating another middleware called authAdmin and tried to use that instead of the web middleware. In that case I can't even login.
I create new middleware for login and in the page look like this
namespace App\Http\Middleware;
use Closure;
class Login
{
public function handle($request, Closure $next)
{
$messages = config('message');
if ($request->session()->has('userId')) {
return $next($request);
}
return redirect('/')->withErrors("Please login first");
}
}
In Kenel.php register Login class
protected $routeMiddleware = [
'login' => \App\Http\Middleware\Login::class,
...
In route file
Route::group(['middleware' => ['web'],'prefix' => 'adm'], function () {
Route::get('login', ['as' => 'admin.login.view', 'uses' => 'AdminLoginController#loginView']);
Route::post('login', ['as' => 'admin.login.attempt', 'uses' => 'AdminLoginController#attempt']);
Route::get('logout', ['as' => 'admin.logout', 'uses' => 'AdminLoginController#logout']);
Route::group(['middleware' => 'login'], function () {
[Your other route here]
});
)};
Hope this help
Related
I have guard 'admin'.
how I know in Laraver guard work as multi auth(I can log in as a user and as Admin at once).
but I pretty surprise when I have an error about ERR_TOO_MANY_REDIRECTS when I log in as admin and try to check the page with auth middleware. Like admin this si no auth user no auth?
Have code like this
Route::group([ 'namespace' => 'Shop','middleware' => ['auth'], 'prefix' => 'shop'], function () {
Route::get('/', 'MainController#index')->name('shop');
Route::get('/search', 'MainController#search')->name('shop.search');
Route::get('/ajax-search', 'MainController#ajaxSearch')->name('shop.ajax-search');
Route::get('autocomplete', 'MainController#autocomplete')->name('shop.autocomplete');
Route::get('/searchbyname', 'MainController#searchbyname')->name('shop.searchbyname');
});
Route::group(['prefix' => 'cart','middleware' => ['auth:admin'], 'namespace' => 'Shop'], function () {
Route::get('/','CartController#index')->name('shop.cart');
Route::get('/add','CartController#add')->name('cart.add');
Route::get('/details','CartController#details')->name('cart.details');
Route::delete('/{id}','CartController#delete')->name('cart.delete');
});
how I can resolve this issue if I wanna that admin has all access as Authentication user + admin routes?
You can declare 2 middlewares in the Route::group. E.g.:
Route::group([ 'namespace' => 'Shop','middleware' => ['auth', 'auth:admin'], 'prefix' => 'shop'], function () {
...
});
maybe this helps you
Route::get('/', function () {
...})->middleware('first', 'second');
multiple middleware to the route
i just want to group all my admin routes in my laravel. I'm a beginner in laravel and i want to synchronize all my admin routes in one group, my question is, why i cant put the post route inside the group of my admin routes?
Here is my routes:
Route::group(['as' => 'admin::', 'prefix' => 'admin'], function () {
Route::get('login', [
'as' => 'login',
'uses' => 'admin\AdminLoginController#index'
]);
Route::post('login', 'admin\AdminLoginController#auth')->name('admin.login');
});
my above code was returning error , where laravel says admin.login route doesn't exist. Then i tried to put the post route outside the group and it works. Why?.
Here is the code where returns no error:
Route::group(['as' => 'admin::', 'prefix' => 'admin'], function () {
Route::get('login', [
'as' => 'login',
'uses' => 'admin\AdminLoginController#index'
]);
});
Route::post('login', 'admin\AdminLoginController#auth')->name('admin.login');
Because you use as in your route group and it's admin:: and you may link to admin.
Now it goes to admin::login and you need admin.login
I can't go to the admin part of my site. I'm landing always on the main site. This problem is only with admin, every another routes working perfectly.
Routes:
Route::group(['middleware' => ['web']], function () {
// Login, logout
Route::get('admin', array('as' => 'login', 'uses' => 'AuthController#index'));
Route::post('admin/login', array('as' => 'cms_login', 'uses' => 'AuthController#login', 'before' => 'csrf'));
Route::get('admin/logout', array('as' => 'logout', 'uses' => 'AuthController#logout'));
}
AuthController:
public function index(){
// Show login form
return view('backend/pages/login');
}
Doesn't matter what I do, I landing always on the home screen www.example.com if I try to call www.example.com/admin.
The problem was the app/http/Middleware/RedirectIfAuthenticated.php
Here was "return redirect('/');" that's why I landed always on the home screen
I'm trying to route the index page to a different location if logged in however even though my authentication system works, it's not redirecting to where I expected i.e. getLogged, instead it always redirects to getIndex whether I am logged in or not.
Route::filter('auth', function()
{
if (!Sentry::check()) return Redirect::to('/');
});
Route::group(array('before' => 'auth'), function() {
Route::get('/', array('uses' => 'MyController#getLogged'));
});
Route::get('/', array('before' => 'detectLang', 'uses' => 'MyController#getIndex'));
I tested to make sure my auth works by changing
Route::group(array('before' => 'auth'), function() {
Route::get('/', array('uses' => 'MyController#getLogged'));
});
to
Route::group(array('before' => 'auth'), function() {
Route::get('/dash', array('uses' => 'MyController#getLogged'));
});
and that properly behaves that I can only access /dash when I am logged in so why is my index route not working?
You're declaring the same route twice, it won't work. To achieve this functionality, instead of adding a auth filter, add a guest one that, instead of checking if the user is not connected, will check if it is. Something like this:
Route::filter('guest', function () {
if (Sentry::check()) return Redirect::route('logged');
});
Then, setup your routes, something along these lines:
Route::get('/', array(
'as' => 'home',
'uses' => 'MyController#getIndex',
'before' => 'guest'
));
Route::get('/logged', array(
'as' => 'logged',
'uses' => 'MyController#getLogged',
'before' => 'auth|detectLang'
));
Note: The as key gives a name to your route, so you can use it on Redirect::route or URL::route methods.
I'm new to Laravel ( version 3 ), i do not know how to set Route and filters in Laravel so that any unauthorized user that is trying to access any url redirects to the login page (NOT the 404 error), in another word the default home page for unauthorized users is going to be the login page and for the authorized users it's going to be the dashboard.
If you are using laravel Auth class you can create an authorized route group. All routes that are defined there will be redirected if the user isn't logged in. Your router file will look something like this:
Route::get('/', array('as' => 'intro', 'uses' => 'intro#index'));
Route::get( 'login', array('as' => 'login', 'uses' => 'user#login'));
Route::get( 'logout', array('as' => 'logout', 'uses' => 'user#logout'));
// PROTECTED
Route::group(array('before' => 'auth'), function()
{
Route::get('dashboard', array('as' => 'dashboard', 'uses' => 'user#dashboard'));
});
// AUTH FILTER
Route::filter('auth', function()
{
if (Auth::guest()) return Redirect::to('login');
});
Just put a before filter in the declaration of the route like this
Route::get('edit_profile', array('before' => 'auth', function()
{
return View::make('profile.edit');
}));
The Auth filter exists by default in Laravel.