How to make auth:sanctum work in web.php? - laravel

So my problem is that I installed Sanctum to my Laravel project and trying to use it on web routes in web.php. But when I logged in and trying to reach the location the site redirect me back to the main page and I don't know why this happens. The site should redirect me back when I'm not logged in.
Route::get('/support', function () {
return view('support');
})->middleware("auth:sanctum");
This is the code which I'm using in the web.php file. I think that the middleware somehow doesn't get the user loginToken which is created after the login, but I don't know where to fix it.

Have you added gurds for web,
config/Sanctum.php
/*
|--------------------------------------------------------------------------
| Sanctum Guards
|--------------------------------------------------------------------------
*/
'guard' => ['web','api'],

In auth.php file change guard from web to sanctum like this:
'defaults' => [
//'guard' => 'web',
'guard' => 'sanctum',
'passwords' => 'users',
],
Then you can apply ->middleware("auth:sanctum") on all routes.

Related

laravel 6 session restart through each request

I'm working with Laravel 6, and my session driver is file. I've faced a 419|page expired when I submit a form with post action and after tracing the codes I found out the session will restart after submission. Everything is good on local but on the server I've got this issue.
I tried with a raw Laravel project and it worked!
I've already checked directory permission, config/session.php,.env file.
.env
SESSION_DRIVER=file
SESSION_LIFETIME=120
config/session.php
'driver' => env('SESSION_DRIVER', 'file'),
'lifetime' => env('SESSION_LIFETIME', 120),
'expire_on_close' => false
Tnx for responding.
the problem is not because of CSRF token, it's session's fault. evry time a new session and new token will be started so the token thet I send from input will be checked with another token !!!
If your form is in a blade, after starting the <form>, add a csrf field by putting #csrf.
If you're sending the POST request from somewhere else (i.e. from some other domain/subdomain that is not project domain) you may want to disable CSRF check by adding it in VerifyCsrfToken.php (\app\Http\Middleware\VerifyCsrfToken.php) like this:
class VerifyCsrfToken extends BaseVerifier
{
protected $except = [
// Place your URIs here
];
}

Why does my Laravel installation need prefixing \ backslash for facades aliases

I don't know the reason for malfunction of the following example:
Auth::user()->id
However, just prefixing it with backslash makes it works fine:
\Auth::user()->id
This is a snippet from config/app.php
'aliases' => [
'App' => Illuminate\Support\Facades\App::class,
'Artisan' => Illuminate\Support\Facades\Artisan::class,
'Auth' => Illuminate\Support\Facades\Auth::class,
'Blade' => Illuminate\Support\Facades\Blade::class,
'Broadcast' => Illuminate\Support\Facades\Broadcast::class,
The server is Apache on Ubuntu 16.04
That's how namespaces work.
When you're in a typical Laravel model, controller, etc., you're within its namespace - something like App or App\Http\Controllers or whatnot. As such, Auth::foo() means App\Auth::foo() or App\Http\Controllers\Auth::foo(), respectively.
This is why the examples that teach you how to use Auth all do use Illuminate\Support\Facades\Auth; before they use the Auth class, and say things like:
We will access Laravel's authentication services via the Auth facade, so we'll need to make sure to import the Auth facade at the top of the class.

Laravel 5.5 Route groups

I was having this in my website using Laravel 5.3 :
Route::group(['namespace' => 'Admin', 'prefix' => 'admin', 'middleware'=>'auth'], function(){
Route::resource('posts', 'PostsController');
});
This lets me go to the admin panel using: mywebsite/public/admin/posts.
Now, when I migrated the site to Laravel5.5 I got this error Route[admin.posts.create] not defined when i attempt to open the link Create post which was working fine before.
I know that routing system has changed but I did not know how to have such links in new Laravel5.5. I tried url instead of route but I got the same error. I also checked the new documentation but I did not get exactly how to have the same link system.
Can anyone have a better explanation of this new routing system? (I have to migrate the site to 5.5).
Laravel names resource routes by default, you can check them by running php artisan route:list
If you want to override them for any reason you can pass in an array when you define the route and override each individual route name like so:
Route::resource('posts', 'PostsController', ['names' => [
'create' => 'admin.posts.build'
]]);

Laravel 5.3 NotFoundHttpException

I'm trying to setup a Laravel 5.3 project. I have create the project and starting the 'localhost//public' shows the welcome screen just fine.
When adding a test entry in the web.php file like
Route::get('about', function () {
return view('welcome');
});
An then trying to access this as 'localhost//public/about' I get this NotFoundHttpException in RouteCollection.php line 161: error. I'm really puzzled as to whats wrong.
In the 5.2 version, with the routes.php, it worked perfectly fine.
Regs.,
Erik
NotFoundHttpException means Laravel can't found the requested route. Hence, you are trying to access something which doesn't exist that's why it is throwing NotFoundHttpException.
Try to access your route like
localhost/public/about
Well its a strange story when using artisan route:list the about neatly pops up. However when accessing through Chrome i wasn't able to load it. I have dropped the whole www directory and started afresh. Now it works. Must have been something lingering around.
Thx.,
Erik
You can try adding a 'public' prefix for the web routes in app\Providers\RouteServiceProvider.php like so:
protected function mapWebRoutes()
{
Route::group([
'middleware' => 'web',
'namespace' => $this->namespace,
'prefix' => 'public',
], function ($router) {
require base_path('routes/web.php');
});
}

Upgrading to Laravel 5.2 invalidates all sessions

Upgrading from Laravel 5.1.17 to 5.2. My config/auth.php originally contained:
'driver' => 'eloquent',
'model' => 'Project\User',
'table' => 'users',
New file is the same as the default, except with the updated namespace.
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => Project\User::class,
],
],
My env SESSION_DRIVER is redis. I did not clear anything from Redis. (Note, this also happened in my other projects where driver was file, but I didn't care about it as much for them.)
I have two branches, L5.2 and master (which is on 5.1.17). After switching branches, I simply run composer install
If I login on master, then switch to L5.2, I am logged out
If I switch back to master, I am logged back in
If I login on L5.2, then switch to master, I stay logged in
If I switch back to L5.2, I stay logged in
I'm hesitant to upgrade if it's going to invalidate all of my users' sessions and force them to login again. Is there a way to avoid this?
The only other files that were modified were composer.json, composer.lock, app/Exceptions/Handler.php, and config/app.php; nothing that touched Auth.
I figured out what is causing the session to be invalidated. The problem is the session guard's getName() method.
In 5.1.17:
return 'login_'.md5(get_class($this));
In 5.2 ($this->name would be web by default):
return 'login_'.$this->name.'_'.sha1(get_class($this));
Also, the class name itself changes from Guard to SessionGuard
If I replace this method with:
return 'login_'.md5('Illuminate\Auth\Guard');
That keeps my sessions logged in.
This is progress but not a complete solution yet. The real solution is to update all of your existing sessions with the new name. I'll work on a script to complete this and then update my answer.
That you should do is open app/Http/routes.php
and wrap all your existing routes with:
Route::group(['middleware' => ['web']], function () {
// here your previous routes
});
EDIT
After testing I can confirm this behaviour.
In those cases:
5.1.17 -> 5.2
5.1.23 -> 5.2
5.1.28 -> 5.2.*
after upgrade to 5.2 User seems not be logged anymore. When going in versions in 5.1 branch user stays logged. When going back from 5.2 to 5.1 user is logged again.
At the moment you should probably create issue here https://github.com/laravel/framework/issues and wait for response
EDIT2
It seems it's official and expected behaviour because to upgrade guide has been added:
Because of changes to the authentication system, any existing sessions will be invalidated when you upgrade to Laravel 5.2.

Resources