SO community!
I have a project, that I've built on Laravel 5.2. As its authorization I am using the built in one, that can be generated by running
php artisan make:auth
It serves well, but the system's users will be mostly invited by the administrator, whose account is created by the built-in auth action under the route /register. There will be multiple instances of my project hosted separately.
Once the system is set up I do need the route to create the administrator account, but after that I would like the route to be not be accessible.
The customization I need is as follows:
I am thinking about an "if" that would check how many administrator accounts there currently are. If there is at least one, the /register route would redirect to /login.
Something like this:
$administrators = User::where( 'role', User::ROLE_ADMIN )->get();
if ( count( $administrators ) != 0 ) return redirect( url('/login') );
It is a simple piece of code, but I do not know where to put it.
First possible solution:
At first I was thinking that I would need to customize the register action by adding the check to it, but the AuthController does not have register action and I do not understand how the AuthController works.
Second possible solution:
I was thinking of creating a middleware with the admin count check for the /register route, but in the routes file the built-in authorization routes are somehow condensed and added with this piece of code:
Route::auth();
Is there some way of extracting the /register route out of that, so I bind the middleware on to it?
Or maybe there is a better way of adding the check.
Any help will be much appreciated!
Related
I am new in laravel and I have one problem with middleware. On official laravel site, I found code for creating controller.
When I creating controller it is recommended to add middleware in constructor or this is only if I need some additional functionalities?
Also, if I include auth middleware, did I get some benefits by default, like security checks or similar or I must to rewrite middleware code first?
class UserController extends Controller {
/**
* Instantiate a new controller instance.
*
* #return void
*/
public function __construct() {
**//this part includes some protection or similar by default ?**
$this->middleware('auth');
}
}
Middleware is used when you want to filter the HTTP requests entering your application.
For example, including the built-in auth middleware will restrict non-authenticated users from accessing a page and redirect them to the login screen.
You can include middleware into your controller and routes.
In the controller you do it like so:
public function __construct()
{
$this->middleware('auth');
}
For a route you do this:
Route::get('/page', 'MyController#myMethod')->middleware('auth');
Do I need to include this part of code when I creating controller or not ?
As I said in my comment, it really depends on the desired functionality whether you use it or not.
An example
Your homepage should probably be accessible for anyone who visits you website, while your dashboard should only be displayed to authenticated users.
That's where you would include the auth middleware.
Question #1
Do you need to use $this->middleware('auth'); in your controller?
Answer: Only if you want to protect all of the methods of that controller from non-authenticated users and only allow signed in users to access controller actions.
Question #2
Do you get benefits for using the auth middleware?
Answer: Yes you do, only authenticated users can access the controller or routes protected by auth.
** Question #3**
Do you need to write your own middleware?
Answer: Only if you need to override a middleware or need extra functionality that is not already provided (php artisan make:auth), but if you are rolling your own login functionality then you will likely need/want to create your own middleware.
Resources:
Look in App\Http\Kernel.php and you will see that the $routeMiddleware array matches the auth middleware to the \Illuminate\Auth\Middleware\Authenticate::class which actually verifies that the current user is logged in and allows them to pass, if they are not logged in then it will redirect them to the '/login' route.
You will see that Laravel uses quite a bit of middleware by default, such as starting the session, encrypting cookies and protecting against CSRF forgery.
There are several ways to implement middleware, which I'm sure you saw in the docs.
Some Helpful Video Tutorials:
I suggest you watch each of the free series usually titled Laravel from Scratch on Laracasts.com. I would also suggest watching all of from Laravel 5.7 back to 5.1 or 5.0 as Jeffrey Way may use different techniques in similar situations and it will provide you with a great tips and helpful information as to how things work along with some Laravel best practices along the way. I've subscribed to him for years and work in Laravel everyday and I still learn some new things from watching his videos, a subscription is easily worth 10-20 what he charges.
I'm new to laravel and making a web service that can function without javascript (if a user has it disabled or something.)
But it would be a better user experience to be able to perform certain actions without refreshing the whole page. I'd like to be able to say, send a form without reloading the page, or refresh notifications.
The options I can think of are:
1) Send the ajax to the same route as the pure html form, but with an extra variable and make my laravel respond with json when that variable is detected
2) Use the API route? Will this detect the currently logged in user?
3) Make new routes for everything ajax, even though they function the same as my current routes (aside from returning a view)
Also, does the CSRF token work multiple times in a row, or do I need to disable that to handle multiple ajax form posts in a row without page refreshes?
I recommend keeping the routes separate, both to prevent weird caching bugs and for your own sanity as the code changes over time.
Laravel is set up out of the box to let you define web routes in routes/web.php and api routes in routes/api.php. Routes defined in your api.php file will be available at /api/* by default. It's much easier to manage changing the application this way, rather than trying to make your controllers do both views and api responses.
With Laravel Passport, your API routes can detect the currently logged in user via the auth:api middleware when combined with adding the Laravel\Passport\Http\Middleware\CreateFreshApiToken to your web middleware group.
https://laravel.com/docs/5.7/passport#consuming-your-api-with-javascript
An easy way to manage the duplicated controllers (one for web and one for api) is to put Api controllers in their own namespace, with php artisan make:controller Api/FooController. You can even set up your Api routes to look for controllers in this namespace by default by editing RouteServiceProvider.php.
I am new to the laravel framework,and i setup the laravel basic authentication it simple and awesome.
I need a clarification in following things
1.when i list the all routes using route list command i can see the many routes including the functionalities for login and register ,but the routes not registerd in in route.php file ,how its worked?
2.I want to add some more fields in registration for that i am looking for this function AuthController#register ,but there is no function named register in it,so where it is actually located.??
EDIT
1.I need to find the login functions also,because I want to show custom error message to the user is(password not found,invalid email,account blocked )
2.want to change the route after logout
i'm new to laravel, just started building my first laravel application (v.5.2). I come from codeigniter. In CI i used to create a pre-controller hook to check login status and set language before any controller loads. Application-wide stuff.
I can't find anything on pre-controller hooks in the laravel docs. There is something called "middleware" however that might do the job. At what point does this Middleware kick in?
Am i on the right track? or is there a better way do these jobs in laravel.
Yes you can do that with middleware.
Middleware will execute before hitting your controller's method.
Though I would suggest you to make a base controller where you can create a method to do this stuff and call that method from the constructor of the base class.
Edit
So I just read that you want to check if the user is logged in. For this purpose you have auth middleware.
Yes, middleware is the best option. I'm using Auth Middleware to implement this kind of feature in my application.
Like below.
public function __construct()
{
$this->middleware('auth' , ['except' => ['show']]);
parent::__construct($this);
}
Here I want to give permission to only show action without login.
You can also use form request to check permission/authentication for each action.
For Laravel 5 # (5.2)
You can have a look on App\Http\Controllers\Controller
Actually all other controllers extends this base controller.
Issue :
1. If routes are not use controller in this case it not works.
I'm looking for a way for users that are logged in to register new users. I don't want unregistered users creating new users. The problem that I'm coming up against is that Laravel does a lot of rerouting when you use their registration controllers so that it auto reroutes you away from the registration page if you are already logged in. Is there a way that I can get around this functionality without having to rewrite all of the registration logic?
I've tried simply adding auth middleware to the registration route but it immediately reroutes to the home page of the app before you hit the registration view. If I create a route that redirects to the registration view like this-
Route::get('register', function(){
return view('auth.register');
});
It will give me the registration page but silently fail to add any users to the database. I think it may be because the RegistersUsers class has use RedirectsUsers as its first statement. Short of rewriting the code there is there another way to accomplish what I'm trying to do?
I'm using Laravel 5.2 with the make:auth standard views