I am trying to handle ajax request that were initiated from idle/expired session(maybe the page was left open and the session got expired). I wrote the below middleware but it's not working as expected:
namespace App\Http\Middleware;
use Closure;
class AjaxSessionCheck
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if(!\Auth::check())
{
if($request->ajax())
{
return response()->json(['Session_error'=>'Session Expired'], 401);
}
}
return $next($request);
}
}
I also tried to add this code to the Auth middleware with no luck.
Strangely enough authenticated(user logged in) ajax requests are detected by this.
Lost 2 days finding solutions. Desperate call here.
use optimised code for performance use both auth::check and request->ajax() in same if condition by AND operator. just try session expiry in configuration file
It's because session runs after middleware, you can see the reference here. If you want to check that session expired, I think you should use after middleware instead of before middleware
Related
Laravel 5
How to give user access to specific route when certain conditions are met?
For example let user access
Route::get(view('posts/{id}'),'PostsController#show');
when user has over 100 points in his user->points column.
You can use Middleware for this,In Laravel it is very easy to secure your routes by creating your own middlewares.
The following steps are required to do this:
run command php artisan make:middleware Middlewarename and you'll find your middleware inside app/Http/Middleware/yourcustomemiddleware.php
Register your middleware in app/Http/kernel.php file which you just created
Now implement logic in middleware you just created:
YourMiddlewareClassCode:
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (Auth::user()->points >= 100)
{
return $next($request);
}
return redirect()->back()->with('flash_message','you are not allowed to access this');
}
Attach middleware to your route:
routes/web.php:
Route::get(view('posts/{id}'),'PostsController#show')->middleware('yourcustommiddleware');
All done now your route is secured.
Summary: this statement return $next($request); in middleware will return the route when condition is matched else it will redirect to the previous route.
Note: I don't know your db structure and also this is just an example to show you that what is middleware and how it works and how you can use it.
I am trying to handle ajax request that were initiated from idle/expired session(maybe the page was left open and the session got expired). I wrote the below middleware but it's not working as expected:
namespace App\Http\Middleware;
use Closure;
class AjaxSessionCheck
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if(!\Auth::check())
{
if($request->ajax())
{
return response()->json(['Session_error'=>'Session Expired'], 401);
//throw new AuthenticationException('Unauthenticated');
}
}
return $next($request);
}
}
To check if this worked i logged into the same page that contains the form from two separate tabs and then logged out from one of the tab, making the session invalid on the other tab as well. Then i initiated an ajax request(user clicks a delete button).
Any help to the right direction will be much appreciated!
for better coverage use if ($request->isJson() || $request->wantsJson()) {
I'm quite new to Laravel and have been stumped on a problem for 2 days - I'd be grateful for some guidance.
I'm using the default out-of-the-box User authentication system with Laravel 5.3. A new user is created automatically behind the scenes by an existing Admin user - I will in time hide the user registration page. I have also successfully set up middleware to check if a user is newly registered (by looking for a null 'last_logged_in_date' that I've added to the migration).
All I want to happen is for a new registered user to be redirected to the password reset screen that ships with Laravel (again, in time I will create a dedicated page). I would like this to happen within the middleware file. So far, my middleware looks like this:
<?php
namespace App\Http\Middleware;
use Closure;
use App\Http\Controllers\Auth;
class CheckIfNewUser
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$user = $request->user();
if (! is_null($user->last_logged_in_date )) {
return $next($request);
}
// This is where I'm stuck!!!
}
}
I'm not sure what code to enter at the location indicated by the comments above. I've tried sendResetLinkEmail($request); etc and have imported what I though were the correct classes but I always end up with a Call to undefined function App\Http\Middleware\sendResetLinkEmail() message irregardless of what I 'use' at the top of my class.
Where am I going wrong? Thanks!
Well that happens because you have not defined your sendResetLinkEmail($request) function yet. You can do it like this, or you can create a new class with that and then call the class.
Call the trait SendsPasswordResetEmails and then access it with $this since traits are not classes and you cannot access their members directly.
<?php
namespace App\Http\Middleware;
use Closure;
use App\Http\Controllers\Auth;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
class CheckIfNewUser
{
use SendsPasswordResetEmails;
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$user = $request->user();
if (! is_null($user->last_logged_in_date )) {
return $next($request);
}
// This is where I'm stuck!!!
//EDIT
//return $this->SendsPasswordResetEmails->sendResetLinkEmail($request);
return $this->sendResetLinkEmail($request);
}
}
I have some problems with subdomain routing in laravel 5.2 and hope you can help me with it.
The point is that I need to redirect a user on certain subdomain, depending on it's usertype.
For example in database I have a usertype (1,2,3 etc...) and basing on that value I need to redirect user on
type1.mysite.com
type2.mysite.com
type3.mysite.com
etc...
But the problem is that I can't get authenticated user in routes.php, it always returns null.
Any ideas on how to solve that problem?
And by the way, to make a subdomain routing, I have to configure apache in some way or it can be done with laravel?
Thanks for the answers!
you need to edit it and specify what we want it to do.
In App\Http\Middleware you should see the newly created file
php artisan make:middleware UserTypeMiddleware
<?php namespace App\Http\Middleware;
use Closure;
class UserTypeMiddleware {
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
//check your user type here
if ($request->user()->type != 1)
{
return redirect('DefinedRoute');
}
return $next($request);
}
}
I seem to remember in Laravel 4 there was an ajax filter, this would only allow requests via ajax.
Is there any similar middleware for Laravel 5.
I have a route which gets data from my database via ajax, I want to protect this route so no user can go to it and see a json string of data.
You can use a middleware to do that.
php artisan make:middleware AllowOnlyAjaxRequests
app/Http/Middleware/AllowOnlyAjaxRequests.php
<?php
namespace App\Http\Middleware;
use Closure;
class AllowOnlyAjaxRequests
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if(!$request->ajax()) {
// Handle the non-ajax request
return response('', 405);
}
return $next($request);
}
}
Add 'ajax' => \App\Http\Middleware\AllowOnlyAjaxRequests::class, to your routeMiddleware array in app/Http/Kernel.php.
Then you can use ajax middleware on your routes.