I have some routes use with middleware
here is one example
Route::get('/TobeSubmit', 'AddsController#tobeSubmit')->name('TobeSubmit');
when I use this route outside of middleware its working. here is that middleware
Route::group(['middleware' => ['auth','Admin']],function (){ });
when I use that route inside middleware
Route::group(['middleware' => ['auth','superuser']],function (){
Route::get('/TobeSubmit', 'AddsController#tobeSubmit')->name('TobeSubmit');});
like this, its not working, that route use for data retrieving via AJAX.
The obvious response would be that the middleware is blocking the request, which in this case would mean that the requestor is not an Admin. Unfortunately we would need more information about the request in order to help you further.
Related
I have the following route in my routes/api.php:
Route::group(['middleware' => ['auth']], function () {
Route::get('users/', 'Api\UserController#index');
});
This constantly redirects me to my dashboard.
Then I try this:
Route::get('users/', 'Api\UserController#index')->middleware('auth');
This works but it doesn't not protect the route, so I can still access it if I am logged out.
Any Ideas why this is? I'm not sure what the best way is to authenticate API routes, what it the usual convention?
I am using Laravel 5.5
You can't use auth middleware in api.php routes, only in web.php. But you may use the auth:api middleware.
https://laravel.com/docs/5.5/passport#protecting-routes
I'm trying to make an api route that's only accessible if the user making the request is logged in. This is what I have in my routes/api.php but it returns
{"error":"Unauthenticated."}
Route::group(['middleware' => ['auth:api'], function () {
Route::post('schedules', ['uses' => 'Api\ScheduleController#store']);
});
Can this be done without laravel passport and how? I only need the route for in-app use for logged in users.
I assumed the login mentioned is on "web" which using "session" as driver.
Your are getting this issue because "web" and "api" guard is using different driver for authentication. Take a look in config/auth.php. The "api" guard is using "token" as it's default driver.
Thus, you have few options to encounter this.
Move the route for "schedules" in web.php. No worry, your ajax will failed if not authenticated. But, take note that anything that involved POST method will require csrf (_token parameter), unless you are using laravel axios
Using authentication using api also which you can refer this tutorial for "token" driver and all your secure routes will be using token in its Authentication header
I am currently building some sort of posts based web application using Laravel 5(.4). I have decided to load asynchronously the comment section for each post(and refresh it periodically). After some research I have decided to write a small integrated REST API (using the api routes of Laravel) that should answer to the requests made through AJAX.
However, I am facing the problem if authenticating the incoming requests. Take for example a request to post some comment. How exactly would you recommend to do that?
If you are making AJAX requests from browser and you are signed in then you don't need to use Laravel Passport tokens.
You can define certain routes which will be using web,auth middleware on requests like webapi/comments/get like this.
Route::group(['middleware' => ['web','auth]], function () {
Route::get('webapi/comments/get', 'CommentsController#get');
}
And use Auth Facade as you do in web request i.e Auth::check(), Auth::user() etc. and return the data in JSON like this.
class CommentsController extends Controller
{
public function get(Request $request)
{
if($request->acceptsJson()){
$data = array();
// add data
return response()->json([
"data"=> $data,
"status" => true
]);
}else{
return abort(404);
}
}
}
You can also send Accept header in AJAX request as application/json and in controller check if request $request->acceptsJson() and make your decision to show content when url is loaded from browser address bar or requested as AJAX.
Laravel Passport token are useful where there is no session and cookies are managed.
hope this helps :)
"Passport includes an authentication guard that will validate access tokens on incoming requests. Once you have configured the api guard to use the passport driver, you only need to specify the auth:api middleware on any routes that require a valid access token" - from the Laraven Documentation.
Apparently I have to configure passport, and after that configure the auth:api middleware to use the passport driver. Correct me if I'm wrong, please :)
I use Laravel 5.2 and I am interested how to secure all controller if user is not authorized.
In this case user should be redirect to login page.
I try to make this using routing.
I set this code above all routes:
Route::auth();
use middleware. It will help to filter and secure all routes
https://laravel.com/docs/5.2/middleware
You have to just wrap up all needed routes by middleware group.
Route::group(['middleware' => 'auth'], function () {
Route::get('path1');
Route::get('path2');
Route::get('path3');
etc....
});
Also you need to create middleware class and register it in kernel
I'm using Laravel 5.2. I'd like to log a user by his id and then redirect him to the dashboard but it's not working.
I did this:
$result = Auth::loginUsingId($id);
var_dump($result->toArray());
and the result is fine. It returns the object user with all his data.
But after redirecting the user to the dashboard with return redirect()->route('dashboard'); it send me to login page!
I discover then that Auth::user() returns null !
What shall i do?
Thanks
Authentication needs sessions and for sessions to work you need to use the web middleware. So the routes that need working sessions should be defined like this:
Route::group(['middleware' => ['web']], function () {
// Routes that need sessions go here
});
Use $redirectTo as stated in the documentation, if you get into login again Auth wasn't successful, perhaps something related with session or cookies, or just a bad time configuration. Try Auth::loginUsingId($id, true); then.