Develop Reference

Custom Auth Middleware not redirecting properly for unauthorized user

I have created a custom auth controller for recognising unauthorized user and redirect them to login path. If logged in the middlewre is working absolutely fine, but showing error if not logged in. Here is my code
Middleware:
class CheckUserAuthenticated
{
public function handle($request, Closure $next)
{
if(auth()->check()) {
$user_id = auth()->user()->id;
define('authenticated_user_id' ,$user_id);
return $next($request);
}
return redirect('login'); // this code is not working
}
}
Error:

try this hope it help
public function handle($request, Closure $next)
{
if(auth()->check()) {
$user_id = auth()->user()->id;
define('authenticated_user_id' ,$user_id);
return $next($request);
}
return redirect('/login'); OR return redirect(route('login'));
}

class CheckUserAuthenticated
{
public function handle($request, Closure $next)
{
if(auth()->check()) {
$user_id = auth()->user()->id;
define('authenticated_user_id' ,$user_id);
return $next($request);
}
// return redirect('login'); // this code is not working
return redirect()->guest('/login');
}
}
redirect()->guest() will redirect if there is no authenticated user.
Example: If an authenticated user is logged in, it won't redirect them as they aren't a guest. If a user isn't logged in, the redirect will happen.

The issue is in circular routing, you are calling from one route, and then return to the same route from the middleware, so your request never reaches the endpoint.
if you call middleware on the...
Route::get('login')->middleware('auth);
...then middleware can not route to 'login' on the fail...
return redirect('login');
... because it will create the loop that never ends. The middleware should reroute to something else, or be placed on other route like 'admin'...
You probably have the middleware on the 'login', that creates the loop, just remove it.

How to use middleware on routes in laravel?

I need to implement a little functionality for my application.
I have a form for editing and only admin must have access to it.
I can't figure out how to arrange the routes correctly, because I get
"The site has redirected too many times."
middleware:
class AdminMiddleware
{
public function handle($request, Closure $next)
{
$user = new User();
if ($user->role_id !==1) {
return redirect('/');
}
return $next($request);
}
}
route:
Route::post('/product', 'IndexController#store');
Route::get('/product', 'IndexController#index');
Route::get('/product/create', 'IndexController#create');
Route::put('/product/{product}', 'IndexController#update');
Route::get('/product/{product}/edit', 'IndexController#edit')->middleware('admin');
This route should be available only for admin
'/product/{product}/edit'
What am I doing wrong?

Conditionally set a URL to redirect to after authentication

In my app, a post author can set an otherwise public post to private. If an unauthenticated user tries to visit that post, they will be prompted to login.
After they authenticate, I want to redirect them back to the original post URL, so they can read that private post.
This behavior is normally handled by Laravel's default auth middleware. However, because the posts are often public, I can't use that in this case.
Here's my current, non-functioning middleware:
public function handle($request, Closure $next)
{
$post = $request->route('post');
if ($post->isPrivate()) {
$request->session()->setPreviousUrl($request->url());
return redirect()->guest('login');
}
return $next($request);
}
My hope is that I can set a custom URL to redirect to (/posts/{id}). However, when I try to login, I'm redirected to my default $redirectTo property (/dashboard).
Is this something that's feasible? Am I even thinking about this in the correct way?

#adam, thanks for the assist!
For anyone else looking, here's my final code:
Middleware:
public function handle($request, Closure $next)
{
if (auth()->check()) {
return $next($request);
}
$post = $request->route('post');
if ($post->isPrivate()) {
$request->session()->setPreviousUrl($request->path());
return redirect()->guest('login');
}
return $next($request);
}
LoginController:
protected function authenticated(Request $request, $user)
{
if ($request->session()->has('url.intended')) {
return redirect($request->session()->get('url.intended'));
}
}

Admin redirected to /home after back button click

I have this admin middleware:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::check()) {
if ($request->user()->is_admin == 1) {
return $next($request);
}
return redirect('/login');
} else {
return redirect('/login');
}
}
And in the logincontroller, if the user is admin, they are redirected to /admin. and if not redirected to /home.
protected function authenticated()
{
if (auth()->user()->is_admin == 1) {
return redirect('/admin');
} else {
return redirect('/home');
}
}
Now, when admin logs in, they are redirected to /admin but, on clicking back button of browser they are in /home. How could i not redirect the admins to /home. /home is under auth middleware group.

The reason for this is because that user is now authenticated.
Laravel comes with a Middleware called RedirectIfAuthenticated which will check if the user is authentitcated and if so redirect them somewhere else.
You would need to edit that middleware to be something like:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return $request->user($guard)->is_admin
? redirect('/admin')
: redirect('/home');
}
return $next($request);
}
Hope this helps!

That is because you are authenticated. When you press back button it means from /admin you want to go back to /login but before calling view it is checked where the user is logged in or not. Since you haven't logged out and are logged in, you will be redirected to default path /home
..
In Auth folder there is a LoginController where you can see this line
protected $redirectTo = '/home';
If you want to add logic you can change it here. This is the default path.

Laravel 5.2 Redirect admin page after login as admin

Laravel 5.2 has been out for some time now. Yes, it has new auth function which is very good. Specially for beginners.
My question,
How to check if user is admin and then redirect safely to admin/dashboard properly? I know one way is to use admin flag in database but can any of you show some example?

go to AuthController.php and add this method
where role is the user role as defined in the database.
protected function authenticated($request,$user){
if($user->role === 'admin'){
return redirect()->intended('admin'); //redirect to admin panel
}
return redirect()->intended('/'); //redirect to standard user homepage
}

As in Laravel 5.3 / 5.4
Add following line to create_users_table migration.
$table->boolean('is_admin');
Add following method to LoginController.
protected function authenticated(Request $request, $user)
{
if ( $user->is_admin ) {
return redirect('/admin/home');
}
return redirect('/home');
}
Additional note don't forget to add the following lines to RedirectIfAuthenticated middleware:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
// the following 3 lines
if (Auth::user()->is_admin) {
return redirect('/admin/home');
}
return redirect('/home');
}
return $next($request);
}
Otherwise if you e.g. type yourdomain/login and your logged in as admin it would be redirected to home instead of admin/home.

AuthController extends the AuthenticatesAndRegistersUsers trait, which has a public method named redirectPath. In my case I would extend that method on the AuthController and I'd put my logic there:
public function redirectPath()
{
if (Auth::user->myMethodToCheckIfUserHasAnAdminRoleLikeAnEmailOrSomethingLikeThat()) {
redirect('admin/dashboard');
}
redirect('home');
}

in Auth/LoginController there is protected $redirectTo = '/home';
change '/home' to '/loginin' for example, and create a new controller and in the controller get the information of the user and check if he is a admin or not and then redirect him to the proper page