I use Laravel 5.2 and I am interested how to secure all controller if user is not authorized.
In this case user should be redirect to login page.
I try to make this using routing.
I set this code above all routes:
Route::auth();
use middleware. It will help to filter and secure all routes
https://laravel.com/docs/5.2/middleware
You have to just wrap up all needed routes by middleware group.
Route::group(['middleware' => 'auth'], function () {
Route::get('path1');
Route::get('path2');
Route::get('path3');
etc....
});
Also you need to create middleware class and register it in kernel
Related
I have some routes use with middleware
here is one example
Route::get('/TobeSubmit', 'AddsController#tobeSubmit')->name('TobeSubmit');
when I use this route outside of middleware its working. here is that middleware
Route::group(['middleware' => ['auth','Admin']],function (){ });
when I use that route inside middleware
Route::group(['middleware' => ['auth','superuser']],function (){
Route::get('/TobeSubmit', 'AddsController#tobeSubmit')->name('TobeSubmit');});
like this, its not working, that route use for data retrieving via AJAX.
The obvious response would be that the middleware is blocking the request, which in this case would mean that the requestor is not an Admin. Unfortunately we would need more information about the request in order to help you further.
This is my first laravel project. I am making a website with login user.I question is when i enter my url then open always home page.If user logged in then it show name in navbar and for guest always show as a guest.I don't want to change url for both case....Even when a guest after login it goes to same url but then that user show as a auth user. Please help me How can I do that. I take concept from ecommerce website.
Route::group(['middleware' => 'web'], function () {
Route::get('/', 'WebController#loadPage');
Route::get('/signin', 'WebController#login');
});
this is my route.I already change navbar using #auth and #guest.But how to check at first that the user r auth or not without changing url.
You can use middleware for authenticated routes.
if you using default auth of laravel then simply set route middleware for your authenticated routes like below
Route::group(['middleware' => 'auth'],function (){
//Your Protected routes goes here
});
or if you want to redirect your user to some custom route after login then simple you can edit this in LoginCOntroller inside Controller/Auth and set varibale protected $redirectTo = '/YourRedirectionPath';
I suggest you read the documentation it is well documented Authentication documentation
I have the following route in my routes/api.php:
Route::group(['middleware' => ['auth']], function () {
Route::get('users/', 'Api\UserController#index');
});
This constantly redirects me to my dashboard.
Then I try this:
Route::get('users/', 'Api\UserController#index')->middleware('auth');
This works but it doesn't not protect the route, so I can still access it if I am logged out.
Any Ideas why this is? I'm not sure what the best way is to authenticate API routes, what it the usual convention?
I am using Laravel 5.5
You can't use auth middleware in api.php routes, only in web.php. But you may use the auth:api middleware.
https://laravel.com/docs/5.5/passport#protecting-routes
I'm using Laravel 5.2. I'd like to log a user by his id and then redirect him to the dashboard but it's not working.
I did this:
$result = Auth::loginUsingId($id);
var_dump($result->toArray());
and the result is fine. It returns the object user with all his data.
But after redirecting the user to the dashboard with return redirect()->route('dashboard'); it send me to login page!
I discover then that Auth::user() returns null !
What shall i do?
Thanks
Authentication needs sessions and for sessions to work you need to use the web middleware. So the routes that need working sessions should be defined like this:
Route::group(['middleware' => ['web']], function () {
// Routes that need sessions go here
});
Use $redirectTo as stated in the documentation, if you get into login again Auth wasn't successful, perhaps something related with session or cookies, or just a bad time configuration. Try Auth::loginUsingId($id, true); then.
I'm new to laravel framework and I used the laravel-5.2 out of the box user authentication feature for creating a user authentication system. It is working fine. But when I want my home page to be displayed not the login page as the root. That is I want to access the login via the home page not the login page first. How can I customize my routes.
Just make sure that your home page route is not protected by the auth middleware. The default auth scaffolding provided by Laravel generates the following "home" route:
Route::get('/home', 'HomeController#index');
Inside the HomeController, in the constructor, is the following statement:
public function __construct()
{
$this->middleware('auth');
}
This means that any route handled by this controller is subject to the auth middleware: if you're not logged in, you'll be redirected to the login page. So, if you don't want your "home" route to be protected by auth, you need to either remove the auth middleware from the HomeController, or create a new controller to handle your "home" route, one which does not use the auth middleware.