I'm having some issues with protecting routes in Laraval.
So one of my routes:
Route::get('/purchase-quote', ['middleware' => 'auth', 'uses' => 'PurchaseController#purchaseQuote']);
Lets say for example, I am on page /about and I click a link that takes me to /purchase-quote. Well it's doing what I want there, it's forcing someone to login or register before accessing the page.
The issue is that after they register, instead of continuing on and taking them to the intended /purchase-quote page, it takes them directly to the home page at /
This used to work the way I am needing it to, and all of a sudden it does not. If I do login instead of register, it works the way it should.
Will also include auth code here:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->guest()) {
if ($request->ajax() || $request->wantsJson()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('register');
}
}
return $next($request);
}
Related
I'm using Laravel 5.3 and want to return the user to a user-specified URL after login.
I am using a lot of JavaScript and want to return to a specific URL, that isn't the URL the user is trying to access, after they have logged in. The URL is different depending on user action.
For example:
/login?r=/come/here/after/login
I can pass this URL to the login screen, but I can't find a way to pass it through to the auth controller for redirection after login is successful.
In your case I would create a custom auth middleware just for the custom redirected routes:
class PostLoginRedirect
{
public function handle($request, Closure $next, $guard = null)
{
$response = $next($request);
if (\Auth::id() && isset($request->r)) {
// Return the new route redirect.
return redirect($request->r);
}
// Return the custom one in case r? don't exists.
return $response;
}
}
Declare your new middleware on app/Http/Kernel.php
protected $routeMiddleware = [
'login-redirect' => \YourNamespace\PostLoginRedirect::class
];
And add to your routes:
$this->post('login', ['middleware' => 'login-redirect', 'uses' => 'Auth\AuthController#login']);
Maybe you need to do a minor change but must work :)
I am using Laravel 5.2 with angular js. And also I have added a middleware auth for all my URL's.
I have a URL like this http://localhost/myproject/public/#/resources.
When I directly run the above URL it will redirect me to the login page and after login, it redirects only to the home page. Because there is no URL assigned after public/. But I need to redirect to hash URL.
Here is my Authenticate middleware code.
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->guest()) {
if ($request->ajax() || $request->wantsJson()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}
}
$url = parse_url($request->url());
print_r($url["fragment"]);
//return $next($request);
}
I've tried to print fragment part of the URL. But I am getting nothing. Is ther any way to redirect with hash URL.
In laravel I've simply done this:
Route::group(["middleware" => "admin"], function() {
Route::get("/", "UserController#index")->name("user_index");
});
Route::group(["middleware" => "user", "as" => "User::"], function() {
Route::get("/", "DocumentController#index")->name("user_index");
});
The problem is when I am logged in as my Admin auth middleware, when going to "/" my browser returns too many redirects and stops. I'm guessing because the second route is removing this as when I print out php artisan route:list there is only one result for "/" and that's with the user middle's parameters so it's defo overriding the previous route.
What I don't understand is why would it do this is both have a separate middleware?
Both middlewares are extremely simple. Below is my admin
public function handle($request, Closure $next)
{
if ( Auth::check() && Auth::user()->hasRole("customer_service") )
{
return $next($request);
}
return redirect("/");
}
And my user's middleware is exactly alike except the role is different
This is probably wrong but this is what I did to fix this particular issue with the above.
public function index() {
return \Auth::user()->hasRole("trainer") ? \App::call("App\Http\Controllers\Trainer\UserController#index")
: \App::call("App\Http\Controllers\User\UserController#index");
}
I use the manual authentication in Larave, here is my function of code
public function doLogin(){
// create our user data for the authentication
$userdata = array(
'username' => Input::get('username'),
'password' => Input::get('password')
);
// attempt to do the login
if (Auth::attempt($userdata,true)) {
return (Auth::check() ? 'true' : 'false');
}
else {
// validation not successful, send back to form
return (Auth::check() ? 'true' : 'false');
}
}
After logging in, the Auth::check returned true. But after browsing to protected routes, which have this construct function
public function __construct()
{
$this->middleware('auth');
}
the middleware redirects me to the login page again, even after login.
Auth middleware has never been modified. Are there any modifications I needed to do?
I also tried my custom middleware:
class LoginCheck
{
public function handle($request, Closure $next)
{
if (!Auth::check()) {
if ($request->ajax() || $request->wantsJson()) {
return response('Unauthorized.', 401);
} else {
return redirect('login');
}
}
return $next($request);
}
}
Still not working, means Auth::check() is returning false.
Cookies are configured to store session, and still not working, too.
This is weird, but...
I created a new Laravel project. Copied all the MVC and routes (only that) but excluding everything about auth. Then I did php artisan make:auth, and it worked, and I have literally no idea why.
Seems like I must have messed with something really, bad.
By the way, thanks for all the help!
I am building a SaaS app in Laravel and want to give each person/company their own sub-domain. I have a users table with a company_id column. I have a companies table with a sub_domain column, which will be the sub-domain for that company. I don't want Company A to be able to visit Company B's sub-domain.
I have looked a quite a few articles and many forums on how to handle this and I am not finding any solutions that work. I am thinking that I need to use Middleware in combination with route grouping, but I just can't figure it out. Does anyone have experience with this?
Here is my routes.php:
Route::group(['domain' => '{sub_domain}.' . env('APP_DOMAIN_NAME'), 'middleware' => 'subdomain'], function() {
Route::auth();
Route::group(['middleware' => 'guest'], function () {
//Route::get('/', 'PublicController#index');
Route::get('/tickets/create', 'TicketsController#create');
Route::post('/tickets/create', 'TicketsController#store');
});
Route::group(['middleware' => 'auth'], function () {
Route::get('/tickets', 'TicketsController#index');
Route::get('/tickets/{id}', 'TicketsController#edit');
Route::patch('/tickets/{id}', 'TicketsController#update');
Route::delete('/tickets/{id}', 'TicketsController#destroy');
Route::get('/my-tickets', 'TicketsController#myTickets');
Route::get('/tickets/close/{id}', 'TicketsController#closeTicket');
});
});
The problem with this is that I can visit another sub-domain successfully. Now, I can still only view the tickets that are associated with the currently logged in user's company. I would like to throw a 403, or even just redirect back to their own sub-domain.
Here is the Subdomain.php middleware:
public function handle($request, Closure $next)
{
$request_uri = $request->server('HTTP_HOST');
$this->checkSubdomainExists($request_uri);
if(Auth::check()) {
$user = User::find(Auth::user()->id);
if($user->company->sub_domain !== Session::get('company_sub_domain')) {
Session::forget('company_sub_domain');
return 'not Authed';
}
}
return $next($request);
}
This middleware should work.
public function handle($request, Closure $next)
{
if(Auth::check()) {
$user = Auth::user();
$sub_domain = array_shift((explode(".",$_SERVER['HTTP_HOST'])));
if($user->company->sub_domain != $sub_domain) return abort(403);
}
return $next($request);
}
But pay attention beacuse if the company is not logged in, it can see the domain.
Sessions in Laravel can be specific to a domain, so you could use this feature with the current sub domain.
In the session configuration file:
'domain' => (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : null,