I need to return 404 instead of 403 error page when regular user try to get access for admin pages.
The Nova middleware which is responsible for this is located here /nova/src/Http/Middleware.
And looks like this:
<?php
namespace Laravel\Nova\Http\Middleware;
use Laravel\Nova\Nova;
class Authorize
{
/**
* Handle the incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return \Illuminate\Http\Response
*/
public function handle($request, $next)
{
return Nova::check($request) ? $next($request) : abort(403);
}
}
If I change here abort(403) to abort(404) -
It works fine and doing exactly what I need.
How can I extend this middleware to use it in my application. What should I do to rewrite middleware properly, in my application, so that I can do updates of Nova in future and do not rewrite this changes
What I tried:
Extend this middleware in
<?php
namespace App\Http\Middleware;
use Laravel\Nova\Nova;
class NovaAuthorize extends \Laravel\Nova\Http\Middleware\Authorize
{
/**
* Handle the incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return \Illuminate\Http\Response
*/
public function handle($request, $next)
{
return Nova::check($request) ? $next($request) : abort(404);
}
}
and add it to my middlewares
protected $middleware = [
...
\App\Http\Middleware\NovaAuthorize::class, // nova access
];
but it had no effect
in /app/Providers/NovaServiceProvider.php
protected function gate()
{
Gate::define('viewNova', function ($user) {
if( !$user->isAdmin() ){
abort(404);
}
return true;
});
}
Related
Hi i ve an app made with laravel and this address http://example.com/check/.
I wanted to redirect to https so i created this middleware
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\App;
class HttpsProtocol
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->secure()) {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
}
Then i added
\App\Http\Middleware\HttpsProtocol::class
to Kernel in App/Http in protected $middlewareGroups
Redirection seems to work but redirect to this address https://example.com/check/check
with repeated URI (check)
Why
Thx a lot
It looks like you don't need to append the request URI, that is happening already so try:
if (!$request->secure()) {
return redirect()->secure();
}
I implemented the must verify email system in Laravel 7. If a user hits a route that should be for verified visitors, the user is currently being redirected to view auth.verify. How to change this and to redirect it to route user.profile?
you can create a middleware EnsureEmailIsVerified to overwrite auth.verify
then apply this middleware to all your route
use Closure;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Support\Facades\Redirect;
class EnsureEmailIsVerified
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null $redirectToRoute
* #return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle($request, Closure $next, $redirectToRoute = null)
{
if (! $request->user() ||
($request->user() instanceof MustVerifyEmail &&
! $request->user()->hasVerifiedEmail())) {
return $request->expectsJson()
? abort(403, 'Your email address is not verified.')
: Redirect::route('user.profile');
}
return $next($request);
}
}
and here redirect based on your requirement
I have a route in my web.php that returns a view:
Route::get('/', function () {
return view('welcome');
});
welcome is default Laravel view welcome.blade.php.
I have Middleware called AlwaysReturnJson and it contains:
<?php
namespace App\Http\Middleware;
use Closure;
class AlwaysReturnJson
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$request->headers->set('Accept', 'application/json');
return $next($request);
}
}
I set up this middleware in Kernel.php as global middleware:
protected $middleware = [
\App\Http\Middleware\AlwaysReturnJson::class
];
What I expect is to get plain text/json of welcome file in my browser when I navigate to given route but I always get it as html and it render page properly. I checked it, it applies middleware on every request so that is not a problem. Why is this happening and shouldn't it convert that view to a plain text? Am I doing something wrong?
If you want to set a header for your response you can do this:
namespace App\Http\Middleware;
use Closure;
class AlwaysReturnJson
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
$response->headers->set('Content-Type', 'application/json');
return $response;
}
}
If you want to force return valid json content use this middleware instead:
namespace App\Http\Middleware;
use Closure;
class AlwaysReturnJson
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
return response()->json($response->getContent());
}
}
See Laravel docs about after middleware for more info.
You can alternatively return json response on your controller without any middleware needed:
Route::get('/', function () {
return response()->json(
view('welcome')->render()
);
});
You may want to use laravel After middleware (the middleware would perform its task after the request is handled by the application) and then set the content-type of response.
<?php
namespace App\Http\Middleware;
use Closure;
class AfterAlwaysReturnJson
{
public function handle($request, Closure $next)
{
$response = $next($request);
return $response->header('Content-Type', 'application/json');
}
}
I have trouble with redirecting to an url after login.
The situation is that someone visits a blog post, and needs to login before adding a comment. So the user clicks on the login link and logs in on "auth/login", and is always redirected to "/home".
I want the user to be redirected to the blogpost when an url is set like "auth/login?redirect=url/to/blogpost"
I have the following Middleware:
app\Http\Middleware\RedirectIfAuthenticated
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class RedirectIfAuthenticated
{
/**
* The Guard implementation.
*
* #var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* #param Guard $auth
* #return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->check()) {
return redirect('/home');
}
return $next($request);
}
}
app\Http\Middleware\Authenticate
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class Authenticate
{
/**
* The Guard implementation.
*
* #var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* #param Guard $auth
* #return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('auth/login');
}
}
return $next($request);
}
}
Why don't you use the intended method on redirector? Read about this in docs
The intended method on the redirector will redirect the user to the URL they were attempting to access before being caught by the authentication filter. A fallback URI may be given to this method in case the intended destination is not available.
I've decided to copy and paste the getLogin function of the trait AuthenticatesUsers into my AuthController. I overwrite the function AND keep the trait as is.
I've just added
\Session::put('url.intended',\URL::previous());
If you're using standard authentication from Laravel 5, find a app/Http/Controllers/Auth/AuthController.php file and change $redirectPath to this:
protected $redirectPath = '/url/to/blogpost';
I try to build a facebook canvas app using laravel 5. I use a custom middleware class to disable crsf for specific routes. can be found here. I ended up with another error.
Class 'App\Http\Middleware\TokenMismatchException' not found
This is my middlewareclass:
<?php namespace App\Http\Middleware;
use Closure;
class VerifyCsrfMiddleware extends \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if ($this->isReading($request) || $this->excludedRoutes($request) || $this->tokensMatch($request))
{
return $this->addCookieToResponse($request, $next($request));
}
throw new TokenMismatchException;
}
/**
* Ignore CSRF on these routes.
*
* #param \Illuminate\Http\Request $request
* #return bool
*/
private function excludedRoutes($request)
{
$routes = [
'app/canvas'
// ... insert all your canvas endpoints here
];
foreach($routes as $route){
if ($request->is($route)) {
return true;
}
}
return false;
}
}