I want to implement user authentication (require login to visit any page) for a Laravel project (Laravel 7.x/8.x) that is currently open to any visitor without login. With Auth::routes() in web.php, every thing works as expected with respect to login process if a user accesses or is redirected to the login page.
Now I'm wondering if there's a straight forward and simple mechanism that will redirect a user to the login page if the user is not logged in when accessing any page of the project without having to modify the controller or view of each page. Specifically what I'm looking for is something that I can set in a config file, e.g. config/auth.php, say, 'force_login' => true/false, so if 'force_login' is set to true, the system would automatically check whether or not a user is logged in when the user access any page and redirect to the login page if the user is not logged in, and if 'force_login' is set to false, the system would bypass the authentication process all together. Such kind of mechanism may already exist, but I found no mention of it when I searched around online. I appreciate any suggestions/hints. Thanks.
Yes, youu need to use the auth middleware on all the routes that you want to forced be logged, or tou could only group them in one.
// Auth is required to acces these routes
Route::middleware(['auth'])->group(function () {
Route::get('/home', 'HomeController#index');
Route::get('any_route', 'AnyController#index');
...
});
// Auth is not required
Route::get('/', function () {
return view('welcome');
});
Related
How can I ensure that as soon as the user is logged-in in Laravel-9 he can no longer go to the login page via browser back button?
I searched the internet for solutions. I have read in several places that it is not possible or that I have to use Javascript.
Just to be sure, I have decided to post my question here and I hope you can help me.
Is there any way to do this? If the solution is with javascript, how can I solve that with javascript?
Thanks
if you open guest Middleware /app/Http/Middleware/RedirectIfAuthenticated.php in your project, you can see the handle function with this condition:
...
if (Auth::guard($guard)->check()) {
return redirect(RouteServiceProvider::HOME);
}
...
It means that after login to the site if users try to go to the login page, the browser redirects the page to the HOME address. So users cannot access the login page after logging into your site.
finally, in your \routes\web.php file, you must apply guest Middleware on your register route in this way:
Route::get('register',[RegisterController::class,'create'])->middleware('guest');
Note: you can edit HOME address from the /app/Providers/RouteServiceProvider.php file.
This page lists several ways you could try to disable the back button via javascript, but none are guaranteed.
By default Laravel 9 has the RedirectIfAuthenticated middleware under App\Http\Middleware which checks if the user is logged in Auth::guard($guard)->check() and if they are they are taken to the /dashboard url otherwise they are not. The Middleware is registered as 'guest' in the $routeMiddleware array inside Kernel.php, this means that you can apply guest middleware to all routes that you do not need be accessed by logged in users.
This is my first laravel project. I am making a website with login user.I question is when i enter my url then open always home page.If user logged in then it show name in navbar and for guest always show as a guest.I don't want to change url for both case....Even when a guest after login it goes to same url but then that user show as a auth user. Please help me How can I do that. I take concept from ecommerce website.
Route::group(['middleware' => 'web'], function () {
Route::get('/', 'WebController#loadPage');
Route::get('/signin', 'WebController#login');
});
this is my route.I already change navbar using #auth and #guest.But how to check at first that the user r auth or not without changing url.
You can use middleware for authenticated routes.
if you using default auth of laravel then simply set route middleware for your authenticated routes like below
Route::group(['middleware' => 'auth'],function (){
//Your Protected routes goes here
});
or if you want to redirect your user to some custom route after login then simple you can edit this in LoginCOntroller inside Controller/Auth and set varibale protected $redirectTo = '/YourRedirectionPath';
I suggest you read the documentation it is well documented Authentication documentation
I'm working on my first Laravel project and have implemented 2FA according to this tutorial but unfortunately, the 2FA mechanism created is attached only to HomeController.
So if a user tries to access www.thingy.com/something from an unauthenticated state, they enter email and password as usual and then get directly to /something without the 2FA prompt appearing.
My first thought was adding the middleware bit to every __construct() function in each of my resource controllers, but they don't already have a __construct() function (can I add one anyway?) and even if that worked, it doesn't seem like the right way of doing it.
I also considered adding it to Controller itself since that's what every other controller is based on, but of course I wouldn't want 2FA required for non-authenticated views too (just register, login etc really because the site requires a login to use).
What's the correct way of doing this?
You can add the middleware to a group of routes in your routes/web.php file.
Route::middleware('2fa')->group(function () {
// All routes here will go through the "2fa" middleware
});
Another newb queestion here
How to apply session timeout in laravel? My app have this instance that when a user logs out. That previous route/s should not be loaded but my app loads it. how to implement in laravel that session destroy in PHP? Any ideas?
In routes/web.php add your protected routes in a middleware group so they won't be accessible when logged out.
Route::group(['middleware' => 'auth'], function() {
Route::get('profile', 'UserController#profile');
});
Then /profile will require users to be logged in. As well as any other routes in that group.
Learn more about sessions here: https://laravel.com/docs/5.4/session
Update
I think I've got what you mean. After doing Auth::logout(); do
return redirect()->back();
What will happen is the browser will try to redirect back to a 'protected' page and the protected page will kick them to the login page. WHen they click on 'back' on the browser, it will still display the login page.
I'm using Laravel 5.2. I'd like to log a user by his id and then redirect him to the dashboard but it's not working.
I did this:
$result = Auth::loginUsingId($id);
var_dump($result->toArray());
and the result is fine. It returns the object user with all his data.
But after redirecting the user to the dashboard with return redirect()->route('dashboard'); it send me to login page!
I discover then that Auth::user() returns null !
What shall i do?
Thanks
Authentication needs sessions and for sessions to work you need to use the web middleware. So the routes that need working sessions should be defined like this:
Route::group(['middleware' => ['web']], function () {
// Routes that need sessions go here
});
Use $redirectTo as stated in the documentation, if you get into login again Auth wasn't successful, perhaps something related with session or cookies, or just a bad time configuration. Try Auth::loginUsingId($id, true); then.