Can somebody explain why this strange behavior of Laravel is happening? Basically, I am trying to create a middleware for my application
public function handle(Request $request, Closure $next)
{
if (auth()->check()) {
$expires = Carbon::now()->addMinute(2);
\Illuminate\Support\Facades\Cache::put('user-is-online-' . Auth::user()->id, true, $expires);
}
return $next($request);
}
}
But auth()->check it is keep failing and not returning true , (user is authenticated) , auth()->check is working in other places like web routes and controllers method but why not here ?
If you are using auth middleware to protect your routes, then make sure this auth middleware is set to run before your middleware, otherwise auth()->check() will return false. Try php artisan route:list and check the orders of middlewares for your specified route.
Related
I am trying to achieve this using middleware
web.php
Route::get('/test', 'TestController#index')->middleware('TestLogin');
redirect to /test if session is found
Route::get('/test1', 'TestController#index1')->middleware('TestLogin');
redirect to test1 if session is set
Middleware -TestLogin
public function handle($request, Closure $next)`
{
if($request->session()->get('Username'))
{
return redirect()->route(\);
// what to write here to redirect to the path its being called from
}
return redirect()->route('login');
}
don't want to use default auth middleware
Your middleware is suppose to check the login (session), if it is not found then redirect to login page otherwise it should pass the request. Something like this:
public function handle($request, Closure $next)
{
// No login session, redirect
if(!$request->session()->get('Username'))
{
return redirect()->route('login');
}
// Pass the request down the rest of pipeline
return $next($request);
}
You should consider to use built in authentication system in Laravel itself, it will save you lots of code and you can be sure the auth is handled correctly in security point of view.
i'm using laravel 6 and have 2 route in my app; index and dashboard.
My routes/web is:
Auth::routes();
Route::middleware(['auth'])->group(function () {
Route::get('/index', 'todoApp\TodoController#index')->name('index');
Route::get('/dashboard', 'todoApp\Dashboard#dashboard')->name('dashboard');
});
i added dashboard route recently.
Auth::user() is null when i dump it in dashboard route but doesn't in index. What's the
Your Controller is instantiated before the middleware stack has ran; this is how Laravel can know what middleware you have set via the constructor. Because of this you will not have access to the authenticated user or sessions at this point. Ex:
public function __construct()
{
$this->user = Auth::user(); // will always be null
}
If you need to assign such a variable or access this type of information you would need to use a controller middleware which will run in the stack after the StartSession middleware:
public function __construct()
{
$this->middleware(function ($request, $next) {
// this is getting executed later after the other middleware has ran
$this->user = Auth::user();
return $next($request);
});
}
When the dashboard method is called, the middleware stack has already passed the Request all the way through to the end of the stack so all the middleware needed for Auth to be functioning and available has already ran at that point which is why you have access to Auth::user() there.
I think that this has something to do with the 'web' middleware. If you take a look into the Kernel.php (In app\Http) you will find the web middleware group.
This will show you that it actually calls a middleware called StartSession. Based on your route file (where web is not included as a middleware) I would think that you don't have a session in your Controller and there for no access to it.
I don't quite understand why this only happens in your /dashboard route, because the issue should also be in your /index route (unless you added the web middleware somewhere in your TodoController).
I think that this should do the trick:
Route::middleware(['web', 'auth'])->group(function () {
Route::get('/index', 'todoApp\TodoController#index')->name('index');
Route::get('/dashboard', 'todoApp\Dashboard#dashboard')->name('dashboard');
});
If you fire php artisan make:auth command.
It's doesn't matter where you define because of it's only define auth route
Route::middleware(['auth'])->group(function () {
Route::get('/index', 'todoApp\TodoController#index')->name('index');
Route::get('/dashboard', 'todoApp\Dashboard#dashboard')->name('dashboard');
});
Auth::routes();
I created a custom middleware for checking if request is submitted by user who owns the resource or owned by admin.
Route::middleware(['web', 'selforadmin'])->group(function () {
Route::post('users/update-account/{id}', 'UsersController#UpdateAccount');
Route::post('users/update-email/{id}', 'UsersController#UpdateEmail');
Route::post('users/update-password/{id}', 'UsersController#UpdatePassword');
});
and then the middleware handler:
public function handle($request, Closure $next)
{
print_r($request->all());
print_r($request->user());
dd();
return $next($request);
}
But I don't know why user model is not accessible here. I read that request needs to pass from web middleware first so I did but still can't access this middleware.
It gives null on $request->user() or Auth::user()
I am using Laravel 5.4
EDIT:
Middleware is being called as I see other inputs. Only Auth is empty. And User is logged.
You can't access using models directly in middleware. You need to define a terminate method in your middleware to perform some processing after response has been sent to browser.
public function terminate($request, $response)
{
// Your code ...
}
If user is not logged in it will always return null.
There are two solution for this.
First is, check if $request->user() is not null.
public function handle($request, Closure $next)
{
if($request->user())
{
// do your stuff
}
else
{
// do otherwise
}
return $next($request);
}
Second is, add auth middleware before your middleware to assure that only logged in users are allowed.
Route::middleware(['web', 'auth', 'selforadmin'])->group(function () {
// .....
}
I'm using JavaScript to receive an access token to the user facebook account.
When I get the token, I send a request to the server with the token to get information about the user using Socialite.
$user = Socialite::driver('facebook')->userFromToken($request->token);
return $user->getName();
Now I'm trying to group API calls that only authenticated user can make, for example /my-profile, my-data, etc...
The middleware purpose is to check if the user is authenticated for a group of API calls instead typing the same condition in all methods:
if ($user->getName()) {
...Execute...
}
Any idea how I can place the following condition for a list of routes for autehnticated users?
My condition is simple:
$user = Socialite::driver('facebook')->userFromToken($request->token);
if ($user->getName()) {
return true;
}
else { return false; }
Okay,
First create the middleware:
php artisan make:middleware name_of_your_middleware
After that, inside the middleware file that has been created:
public function handle($request, Closure $next)
{
$user = Socialite::driver('facebook')->userFromToken($request->token);
if ($user->getName()) {
return $next($request);
}
return redirect('some_other_route_for_error');
}
Then assign the middleware to the routes middelware in app/Http/Kernel.php
protected $routeMiddleware = [
//.......
'name_of_your_middleware' => \Illuminate\Auth\Middleware\Authenticate::class,
];
In your Route file (api.php):
Route::group(['middleware'=>['name_of_your_middleware']],function(){
//your routes
});
Hope it helps :)
I'm using the Auth scaffold in Laravel 5.3 and I've changed the routes for the auth. So instead of /login and /register I use /signin and /signup.
In Laravel 5.2 we had this by default in the auth middleware,
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->guest()) {
if ($request->ajax() || $request->wantsJson()) {
return response('Unauthorized.', 401);
}
return redirect()->guest('login');
}
return $next($request);
}
This would redirect to the login route if the user wasn't logged in. In Laravel 5.3 we have this,
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/');
}
return $next($request);
}
This redirects an already logged in user to the default route /. So they switched it around in 5.3. Instead of defining where guest go, we define were logged in users go.
My question is, how would I natively to Laravel 5.3 change were guests go?
Because at the moment, people who try to access sites protected by the middleware automatically end up at a /login route. I would like to change this to /signin but I can't find anywhere to customize this behaviour.
Any ideas?
how would I "natively" to Laravel 5.3 change were guests go?
Looks like there's a new unauthenticated() method in app/Exceptions/Handler.php which handles unauthenticated users and redirects to login.
As this is part of your app, no reason you couldn't customize it to redirect elsewhere.
You can try this in the app.blade.php with JS:
#if (Auth::guest())
<script type="text/javascript"> window.location = "{{url('/login')}}"; </script>
#endif