Logout doesn't work when grouping routes by guest middleware - laravel

Using the built-in auth scaffolding, logout does not work when I assign the middleware guest to my logout route via a group.
Example:
Route::group(['middleware' => 'guest'], function () {
// login routes
Route::get('login', 'Auth\LoginController#showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController#login');
Route::get('logout', 'Auth\LoginController#logout')->name('logout');
// password reset routes
Route::get('password/reset', 'Auth\ForgotPasswordController#showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController#sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController#showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController#reset');
});
The logout simply does not work and throws no error.
I have removed the middleware from all controller __construct() methods.


Try to exclude it like this:
Route::group(['middleware' => 'guest'], function () {
// login routes
Route::get('login', 'Auth\LoginController#showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController#login');
});
Route::get('logout', 'Auth\LoginController#logout')->name('logout')->middleware(['web', 'guest']);

Related

laravel guest middleware is redirecting to login page problem

Here are my routes in web.php
Route::get('/', function () {
return view('web.index');
})->name('index');
Route::get('/shop', 'WebController#index');
Route::get('/product/detail/{id?}', 'WebController#detail');
// Authentication Routes...
Route::get('cms', 'Auth\LoginController#showLoginForm')->name('login');
Route::post('cms', 'Auth\LoginController#login');
Route::post('cmsout', 'Auth\LoginController#logout')->name('logout');
// Registration Routes...
Route::get('cmsreg', 'Auth\RegisterController#showRegistrationForm')->name('register');
Route::post('cmsreg', 'Auth\RegisterController#register');
// Password Reset Routes...
Route::get('password/reset', 'Auth\ForgotPasswordController#showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController#sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController#showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController#reset');
Route::fallback(function () {
return response()->view( 'web.404', [], 404);
});
Route::get('/home', 'HomeController#index')->name('home');
Route::prefix('cat')->group(function(){
Route::get('/save', 'CatController#index')->name('cat.save');
Route::post('/save','CatController#save');
Route::get('/manage','CatController#manage');
Route::get('/edit/{id}','CatController#edit');
Route::post('/edit','CatController#update');
Route::get('/delete/{id}','CatController#delete');
});
But i can not access http://127.0.0.1:8000/shop because it is redirecting to http://127.0.0.1:8000/cms which is login page.
Why http://127.0.0.1:8000/shop is requiring me authentication? how can i define http://127.0.0.1:8000/shop is a guest url?

Check WebController if you are forcing a middleware in its constructor

Laravel 6: disable all routes for guest except home and login

I need to disable all routes for guests in Laravel except '/' and 'login' pages.
Does that possible to implement it routes/web.php ?

Yes. In your routes/web.php file, make sure to define your protected routes under the auth middleware group.
routes/web.php
Route::get('/', function() {
// / route
});
Route::get('/login', function() {
// login page
});
Route::middleware(['auth'])->group(function () {
// define your routes here
// they'll be protected
});
Official documentation

Since Laravel 7.7 you can use excluded_middleware property eg:
Route::group([
'excluded_middleware' => ['auth'],
], function () {
Route::get('/', 'HomeController#index');
...
});

Laravel: Whats the difference between these two route api approach

This
Route::middleware(['cors'])->group(function () {
Route::post('/login', 'AuthController#APIstore');
Route::middleware(['auth:api'])->group(function () {
Route::post('/logout', 'AuthController#APIdestroy');
Route::get('/projects', 'ProjectController#getAll');
});
});
And this
Route::group(['middleware' => 'cors'], function() {
Route::post('/login', 'AuthController#APIstore');
Route::group(['middleware' => 'auth:api'], function() {
Route::post('/logout', 'AuthController#APIdestroy');
Route::get('/projects', 'ProjectController#getAll');
});
});
On the first code, CORS middleware works with /login but does not work for /logout and /projects
On the second code, the CORS middleware does not work at all
is there a reason behind this?

So, as per the Laravel Routing Doc, the top level middleware is applied to all groups in the group. So using Route::middleware(['cors']) will mean this middleware will be applied to Route::middleware(['auth:api']).
However Route::group(['middleware' => 'cors'] is a group route not a middleware route, so the middle is not applied to child groups.

Laravel 5.4 session doesn't seem to persist after Auth::login

Despite many people with this problem, the solutions I've found are not working. I'm just trying to use Augh::login($user) and then redirect. I've verified immediately after calling login() that the user is being logged in, however, once I redirect, I get bounced back to the login scree. Here are my routes:
Route::group(['middleware' => ['web']], function() {
Auth::routes();
Route::get('/', function () {
return view('welcome');
});
Route::get('/dashboard', 'admin\adminRootController#dashboard')->middleware('auth');
});
I've spent about 5 hours on different solutions to absolutely no end, someone please help!!!!!!!

Refactor your routes to this:
Auth::routes();
Route::group(['middleware' => ['web']], function() {
Route::get('/', function () {
return view('welcome');
});
});
Route::group(['middleware' => ['web', 'auth']], function() {
Route::get('/dashboard', 'admin\adminRootController#dashboard')
});
Auth::routes() need not be placed in any route groups as it is configured by the framework already. If you want to protect any routes, make sure to use auth middleware in your routes.

How to set Laravel 5 Middleware auth?

I am using Larave 5 for my project. In my project i am using laravel default auth which use this command php artisan make:auth. And i set middleware in my route.php as shown
Route::group(['middleware' => 'web'], function () {
// Authentication Routes...
Route::auth();
Route::get('/', 'Auth\AuthController#getLogin');
Route::post('auth/login', 'Auth\AuthController#postLogin');
Route::get('auth/logout', 'Auth\AuthController#getLogout');
// Admin Roles Routes...
Route::get('admin/roles', 'AdminController#showRoles');
});
Now my question is if i user is logout and click on browser back button user login and user can access like add, edit, delete view after logout. So how can i handle this situation. Please help i think some code i miss out.

First of all, your Route::auth() does already has login and logout functions, if you run 'php artisan route:list' in your terminal you can see which routes are available etc..
Second of all you can create a group like shown below for your admin stuff:
Route::group(['middleware' => 'web'], function () {
// Authentication Routes...
Route::auth();
// Admin Roles Routes...
Route::group(['prefix'=>'admin', 'middleware'=>'auth'], function() {
Route::get('roles', 'AdminController#showRoles');
});
});
I hope this works for you ;)
Btw, the Laravel docs tell you a lot..., so make sure you watch them first ;)

First thing is you don't need to apply web middleware as it already applied to your routes by RouteServiceProvider, see https://laravel.com/docs/5.2/middleware#registering-middleware
Secondly, when use Route:auth() it is a shortcut for:
$this->get('login', 'Auth\AuthController#showLoginForm');
$this->post('login', 'Auth\AuthController#login');
$this->get('logout', 'Auth\AuthController#logout');
$this->get('register', 'Auth\AuthController#showRegistrationForm');
$this->post('register', 'Auth\AuthController#register');
$this->get('password/reset/{token?}', 'Auth\PasswordController#showResetForm');
$this->post('password/email', 'Auth\PasswordController#sendResetLinkEmail');
$this->post('password/reset', 'Auth\PasswordController#reset');
So you don't need to define these routes:
Route::post('auth/login', 'Auth\AuthController#postLogin');
Route::get('auth/logout', 'Auth\AuthController#getLogout');
Lastly, why you put login on your home page?
Route::get('/', 'Auth\AuthController#getLogin');
This example should be work:
Route::group(['middleware' => 'auth'], function () {
Route::get('/', function () {
return 'Hello! You are logged in.';
});
// Admin Roles Routes...
Route::get('admin/roles', 'AdminController#showRoles');
});
Route::auth();
With the routes above when unauthenticated user trying to access your home page http://yoursite.com and http://yoursite.com/admin/roles, user will be redirected to http://yoursite.com/login since those pages are protected by auth middleware.

An addition to #Rick answer.
You can also manually set a middleware inside the __construct() function of your controller.
Example:
// SomeController.php
public function __construct()
{
$this->middleware('auth');
}
Documentation

Resources