I am logging in via Laravel API.
Let's say that I am on www.domain.com/login. After login is successful, I put the token into a cookie and redirect to /admin.
Route::get('/admin', function () {
return view('admin');
})->middleware('auth');
The problem is that Laravel doesn't see that the user is logged in, thus redirects me to /login once more.
And, if I declare the route as follows
Route::get('/admin', function () {
return view('admin');
});
Everyone can access www.domain.com/admin
I appreciate any help.
Luca
You need to add auth:api middleware so it can see the auth user
Related
as we know when we code on localhost we can go directly to dashboard admin on our website without login first by typing the link. so how we can stop that? so if we want to access the admin dashboard we really have to log in first
use laravel middleware to limit accesses ... you can use auth middleware like:
Route::get('/profile', function () {
//
})->middleware('auth');
for more info visit laravel docs
use laravel middleware in your web.php if you are using a simple function for your route
Route::get('/admin/dashboard',function () {
return view....``
})->middleware('auth');
Or you can use a constructor in your Controller to limit access for all function in this controller
public function __construct()
{
$this->middleware('auth');
}
I want to implement a system where 6 types of users exist. So one is 'customer' who will login by a route like /login and rest of 5 users are admins and only they will be login using another route /system/base-admin. However, 'customer' never login with the /system/base-admin route if anyhow can known this route. And both route have different login form and if they failed to login 'customer' will be redirected /login and admins /system/base-admin.
I know about $guard and middleware check.
Question: How can i implement above scenario and how react professionals with this scenario?
Route::get('/login','CustomerLoginController#processLogin')->name('customer.login');
Route::get('/system/base-admin', 'AdminLoginController#processAdminLogin')->name('system.admin')
My Controller Looks like
public function processLogin(){ return view('customer.login');}
public function processAdminLogin(){ return view('admin.login')}
Thank you in advance.
The only reason I see to have different endpoints for login is to have different views.
Copy your Auth\LoginController, change $redirectTo to redirect to your admin panel. Overwrite AuthenticatesUsers\showLoginForm to show your admin form and update middleware in __construct.
Protect all your admin routes with admin middleware.
Now. Your users CAN login to your panel. BUT nothing will happen since they don't have access.
If you want to show them some kind of message when they try you can overwrite AuthenticatesUsers\login method with something like this
...
if ($this->attemptLogin($request)) {
if(!auth()->user()->isAdmin()){
throw ValidationException::withMessages([
$this->username() => 'You don\'t have access to this page',
]);
}
return $this->sendLoginResponse($request);
}
...
//This is the middle ware
public function handle($request, Closure $next)
{
if(auth()->user()->isAdmin()) //isAdmin is a function in the User model which checks if the user is admin or not
{
return redirect('/admin');
} else {
return redirect('/home');
}
return $next($request);
}
//I already registered this middleware in kernel as well as verifyUser
Route::middleware(['auth', 'verifyUser'])->group(function() {
Route::get('/home', 'HomeController#index')->name('home');
Route::get('/admin', 'AdminController#index')->name('admin');
Route::get('/users/profile', 'UserController#view')->name('users.view-profile');
Route::get('/users/edit_profile', 'UserController#edit')->name('users.edit-profile');
});
Th main problem here is it shows this error in the browser
The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
You're telling Laravel to redirect admins to /admin, and non-admins to /home.
However, you've made /admin and /home subject to that middleware, too, so when the user gets to /home it redirect them to /home again (and again, and again, and again, forever).
You likely need two changes:
A new middleware, applied only to admin routes, that only redirects non-admins away from those routes.
Put your home/admin logic as a one-off post-login step instead of on every pageview. See the path customization section of the Authentication docs.
I'm currently studying Laravel framework and dingo api. Is there any way to integrate the role based permission using entrust to dingo api?
So for example, I have a route to get all the list of users, but only admin can access this.
So if the user is authenticated, but he's not an admin, he can't access this route.
I tried adding the middleware of entrust to the routes.php but when I tried it on postman, I get a syntax error.
here's my routes.php file:
$api->version('v1', ['middleware' => ['jwt.auth', 'role:admin']], function ($api) {
$api->get('users', 'App\Http\Controllers\Auth\AuthController#index');
$api->get('user', 'App\Http\Controllers\Auth\AuthController#show');
});
You can group this into different parts as this:
$api->version('v1', ['middleware' => 'jwt.auth'], function ($api) {
//general routes route goes here
//....
$api->group(['middleware' => 'role:admin'], function($api) {
//admin routes goes here
$api->get('users', 'App\Http\Controllers\Auth\AuthController#index');
$api->get('user', 'App\Http\Controllers\Auth\AuthController#show');
});
});
This means even though the user is authenticated, the two routes in the new group can only be accessed by the admins.
I hope this is helpful.
I have installed Laravel and set up authentication and I have also created a route group like this:
// users that want to access test route should be logged in.
Route::group(['middleware' => ['web', 'auth']], function () {
Route::get('first', function () {
return 'first';
});
});
The problem is when I access the route like this:
http://localhost/first
I can see my "first" message, but when I refresh the same page laravel redirects me to:
http://localhost/home
I could not solve this and I have moved my first route out of the route group now everything is working well. If I keep it in the route group with auth & web middlewares it is not working.
Try to remove web middleware if you're using 5.2.27 and higher.