I am new to Laravel. I am using Laravel's auth controllers for login/register on my website. After login/register, it will redirect to a dashboard. This is fine.
The problem is when the user (not logged in) submits a particular form. The form submission will take the user to a protected page. The auth system will intercept this (if not logged in) and ask for the user to login and the user can sign in. But after the sign in it won't get redirected to the actual destination. Instead, it goes back to the previous page. I tried the redirectto->intended() way in the middleware. It still does not work.
Found the solution. Use HTTP session. I am not sure if this is the best method.
POST the form to a route which doesn't need authentication
Validate and store the form data in the session using the controller
Redirect to the protected route where the auth will intercept and ask the user to login
After successful login, redirect to the original destination page using return redirect()->intended('defaultPage');
Access the form data from session inside the blade view
I am not storing any sensitive data in session. I have no idea how secure this method is.
If you have any suggestions please post.
Related
Currently, I’m developing a web app with server-side rendering using the Gin framework and I’m having a problem with login intercepting. When an HTTP GET request hits an endpoint, middleware is used to check the browser cookie and redirect the traffic to the login page. This works fine and after successful login, the user is always redirected to the dashboard page. My question is how I should redirect the user back to the originally requested URI instead of the dashboard page?
Also, a bit more complex scenario is on HTTP POST. It looks like the HTTP POST method doesn’t work quite well with a redirect. Also, how would I resume the request with the same post request after the user successfully login?
Thanks for the help!
For the HTTP GET scenario, this one is easy, you need to remember the original URL somewhere. The are a few ways you could go about this:
Store the URL in session information(if any is available, you do need sessions for non-authenticated users)
Store it in a query string, for example, redirect to example.com/login?original=https%3A%2F%2Fexample.com%2Fanother-page. Your login page can look for the query parameter and include it in the login form or make sure that the action of the login form matches the given URI. On a successful login attempt you can get the original URL form the query param and set it as the Location.
Store the original URL in a cookie, upon successful login you can just check the cookie value and use that.
As for the HTTP POST scenario. If you just want to redirect the same POST request to a different URL you can use a 307 Temporary redirect. A 307 will preserve the request body and method and not turn it into a GET request like a 303 See Other or 302 Found.
Resuming the original POST after showing the login screen and after a successful login is a little more complex. When you redirect to the login page you interrupt the flow of the user, maybe it is better to let the user re-post their request after logging in, instead of doing it for them.
Having said that, it is technically possible. We require two steps, first is storing all the data to recreate the request. Then after login completion we can render a form with this saved data and use javascript to submit the form. By adding:
<script>document.getElementById("myForm").submit();</script>
After your form, the browser will submit the form after loading the javascript, thus recreating the original POST.
The storage part can be done via the server side session or a cookie.
I'm trying to make a user logged in at back-end who is already a user of another website of mine. For now I'm able to fetch the user's data from previous website's database using an API and make user registration during the login process. Same time I want this user to be logged in when data is just inserted because now user is existing. I tried to reuse same method $this->processLogin(); but this method takes request function processLogin(Request $request) I can't feel passing email & pass to utilize this same method. I have tried guzzle self request with 3 parms 'email, password, _token' using POST request which didn't work. I don't want to exclude this route as well because it is being used for normal login. How can i make this user logged in right after inserting the required data? Please advise. Thanks in advance.
// if $id is your user that you want to login, then:
auth()->loginUsingId($id);
I am developing a project using Laravel where we use phpCAS for user authentication. I am using this Laravel package for phpCAS:https://github.com/subfission/cas
After user gets authenticated, i wish to return him/her back to URL from which he/she was redirected to CAS server login.
I used url()->previous(); but it return wrong information in google chrome about referring URL (controller/action).
How can i achieve it? Thanks!
use the intended() method
The intended method on the redirector will redirect the user to the URL they were attempting to access before being intercepted by the authentication middleware. A fallback URI may be given to this method in case the intended destination is not available.
example : return redirect()->intended('dashboard');
I am using sentry to authenticate users in laravel 5.3. When the user clicks auth protected route is redirect to the login form. After login, the user is redirected to home page.
How can I configure sentry in manner that the authenticated user is not redirected back to home page but instead to the original destination before login. Kindly assist I seem not to figure it out.
You can use a function called intended
return redirect()->intended('dashboard');
The intended method on the redirector will redirect the user to the URL they were attempting to access before being intercepted by the authentication middleware. A fallback URI may be given to this method in case the intended destination is not available.
https://laravel.com/docs/5.3/authentication#authenticating-users
Maybe this may help you --
You can try giving the url something like this localhost:8000/something?url=anythingelse so that after login change the redirect path to $_GET['url'].
Use a form rather than link to go to login page. Try this --
<form method="GET" url="{{ url('/some') }}?{{ Request::path() }}" id="login"></form>
Login
I have added an ActionFilter to my MVC site which checks if a user is currently logged on, by checking against a session value, if they are not, they are redirected to a login page. The action filter attribute is added to each controller, so regardless of the page the user tries to view they are redirected to the login view. This bit all works fine.
When the user successfully logs in, I want them to be redirected to the page they were trying to originally access, but I don't how to get my Login Post action to know where to redirect too.
Any help greatly appreciated.
You send along a ReturnUrl when you go to the login view. Then the action method for the login view uses that value to know where to return. The following may help:
ReturnUrl in ASP.NET MVC
as well as this
ASP.NET MVC - CustomeAuthorize filter action using an external website for loggin in the user