I'm trying to implement a domain wide authentication (DWA) on top of the usual user authentication. The use case is prevent a work-in-progress site from leaking to google/public.
Created scaffolding code using php artisan make:auth
Log in via /login and is redirect to /home which shows the default You are logged in!
When I reload /home, I see that $this->session->id in SessionGuard.php has an ID value which I will refer to as A, the session also has 5 attributes.
Next, I insert the auth middleware into the route /product/{id} and load it
I see that $this->session->id in SessionGuard.php has a brand new ID with 0 attributes
This causes authenticate() in Authenticate.php middleware to throw an Unauthenticated exception and redirect me to /login
As the browser loads /login, $this->session->id in SessionGuard.php now shows the ID of A with the earlier 5 attributes
/login results in RedirectIfAuthenticated.php middleware running and redirecting to /home
As a result of the DWA, I'm unable to load /product/{id}, it just keeps redirecting me to /home
My question is, why does #5 show a new session ID instead of A?
Where and how is this ID derived in the first place?
Thanks!
I found the solution Problems of routes in own package- Laravel 5.6
It was due to my controller having only the auth but lacking the web middleware. Hope it helps someone.
Related
When I request to login on breeze, user date is passing but auth middleware redirect back to login page. It has also 302 response in result.
Do you have any experience on it ?
I use Laravel 8
Breeze Package
After installation Breeze, I had to make changes and it's down.
The solution for my case is to install again the package.
I'm using a custom SocialLoginController to log my users with facebook or google in al Laravel 5.3 project
In some cases I send to users an email with info about one change and the URL to the resource, for example https://myweb.com/settings/profile/[the-uuid]
when the user tries to access but is not logged in, he's redirected to the Handler#render() where I send it to login with return redirect()->guest('/login'); and after login with social account I redirect them using return redirect()->intended('/home') but since I don't use the LoginController, the redirection to the requested URL is not working.
Any idea? Thanks
The problem is the request object is lost after redirect the user to login with facebook or google, so I fixed by saving the requested URI in a session variable and then checking if exists after redirect
return Session::get('intended') ? redirect()->to(\Session::get('intended')) : redirect()->to('/expenses');
Maybe this could help someone
I used laravel Authentication, I have 2 main pages:
Home: where there should be login and register
And Dashboard, that the user is redirected to after login.
My problem is that the route '/home' is automaticaly being redirected to login page first
This is the correct behaviour. The standard auth-system provides 'auth' middleware. Which prevents unauthenticated users from visiting the /home path. If you register and login. You will get redirected to the /home route.
Take a look at the docs for Authentication and also maybe for middleware.
https://laravel.com/docs/5.4/authentication
I have a laravel app where I have integrated Cartalyst Sentinel and Laravel Socialite. Before integrating Laravel Socialite, the authentication worked perfectly. After integrating Socialite, first I had an InvalidStateException error on AbstractProvider.php line 200 when I call Socialite::driver('facebook')->user();
The following block is activated
if ($this->hasInvalidState()) {
throw new InvalidStateException;
}
If I comment out the exception, I can login with facebook, however Sentinel does not recognized it as logged in. However when I check the users table on the database, the last_login timestamp is updated. Also when I try the normal authentication, a TokenMismatchException in VerifyCsrfToken.php line 67 appears. The {{csrf_field()}} is included inside the form, and when I remove the middleware from Kernel.php happens the same thing as with Laravel Socialite.
Important
The response is the correct eloquent user object, however when I do the check in the blade view, the check does not pass.
Any help is greatly appreciated
Auth controller keeps redirecting me back to home page. A Session is setting fine. I am using cookies as the driver.
A Session Cookie is being set, but Session Storage, viewed with Chrome Developer Tools, is empty.
It redirects fine, if I comment out the redirect()->guest('/'); in middleware. It means that it keeps authenticating as guest and if I var_dump(Auth::user()); I get NULL.
Maybe you need this. I answered it in another question here:
Laravel 5.2 - Every route redirects to the homepage