I have this Laravel 5 app. There are two controllers: Index and Home.
In the index, I have the pages visible for users that haven't logged in yet. When a user logs in, he goes to the home controller.
Of course, I want a visitor not being able to view the routes under home-controller.
So I put a check inside the constructor for Home. But it redirects back to the index and doesn't seem to be the right way at all.
So having this group of routes:
Route::group(['prefix' => '/home'], function () {
Route::auth();
Route::get('index', 'HomeController#index');
Route::get('logout', 'HomeController#logout');
});
As you can see, I added.
Route::auth();
Which I thought should manage to deny access for visitors that haven't logged in. The home is still accessible for users that haven't logged in yet.
What is the way to describe directly inside the route.php that a bunch of routes (inside a group I guess) should first go through the authentication before serving the route?
Are you using this code within your controller?
public function __construct()
{
$this->middleware('auth');
}
You should add a auth middleware to protect your home group:
Route::auth();
Route::group(['middleware' => 'auth'], function() {
Route::group(['prefix' => '/home'], function () {
Route::get('index', 'HomeController#index');
Route::get('logout', 'HomeController#logout');
});
});
You may have a look at this: https://laravel.com/docs/5.2/authentication#protecting-routes
Its really simple in Laravel only thing you have to use is a single Middleware
see this DOC
EX:
Route::get('profile', ['middleware' => 'auth', 'uses' => 'ProfileController#show']);
this profile show route works only if user logged in.
If you have multiple routes to protect from non-authenticate users then use a route group,
Route::group(['prefix' => '/home', 'middleware' => ['auth']], function()
{
// user need to logged in order to access these routes
Route::get('/', function()
{
});
});
In kernal.php add 'auth' => 'MyespaceAdmin\Http\Middleware\Authenticate' in $routeMiddleware.
Authenticate.php in middleware directory check handle function for below code.
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('your login page url');
}
}
Then use middleware auth in routes or in your controller
Related
At first I decided to organize my routes like I have in the code given below. However, I quickly realized that I couldn't access the routes in the group that uses middleware guest as soon as I log in. Does that mean that routes which I want to be accessible by anyone no matter whether they're logged in or not should not be in any middleware group?
<?php
Route::group(['middleware' => ['web']], function(){
Route::group(['middleware' => ['guest']], function(){
Route::get('/', 'PagesController#index')->name('home');
Route::get('/image/{id}', 'PagesController#specificImage')->name('specificImage');
Route::get('/contact', 'PagesController#contact')->name('contact');
Route::get('/tags', 'PagesController#tags')->name('tags');
Route::get('/tags/{tagName}', 'PagesController#specificTag')->name('specificTag');
Route::get('/albums', 'PagesController#albums')->name('albums');
Route::get('/albums/{albumId}/{albumName}', 'PagesController#specificAlbum')->name('specificAlbum');
Route::post('/signup', 'UsersController#signUp')->name('signup');
Route::post('/signin', 'UsersController#signIn')->name('signin');
Route::post('/sendmail', 'UsersController#sendMail')->name('sendmail');
});
Route::group(['middleware' => ['auth']], function(){
Route::get('/upload', 'PagesController#upload')->name('upload');
Route::get('/logout', 'UsersController#logOut')->name('logout');
Route::get('/imageDelete/{imageId}', 'ImagesController#deleteImage')->name('deleteImage');
Route::get('/deleteTag/{tagId}', 'TagsController#deleteTag')->name('deleteTag');
Route::post('/imageUpload', 'ImagesController#uploadImage')->name('imageUpload');
Route::post('/albumUpload', 'AlbumsController#uploadAlbum')->name('albumUpload');
Route::post('/createTag', 'TagsController#createTag')->name('createTag');
});
});
Remove auth middleware from the route group
Correct! Get rid of the guest middleware, you don't need it.
Just Do not use any middleware.
I'm trying to prevent people from accessing the /dashboard route unless they're authenticated(logged in). I looked at the laravel docs and here's what I thought I was supposed to do to accomplish this.
Route::group(['middleware' => 'auth'], function (){
Route::get('/dashboard', [
'uses' => 'UserController#getDashboard',
'as' => 'dashboard'
]);
});
You don't need to add that extra middleware in the route. Just use the group and you'll be fine. You can see here: https://laravel.com/docs/5.1/routing#route-groups
Route::group(['middleware' => 'auth'], function () {
// User needs to be authenticated to enter here.
Route::get('/', function () {
// Uses Auth Middleware
});
Route::get('user/profile', function () {
// Uses Auth Middleware
});
});
I have two applications, the routes file of the working one is below:
routes.php
<?php
Route::auth();
Route::group(["prefix" => "api"], function() {
Route::resource("places", "PlacesController");
Route::resource("users", "UsersController");
Route::group(["prefix" => "auth"], function() {
Route::get("/", "AuthController#GetAuth");
Route::get("logout", 'Auth\AuthController#logout');
});
});
Route::get('/', 'RedirectController#toAngular');
I have the same thing in another application but it is not working. I get an InvalidArgumentException because it can't find the login.blade.php file which I deleted because it is handled by Angular. How do I properly and most efficiently override the /login and /register GET routes generated by Route::auth()?
If you want to override /login and /register, you can just add those two routes after declaring Route::auth() like following:
Route::get('login', ['as' => 'auth.login', 'uses' => 'Auth\AuthController#showLoginForm']);
Route::get('register', ['as' => 'auth.register', 'uses' => 'Auth\AuthController#showRegistrationForm']);
As the application can't find the 'login.blade.php' which is actually returned from controller method, not in routes, then you need to override the showLoginForm method in AuthController and return what view you want to load.
public function showLoginForm() {
return view('path.to.your.view');
}
I created a new laravel project and laravel flash seems to not be working as i want. The moment I return to a route the flash is gone. I have controller method that does absolutly nothing but flash and return to a route.
Like so
public function activateContract(Request $request ){
return redirect()->to('test')->with('status', 'test');
}
My routes file
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::get('/', function(){
return redirect()->intended(route('contract.index'));
});
Route::group(['middleware' => 'auth'], function () {
Route::group(['prefix' => 'contract'], function(){
Route::get('', ['as' => 'contract.index' , 'uses' => 'User\ContractController#index']);
Route::post('', ['as' => 'contract.index' , 'uses' => 'User\ContractController#activateContract']);
Route::get('mijn', ['as' => 'user.contract.index' , 'uses' => 'User\ContractController#userContracts']);
});
});
Route::get('test', function(){
dd(session('status'));
});
c});
Here is the ouput of the die dump in the test route witch magicaly lost the flash message.
null
You need to send the message with the redirect like so:
return redirect()->to('test')->with('status', 'test');
And then you can access it with the session helper function:
session('status');
docs
Edit: Place your Route::get('test') into your group with middleware 'web'.
See more about HTTP Middleware here
Laravel 5.2 changed middleware document as :Keep in mind, the web middleware group is automatically applied to your default routes.php file by the RouteServiceProvider.
It means that if you keep a route in another ['middleware' => 'web'], the data set by session()->flash() would be lost by executed web middleware twice.
It is also the answer someone asked why web executed twice.
Laravel 5.2 : Web middleware is applied twice
I am using laravel 5.1 and have a route similar to:
Route::get('/{id}/write-review', ['middleware' => 'auth', 'uses' => 'ItemController#writeReview']);
The problem I have is that when someone goes to this page (when not logged in) they get redirected to login, which is fine, but then redirected to the $redirectPath set in AuthController.php. I would like them to be redirected back to the review page.
Thanks in advance.
The intended redirect function will redirect the user to the URL they were attempting to access before being caught by the authentication filter. A fallback URI may be given to this method in case the intended destination is not available.
https://laravel.com/docs/5.1/authentication#authenticating-users
return redirect()->intended('dashboard');
I think i found the problem route {id}/write-review must be under the web middleware
Route::group(['middleware' => ['web']], function () {
Route::get('login', 'Auth\AuthController#getLogin');
Route::post('login', 'Auth\AuthController#postLogin');
Route::get('logout', 'Auth\AuthController#getLogout');
Route::group(['middleware' => ['auth']], function () {
Route::get('/{id}/write-review', ['uses' => 'ItemController#writeReview']);
});
});