I am using laravel 5.1 and have a route similar to:
Route::get('/{id}/write-review', ['middleware' => 'auth', 'uses' => 'ItemController#writeReview']);
The problem I have is that when someone goes to this page (when not logged in) they get redirected to login, which is fine, but then redirected to the $redirectPath set in AuthController.php. I would like them to be redirected back to the review page.
Thanks in advance.
The intended redirect function will redirect the user to the URL they were attempting to access before being caught by the authentication filter. A fallback URI may be given to this method in case the intended destination is not available.
https://laravel.com/docs/5.1/authentication#authenticating-users
return redirect()->intended('dashboard');
I think i found the problem route {id}/write-review must be under the web middleware
Route::group(['middleware' => ['web']], function () {
Route::get('login', 'Auth\AuthController#getLogin');
Route::post('login', 'Auth\AuthController#postLogin');
Route::get('logout', 'Auth\AuthController#getLogout');
Route::group(['middleware' => ['auth']], function () {
Route::get('/{id}/write-review', ['uses' => 'ItemController#writeReview']);
});
});
Related
At first I decided to organize my routes like I have in the code given below. However, I quickly realized that I couldn't access the routes in the group that uses middleware guest as soon as I log in. Does that mean that routes which I want to be accessible by anyone no matter whether they're logged in or not should not be in any middleware group?
<?php
Route::group(['middleware' => ['web']], function(){
Route::group(['middleware' => ['guest']], function(){
Route::get('/', 'PagesController#index')->name('home');
Route::get('/image/{id}', 'PagesController#specificImage')->name('specificImage');
Route::get('/contact', 'PagesController#contact')->name('contact');
Route::get('/tags', 'PagesController#tags')->name('tags');
Route::get('/tags/{tagName}', 'PagesController#specificTag')->name('specificTag');
Route::get('/albums', 'PagesController#albums')->name('albums');
Route::get('/albums/{albumId}/{albumName}', 'PagesController#specificAlbum')->name('specificAlbum');
Route::post('/signup', 'UsersController#signUp')->name('signup');
Route::post('/signin', 'UsersController#signIn')->name('signin');
Route::post('/sendmail', 'UsersController#sendMail')->name('sendmail');
});
Route::group(['middleware' => ['auth']], function(){
Route::get('/upload', 'PagesController#upload')->name('upload');
Route::get('/logout', 'UsersController#logOut')->name('logout');
Route::get('/imageDelete/{imageId}', 'ImagesController#deleteImage')->name('deleteImage');
Route::get('/deleteTag/{tagId}', 'TagsController#deleteTag')->name('deleteTag');
Route::post('/imageUpload', 'ImagesController#uploadImage')->name('imageUpload');
Route::post('/albumUpload', 'AlbumsController#uploadAlbum')->name('albumUpload');
Route::post('/createTag', 'TagsController#createTag')->name('createTag');
});
});
Remove auth middleware from the route group
Correct! Get rid of the guest middleware, you don't need it.
Just Do not use any middleware.
About a year ago we took over an existing Laravel 5.1 site and upgraded to 5.3 - We recently became aware that an admin panel that was part of the old site no longer works (or unable to authenticate).
The original routes file contains the following:
//Login
Route::controllers([
'auth' => 'Auth\AuthController',
'password' => 'Auth\PasswordController',
]);
//Admin
//Dashboard
Route::group(array('prefix' => 'admin', 'middleware' => 'auth'), function() {
//Dashboard
Route::get('/webadmin', array('as' => 'dashboard', 'uses' => 'Admin\DashboardController#index'));
});
Which after the upgrade stopped working as I understand the Route::controllers method was depreciated. We changed it to the following as I understand that was the replacement:
//Login
Route::resource('password','Auth\PasswordController');
Route::resource('auth','Auth\LoginController');
//Admin
//Dashboard
Route::group(array('prefix' => 'admin', 'middleware' => 'auth'), function() {
//Dashboard
Route::get('/webadmin', array('as' => 'dashboard', 'uses' => 'Admin\DashboardController#index'));
});
However, when we access the sites admin panel by example.com/admin/webadmin we are automatically redirect to example.com/login which then displays the dreadful NotFoundHttpException in compiled.php
This leads me to believe that the authentication middleware is not registered correctly. I am not sure what the correctly route is to take so will gladly appreciate any assistance :)
The redirect is happening because your not being authenticated and you are redirected to login route because the unauthenticated method in the app\Exceptions\Handler class redirects the user to /login using something like this:
return redirect()->guest('login');
So, you've to either create a /login route or change the above line to this:
return redirect()->guest('auth');
This should work and your AuthController::index method should show the login form because this will hit the index method in your AuthController because it's a resource controller.
I have this Laravel 5 app. There are two controllers: Index and Home.
In the index, I have the pages visible for users that haven't logged in yet. When a user logs in, he goes to the home controller.
Of course, I want a visitor not being able to view the routes under home-controller.
So I put a check inside the constructor for Home. But it redirects back to the index and doesn't seem to be the right way at all.
So having this group of routes:
Route::group(['prefix' => '/home'], function () {
Route::auth();
Route::get('index', 'HomeController#index');
Route::get('logout', 'HomeController#logout');
});
As you can see, I added.
Route::auth();
Which I thought should manage to deny access for visitors that haven't logged in. The home is still accessible for users that haven't logged in yet.
What is the way to describe directly inside the route.php that a bunch of routes (inside a group I guess) should first go through the authentication before serving the route?
Are you using this code within your controller?
public function __construct()
{
$this->middleware('auth');
}
You should add a auth middleware to protect your home group:
Route::auth();
Route::group(['middleware' => 'auth'], function() {
Route::group(['prefix' => '/home'], function () {
Route::get('index', 'HomeController#index');
Route::get('logout', 'HomeController#logout');
});
});
You may have a look at this: https://laravel.com/docs/5.2/authentication#protecting-routes
Its really simple in Laravel only thing you have to use is a single Middleware
see this DOC
EX:
Route::get('profile', ['middleware' => 'auth', 'uses' => 'ProfileController#show']);
this profile show route works only if user logged in.
If you have multiple routes to protect from non-authenticate users then use a route group,
Route::group(['prefix' => '/home', 'middleware' => ['auth']], function()
{
// user need to logged in order to access these routes
Route::get('/', function()
{
});
});
In kernal.php add 'auth' => 'MyespaceAdmin\Http\Middleware\Authenticate' in $routeMiddleware.
Authenticate.php in middleware directory check handle function for below code.
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('your login page url');
}
}
Then use middleware auth in routes or in your controller
I'm trying to prevent people from accessing the /dashboard route unless they're authenticated(logged in). I looked at the laravel docs and here's what I thought I was supposed to do to accomplish this.
Route::group(['middleware' => 'auth'], function (){
Route::get('/dashboard', [
'uses' => 'UserController#getDashboard',
'as' => 'dashboard'
]);
});
You don't need to add that extra middleware in the route. Just use the group and you'll be fine. You can see here: https://laravel.com/docs/5.1/routing#route-groups
Route::group(['middleware' => 'auth'], function () {
// User needs to be authenticated to enter here.
Route::get('/', function () {
// Uses Auth Middleware
});
Route::get('user/profile', function () {
// Uses Auth Middleware
});
});
I'm building an app in Laravel and I already had my user registration working fine, I now want to modify how the registration works so I modified my route to call a different method.
Originally the route was defined like so:
Route::post('register', 'Auth\AuthController#postRegister');
And this worked fine. I then changed it to:
Route::post('register', 'Auth\AuthController#someOtherMethod');
This method is defined as follows:
public function someOtherMethod(Request $request)
{
die('If the method is called you should see this');
}
However, it doesn't get called (the message doesn't show). Instead it redirects me to the root of the site.
Note that I have a cache-busting script on my server that I run every time I have weird issues like this which runs the following commands:
php artisan route:clear
php artisan cache:clear
service php5-fpm restart
service nginx restart
I also run the page in an incognito/private window every time I make a change.
Now for the interesting part; I tried undoing the changes I made so that it calls postRegister again, I fully expected this to make it revert to the default behaviour but it still redirects me to the root of the site! So now I don't even have a registration page that functions at all.
Does anyone have any idea what's going on?
Thanks in advance for your help.
Edit:
Here's my full routes.php:
use Illuminate\Http\Request;
Route::group(['middleware' => 'web'], function () {
/** Public routes **/
Route::get('', 'HomepageController#index');
Route::get('/', 'HomepageController#index');
Route::get('terms', function() {
return view('terms');
});
Route::get('privacy', function() {
return view('privacy');
});
/** Public auth routes **/
Route::get('register', 'RegistrationController#index');
Route::post('register', 'Auth\AuthController#postRegister');
Route::get('login', function() {
return view('auth.login');
});
Route::post('login', 'Auth\AuthController#postLogin');
Route::get('logout', 'Auth\AuthController#getLogout');
Route::get('dashboard/login', function() {
return view('admin.login');
});
Route::post('dashboard/login', 'AdminAuth\AuthController#postLogin');
Route::get('dashboard/logout', 'AdminAuth\AuthController#getLogout');
/** Admin routes **/
Route::get('dashboard', [
'middleware' => 'admin',
'uses' => 'Admin\DashboardController#index'
]);
Route::get('dashboard/users', [
'middleware' => 'admin',
'uses' => 'Admin\DashboardController#showUsers'
]);
Route::get('dashboard/search', [
'middleware' => 'admin',
'as' => 'adminSearch',
'uses' => 'Admin\DashboardController#query'
]);
/** Admin auth routes **/
Route::get('dashboard/staff/create', [
'middleware' => 'admin',
function () {
return view('admin.register');
}
]);
Route::post('dashboard/staff/create', [
'middleware' => 'admin',
'uses' => 'AdminAuth\AuthController#postRegister'
]);
/** Controllers **/
Route::controllers([
'password' => 'Auth\PasswordController',
]);
});
make sure that you config/auth.php is calling proper Auth guard. Also redirectsTo is by default set to '/' which is route of site. What is in your middleware? the default RedirectIfAuthenticated middleware has by default entry to point to root of the site. Only these 3 scenarios possibly acting other than expected.