I would like to have some routes which only be available for auth:user OR auth:admin middlewares.
I tried following code :
Route::group(['middleware' => ['auth:user', 'auth:admin']], function () {
//many routes here
});
But seems like these routes are available for auth:user AND auth:admin at the same time!!!
I don't want AND. I need OR.
Any helps would be appreciated
Update 1
I decided to create new guard userOradmin in /config/auth.php file.
As you can see I have created new guard called userOradmin which points to provider usersOrAdmins (plural names) :
'guards' => [
'user' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins'
],
'userOradmin' => [
'driver' => 'session',
'provider' => 'usersOradmins'
]
]
And the provider is :
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Admin::class
],
'usersOradmins' => [
'driver' => 'eloquent',
'model' => [App\Admin::class, App\User::class] // <-- Is that right?
]
The problem is here. Should I assign that two classes to model like that?!
You need to make a new middleware for this, auth:userOrAdmin. Middlewares do not interact with each other, so neither of those middlewares know that the other exists. They just get a request, check it, and send it down the line, so every middleware is inherently AND.
Swap out the Authenticate middleware with this:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class Authenticate
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string ...$guards
* #return mixed
*/
public function handle($request, Closure $next, ...$guards)
{
if ($this->check($guards)) {
return $next($request);
}
if ($request->ajax() || $request->wantsJson()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}
}
/**
* Determine if the user is logged in to any of the given guards.
*
* #param array $guards
* #return bool
*/
protected function check(array $guards)
{
if (empty($guards)) {
return Auth::check();
}
foreach ($guards as $guard) {
if (Auth::guard($guard)->check()) {
Auth::shouldUse($guard);
return true;
}
}
return false;
}
}
Then you can use it in your routes:
Route::group(['middleware' => ['auth:user,admin']], function () {
//many routes here
});
Related
I have this global middleware that updates user's last activity
<?php
namespace App\Http\Middleware;
use Illuminate\Http\Request;
use Closure;
class HandleLastActivity
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle(Request $request, Closure $next)
{
if (auth()->user()) {
$user = auth()->user();
$user->lastActivity = now();
$user->save();
}
return $next($request);
}
}
but auth()->user() is always null. I'm using sanctum and it works in routes under auth middleware.
env
SESSION_DRIVER=cookie
SESSION_LIFETIME=120
SESSION_DOMAIN=.mydomain.com
SANCTUM_STATEFUL_DOMAINS=mydomain.com,www.mydomain.com,api.mydomain.com
config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'sanctum',
'provider' => 'users',
],
],
First things first, I am using Hyn-Multi Tenant in my laravel 6 application Where there is a central database [connection = system] handles multiple tenant database. So far this package has helped me a lot but my application needs passport implementation for apis which is not documented in the package.
However there are other tutorials which claim passport implementation on Hyn package. I followed them and able to create access token per tenant user.
This is my config/auth.php:
return [
'defaults' => [
'guard' => 'web',
'passwords' => 'system-users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'system',
],
'staff' => [
'driver' => 'session',
'provider' => 'staff',
],
'api' => [
'driver' => 'passport',
'provider' => 'staff',
'hash' => false,
],
'student' => [
'driver' => 'passport',
'provider' => 'student',
'hash' => false,
],
],
'providers' => [
'system' => [
'driver' => 'eloquent',
'model' => App\Models\System\User::class,
],
'staff' => [
'driver' => 'eloquent',
'model' => App\Models\Tenant\Staff::class,
],
'student' => [
'driver' => 'eloquent',
'model' => App\Models\Tenant\Student::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
My each tenant models uses UsesTenantConnection trait
This is my EnforceTenancy middleware
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Config;
class EnforceTenancy
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
Config::set('database.default', 'tenant');
return $next($request);
}
}
This is my AuthServiceProvider.php
public function boot()
{
$this->registerPolicies();
Passport::routes(null, ['middleware' => 'tenancy.enforce']);
// FOLLOWING CODE IS HAVING PROBLEM
//Passport::useTokenModel(OAuthAccessToken::class);
//Passport::useClientModel(OAuthClient::class);
//Passport::useAuthCodeModel(OAuthCode::class);
//Passport::usePersonalAccessClientModel(OAuthPersonalAccessClient::class);
$this->commands([
\Laravel\Passport\Console\InstallCommand::class,
\Laravel\Passport\Console\ClientCommand::class,
\Laravel\Passport\Console\KeysCommand::class,
]);
\Laravel\Passport\Passport::tokensExpireIn(\Carbon\Carbon::now()->addMinutes(10));
\Laravel\Passport\Passport::refreshTokensExpireIn(\Carbon\Carbon::now()->addDays(1));
}
So far all good, now I am going to explain in points,
When I call createToken('MyApp') I am able to generate token on tenant db, for example:
if (Auth::guard('staff')->attempt(['email' => $request->email, 'password' => $request->password])) {
$user = Auth::guard('staff')->user();
$auth_tokens = $user->createToken('MyApp');
$access_token = $auth_tokens->accessToken;
...
}
but to access login protected apis, I am sending bearer access token in header
window.axios
.get("/api/meta",{
headers: fetchAuthHeaders()
})
.then(response => {
if(true == response.data.status) {
var data = response.data.data;
this.school.name = data.school_meta.name;
this.school.logo = data.school_meta.logo;
} else{
alert(response.data.message);
}
})
api.php
Route::domain('{hostname}.lvh.me')->group(function () {
Route::middleware('tenant.exists')->group(function () {
Route::get('/get-oauth-secret', 'Tenant\MetaController#getOAuthData');
Route::post('validate-login','Tenant\AuthController#validateLogin');
Route::middleware(['auth:api'])->group(function (){
Route::get('meta','Tenant\AuthController#getMetaData'); //this api
});
});
});
I am getting response as {"message":"Unauthenticated."}
Once the token is generated in step 1, I copy this token and paste into postman's header section and uncomment the custom passport models in AuthServiceProvider.php as shown below
AuthServiceProvider.php
public function boot()
{
...
// UNCOMMENTED FOLLOWING CUSTOM PASSPORT MODELS
Passport::useTokenModel(OAuthAccessToken::class);
Passport::useClientModel(OAuthClient::class);
Passport::useAuthCodeModel(OAuthCode::class);
Passport::usePersonalAccessClientModel(OAuthPersonalAccessClient::class);
...
}
Now I can access api/meta route but while login and creating token I am getting error:
ErrorException: Trying to get property 'id' of non-object in file /home/winlappy1/Desktop/multi_tenancy/vendor/laravel/passport/src/PersonalAccessTokenFactory.php on line 98
I just want to know where I am going wrong, I know my explanation is quite ambiguous and confusing but thats all how I can explain my issue. I am ready to provide more clarification but I need to resolve this issue.
Try to add
\App\Http\Middleware\EnforceTenancy::class
into the beginning of $middlewarePriority array in Kernel.php
Also use Laravel Passport 9.1.0 which support multi Auth
Try to do this
#AuthServiceProvider
Add this
public function boot()
{
$this->registerPolicies();
This one is to check if the database is Tenant or not
$website = \Hyn\Tenancy\Facades\TenancyFacade::website();
if ($website != null) {
Passport::useClientModel(PassportClient::class);
Passport::useTokenModel(PassportToken::class);
Passport::useAuthCodeModel(PassportAuthCode::class);
Passport::usePersonalAccessClientModel(PassportPersonalAccessClient::class);
}
$this->commands([
\Laravel\Passport\Console\InstallCommand::class,
\Laravel\Passport\Console\ClientCommand::class,
\Laravel\Passport\Console\KeysCommand::class,
]);
\Laravel\Passport\Passport::tokensExpireIn(\Carbon\Carbon::now()->addMinutes(10));
\Laravel\Passport\Passport::refreshTokensExpireIn(\Carbon\Carbon::now()->addDays(1));
}
Along with these add The four models
Like this
Create four Models Which enforce the Tenants
use Hyn\Tenancy\Traits\UsesTenantConnection;
use Laravel\Passport\AuthCode;
class PassportAuthCode extends AuthCode
{use UsesTenantConnection;}
use Hyn\Tenancy\Traits\UsesTenantConnection;
use Laravel\Passport\Client;
class PassportClient extends Client
{use UsesTenantConnection;}
use Hyn\Tenancy\Traits\UsesTenantConnection;
use Laravel\Passport\PersonalAccessClient;
class PassportPersonalAccessClient extends PersonalAccessClient
{use UsesTenantConnection;}
use Hyn\Tenancy\Traits\UsesTenantConnection;
use Laravel\Passport\Token;
class PassportToken extends Token
{use UsesTenantConnection;}
Also use (tenancy.enforce) middleware Enforcetenancy
'tenancy.enforce' => \App\Http\Middleware\EnforceTenancy::class, $Routemiddleware kernel.php
EnforceTenancy.php middleware
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Config;
class EnforceTenancy
{
/**
* Handle an incoming request.
*
* #param Request $request
* #param Closure $next
*
* #return mixed
*/
public function handle($request, Closure $next)
{
Config::set('database.default', 'tenant');
return $next($request);
}
}
Force the tenant routes through tenancy.enforce middleware
Also publish the new migrations and migrate:fresh as new fields are added to the new passport
I am using passport in laravel for authenticating my users in APIs. I am able to authenticate different types of users from different tables and generating different token for them but the routes are not protected. For example.
A user can access the routes like this
Route::group(['middleware' => 'auth:api'], function () {
Route::group(['prefix' => 'v1'], function () {
Route::get('get-seller-list','API\v1\SellersController#index');
});
});
and a seller can access the routes like
Route::group(['middleware' => 'auth:sellers'], function () {
Route::group(['prefix' => 'v1'], function () {
Route::get('get-seller-detail','API\v1\TestController#getDetails');
});
});
but this middleware check doesn't seem to be working as I can access all the routes for sellers even if I have passed the token generated for api in Bearer header.
My config/auth.php looks like
'guards' => [
'user' => [
'driver' => 'session',
'provider' => 'users',
],
'seller' => [
'driver' => 'passport',
'provider' => 'sellers',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
The auth:api middleware will handle the passport token authentication and the sellers middleware will check if users are sellers. I think you are getting mixed up with the way the middleware is set up.
This sort of depends on how you have your user types set up but in your sellers middleware you can check for User types / roles:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class Sellers
{
/**
* The Guard implementation.
*
* #var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* #param Guard $auth
* #return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->user()->is_seller) {
return $next($request);
}
return response()->view('errors.401', [], 401);
}
}
Then you can set your route up to use both auth:api and sellers middleware:
Route::group(['middleware' => ['auth:api', 'sellers']], function () {
Route::group(['prefix' => 'v1'], function () {
Route::get('get-seller-detail','API\v1\TestController#getDetails');
});
});
So now if a normal user tries to access the get-seller-detail route it will return a 401 unauthorized error and if a seller tries to access this route it will proceed to the code for that route as normal.
Im new in PHP and Laravel. I try to search online but i cant get the right answer for my problem. I want my specific page accessible only by admin and user that already been authenticated. So basically, all the user need to login first. Heres my code. Thanks in advance.
HomeController.php
class HomeController extends Controller
{
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('auth:web, auth:admin');
}
/**
* Show the application dashboard.
*
* #return \Illuminate\Http\Response
*/
public function index()
{
return view('accounts.user.user_dashboard');
}
}
auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
'admin-api' => [
'driver' => 'token',
'provider' => 'admins',
],
],
i used this, in route file
Route::group(['middleware' => ['auth']], function (){
Route::get('/dashboard', 'HomeController#index');
}
You can create a middleware to check if the user has certain permission or not. Here is how I am used to doing it.
I create a middleware say for example SuperAccess and write my logic for super admin there.
class SuperAccess
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
if(Auth::check() && Auth::user()->role->permission == 1000){
return redirect('web/dashboard');
}
return $response;
}
}
Then i use the middleware where I need to have superAccess checked for example say in DeviceController
class DevicesController extends Controller
{
public function __construct(){
$this->middleware('auth');
$this->middleware('super');
}
Note: In the example above I have a role table which has a relation with user table.
I've created code and authenticated user using guard but it doesn't provides me a api_token
/**
* This'll provide login authentication to the user
* #param Request $request
* #return json
*/
public function authenticate(Request $request)
{
//getting and setting locale for the request
$locale = ($request->header('lang-code') == 'KO') ? "ko" : "en";
app()->setLocale($locale);
$credentials = $request->only('email','password');
try {
// verify the credentials and create a token for the user
if (!$token = auth()->attempt($credentials)) {
return response()->json(['success' => parent::FAILURE, 'message' => trans('messages.api.login.failure')],401);
}
} catch (GeneralException $e) {
// something went wrong
return response()->json(['success' => parent::FAILURE, 'message' => trans('messages.api.login.tokenNC')],500);
}
return response()->json(['success' => parent::SUCCESS, 'message' => trans('messages.api.login.success'), 'data' => auth()->user()],200);
}
Above function is working fine but I'm not getting token when I use auth()->guard('api')->user()->api_token. This column is already within my DB even though I'm not able to generate api_token what can be the issue over here.
EDITED
routes/api.php:
Route::group(['namespace' => "Api\\v1", 'as' => 'api.v1.', 'prefix' => 'v1'], function () {
Route::any('/login', 'AccessController#authenticate');
});
config/auth.php:
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
You may need to make sure that any routes that will be using Token Authentication are being protected by the auth:api middleware.
Like this example :
Route::group(['prefix' => 'api/v1', 'middleware' => 'auth:api'], function () {
Route::post('/authentificate', 'AuthController#authentificate');
});
You can use model mutators to do that automatically or override the boot method of your Model Class which is in your case User Model
protected static function boot()
{
parent::boot();
static::creating(function($model)
{
$model->api_token = $model->generateCode();
});
}
protected function generateCode()
{
return bin2hex(openssl_random_pseudo_bytes(16));
//you can use your own random fucntion here or you can use inbuilt Crypt funciton
}