I am using Multiple Authentication in laravel 5.4. Here I have two controller for login. One is for normal user and other is for admin. Both controller is restricted by guest middleware. Because of using this guest controller is if a person is logged in as admin or user he must not to get any log in page. But this guest middleware only work when I log in using UserController. I mean if I log in using user controller then try to go to the log in page or admin page it redirect me to user dashboard page. That is ok. But when I log in using AdminLoginController then try to log in as user or log in again as admin it allow me to log in again.
I have used this construct function in both controller.
public function __construct()
{
$this->middleware('guest');
}
Help me please.
this question can't solved my problem. Because I have downloaded code from that solution and I still got this error. That logged in admin can visit user log in form. This error also have in this answer.
Restrict them with the auth middleware:
public function __construct()
{
$this->middleware('auth');
}
https://laravel.com/docs/5.5/authentication#protecting-routes
Related
I am stuck somewhere in creating Multi Auth Laravel Project. I setup the project on Laravel 8 and I have done Jetstream, Fortify setup.
I have created 4 nwidart Modules
SuperAdmin
Admin
User
Meeting
Database already linked, User role already created, I am able to login role-based with different user dashboard. My question is.
I want to redirect users to a specific Module after login. If SuperAdmin logged in he should redirect to the above module pages (I already created pages and those are working fine). Here are the screenshots.
So if you are using Jetstream you would probably have a file called AuthenticatedSessionController.php which should handle the login
There is a method called store
public function store(LoginRequest $request)
{
$request->authenticate();
$request->session()->regenerate();
return redirect()->intended(RouteServiceProvider::HOME);
}
You could change the logic here so that where it has intended(RouteServiceProvider::HOME)
You could change it to:
$route = auth()->user()->isSuperAdmin() ? route('superadmin.index') : route('normaluser.index');
return redirect()->intended($route);
I am using laravel sanctum SPA authentication in my Vue project.Everything is working well but even after logout
Auth::logout()
I am still able to get datas from api route inside middleware
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
I should not be able to get datas after logout.It should show 401 unauthenticated but its not the case.
How to solve this problem.I have been stuck here for 3 days.I followed laravel documentation and other tutorial as well but every one logged out same like I did.
Kindly use Auth::guard('web')->logout(); instead of Auth::logout(). look into SPA Log out issue
To Logout, a user simply do this in you logout function to delete all the user tokens
public function logout(Request $request) {
auth()->user()->tokens()->delete();
}
Or user this to remove only the active token
$request->user()->currentAccessToken()->delete();
What worked for me now is :
auth('sanctum')->user()->tokens()->delete();
In order to logout the specific user, You need to specify the user.
// Revoke a specific user token
Auth::user()->tokens()->where('id', $id)->delete();
// Get user who requested the logout
$user = request()->user(); //or Auth::user()
// Revoke current user token
$user->tokens()->where('id', $user->currentAccessToken()->id)->delete()
I am having a problem with Laravel 5.7 Email verification.
After using Laravel's email verification it is forcing me to the login page if I'm not logged in.
Here is what we need:
We enable the code for the email verification of users. So when someone signup we want to verify the user email. We want the user to signup on the website, the user is asked to verify the email address and they can't do anything further until verified - which is ok for me.
Our trouble is, if a new user comes (Not registered) to our website, our website will force all that user to the login page as well .
A normal user who is not signed up is also getting to login page and force to verify or log in.
While we want the only user who signed up needs to verify. Which is working.
All the normal users who are not subscribed can use site easy. Where currently they are going to login page
What I've done so far
Added the following code
class User extends Authenticatable implements MustVerifyEmail
Auth::routes(['verify' => true]);
Route::get('profile', function () { })->middleware('verified');
After Verifying Emails
protected $redirectTo = '/dashboard';
It is working fine but,
What I need is that I don't want to force users to verify email because this is blocking the user from accessing the home page of my website.
The problem is you need to specify what pages will use auth middleware. To exclude your welcome view.
In your controller file.
public function __construct()
{
$this->middleware('auth')->except('welcome');
}
public function home(){
return view('welcome');
}
Im using 'welcome' view, because I believe that you do not change the code of default Laravel installation, you must be careful, since the view 'home' is the default page that laravel shows after you logged in. If you remove the authentication layer of that page, any user can access your system. You must change the code of this page or create another view.
In your web.php file
Route::get('/', 'HomeController#home');
Laravel Docs - Controller Middleware
try to add except method and check for url home
public function __construct()
{
$this->middleware(['auth', 'verified'])->except('home');
}
I'm trying to understand how an authentication request is handled by laravel in order to be able to write my own authentication method that allows me to check data from multiple tables before authenticating (basically there are some columns that I need to check to understand if a user is able to login).
I'm actually quietly confused about the relation between guards, middleware, provider and driver.
Can someone please explain me the lifecycle of a login request?
Thank you
EDIT: i'm working with laravel 5.7, standard Auth scaffolding that is available using make:auth
To make a custom authentication follow this steps
1.go to routes/web.php and make a get route to handle login view and post login route to handle login logic
Route::get('login','LoginController#show')
Route::post('login','LoginController#login')
2. Make a controller called LoginController
php artisan make:controller LoginController
4.inside LoginController make a function called login to handle login logic like this
public function login(){
$input = $this->validate(request(),['username'=>'required','password'=>'required']);
$model = CustomUsersModel::where('username',$input['username'])
->where('password',bcrypt($input['password']))->first();
if($model){
//user exist and valid login information
auth()->login($model);//login user via model
//now user loggedin
}
//handle wrong login information
}
I'm new to laravel framework and I used the laravel-5.2 out of the box user authentication feature for creating a user authentication system. It is working fine. But when I want my home page to be displayed not the login page as the root. That is I want to access the login via the home page not the login page first. How can I customize my routes.
Just make sure that your home page route is not protected by the auth middleware. The default auth scaffolding provided by Laravel generates the following "home" route:
Route::get('/home', 'HomeController#index');
Inside the HomeController, in the constructor, is the following statement:
public function __construct()
{
$this->middleware('auth');
}
This means that any route handled by this controller is subject to the auth middleware: if you're not logged in, you'll be redirected to the login page. So, if you don't want your "home" route to be protected by auth, you need to either remove the auth middleware from the HomeController, or create a new controller to handle your "home" route, one which does not use the auth middleware.