Permission for URLs in Laravel? - laravel

May be this type of questions already exits but i didn't find proper solution. I am new in Laravel so sorry for this question.
I am creating a laravel application where user will login and will be access information .
My questions is how to prevent user to access direct URLs.

Put your routes under 'auth' middleware in routes.php file, that way only authenticated users will able to access.
for example like below:-
Route::group(['middleware' => ['auth']], function () {
Route::get('dashboard', [
'uses' => 'DashboardController#index',
'as' => 'dashboard.index',
]);
});
Or you can write custom middleware for user validation.

Adding to Rakesh's answer,
you can also apply the middleware to the controller for the routes you need protected via the constructor.
public function __construct()
{
$this->middleware('auth');
}

Related

Redirect to login when user is not connect

When i want to access to a page in my application i get an exception when i'm not logged in
ErrorException in ec75fc198343b0a46e649467428bd2d5f829caf1.php line 49:
Trying to get property of non-object
Should i make a route middleware group ?
I would like when i want to access to the pages when i'm not logging that the app redirect me directly to the login form without display me this error message !
Someone know how to do that ?
Enable the auth middleware for the action that is responsible for rendering the page. There are multiple ways how you can accomplish this in Laravel. Here are a few of them:
In the routes file for a particular action
Route::get('your/page', ['middleware' => 'auth', 'uses' => 'YourPageController#index']);
or the same thing fluently
Route::get('your/page', 'YourPageController#index')->middleware('auth');
In the routes file for a group of actions/pages
Route::group(['middleware' => ['auth'], function () {
Route::get('your/page', 'YourPageController#index');
});
In the controller
class YourPageController extends Controller
{
public function __construct()
{
$this->middleware('auth'); // you can pass an array of actions/methods that should not be covered by the auth middleware in a second parameter ['except' => 'someaction']
}
}
Edit your Kernel.php and add this to the protected $routeMiddleware part at the end:
'auth' => \App\Http\Middleware\Authenticate::class,
Then in your routes you can use this 'auth' to check if the user is logged in.
For example:
Route::get('/example', 'YourController#getExample')->middleware('auth');
if you don't have a middleware or you have any trouble follow this https://laravel.com/docs/5.4/authentication
Include the Middleware in routes.
Route::get('/Demo','DemoLine#index')->middleware('auth');

Redirect to Login page if ther user not logged in Laravel

I am using Laravel version 5. I have a route file for my project which contains plenty of lines. I need to put authentication like Redirect to login page if the user is not logged in. And I also want to prevent direct URL access if the user not logged in. What can I do?
And I have used below code
Route::group(array('before' => 'auth'), function(){
Route::get('/', 'HomeController#index');
});
But this prevents only for home page. I need to protect All my routes. And also suggest me how to reduce route file lines.
You can put as many routes in a Group as you like to
Route::group(array('before' => 'auth'), function(){
Route::get('/', 'HomeController#index');
Route::post('store', 'HomeController#store');
Route::get('show', 'AnotherController#index');
// ...
});
If you really need to protect all your routes, you could add
public function __construct()
{
$this->middleware('auth');
}
To your main controller class, Http/Controllers/Controller
Edit for your comment, taken from the docs, you may use
return redirect()->intended('view');
/**
* Handle an authentication attempt.
*
* #return Response
*/
public function authenticate()
{
if (Auth::attempt(['email' => $email, 'password' => $password]))
{
return redirect()->intended('dashboard');
}
}
}

Laravel 5 Authentication: change the default routes

I have just set up my Laravel installation and I have been reading the documentation and it appears that it ships with a authentication system built in. Which I would like to use rather than build my own ( which I have done in the previous version)
My question is I would like to change the default routes and the structure to something like:
www.example.com/register and www.example.com/login
At the moment it uses an auth folder so www.example.com/auth/register and www.example.com/auth/login
I just think that my way is cleaner and more user friendly. I would also like to change the forgot password to www.example.com/forgot-password
I have tried various examples and even new routes etc but I keep getting a not found exception. It is just bugging me as I would like to keep what is already there but alter it slightly as they say dont fix what is not broken.
Hopefully someone can point me in the right direction.
By default the default auth routes use Route::controllers(['auth' => 'Auth\AuthController']), the Route::controller() method generates the routes based upon the functions available on the controller.
You should be able to remove this line and create your own routes for them. If you look at the Illuminate/Foundation/Auth/AuthenticatesAndRegistersUsers trait you can see the functions available. Simply map your routes to those functions available on your auth controller.
Heres a couple to get your started
Route::get('/register', ['uses' => 'Auth\AuthController#getRegister']);
Route::post('/register', ['uses' => 'Auth\AuthController#postRegister']);
Route::get('/login', ['uses' => 'Auth\AuthController#getLogin']);
Route::post('/login', ['uses' => 'Auth\AuthController#postLogin']);
You can set $loginPath property in AuthController
These are some other properties you may also need
Where user is redirected after logout
$redirectAfterLogout
The post register / login redirect path
$redirectPath
Path to the login route.
$loginPath
class AuthController extends Controller {
protected $loginPath = 'login'; //example.com/login
use AuthenticatesAndRegistersUsers;
public function __construct(Guard $auth, Registrar $registrar)
{
$this->auth = $auth;
$this->registrar = $registrar;
$this->middleware('guest', ['except' => 'getLogout']);
}
}

Redirect to Login if user not logged in Laravel

i am new to laravel,
i have code in my controller's __construct like
if(Auth::check())
{
return View::make('view_page');
}
return Redirect::route('login')->withInput()->with('errmessage', 'Please Login to access restricted area.');
its working fine, but what i wants is. its really annoying to put these coding in each and every controller, so i wish to put this Verify Auth and redirect to login page in one place, may be in router.php or filters.php.
I have read some posts in forum as well as in stackoverflow, and added code in filters.php like below but that's too not working.
Route::filter('auth', function() {
if (Auth::guest())
return Redirect::guest('login');
});
Please help me to resolve this issue.
Laravel 5.4
Use the built in auth middleware.
Route::group(['middleware' => ['auth']], function() {
// your routes
});
For a single route:
Route::get('profile', function () {
// Only authenticated users may enter...
})->middleware('auth');
Laravel docs
Laravel 4 (original answer)
That's already built in to laravel. See the auth filter in filters.php. Just add the before filter to your routes. Preferably use a group and wrap that around your protected routes:
Route::group(array('before' => 'auth'), function(){
// your routes
Route::get('/', 'HomeController#index');
});
Or for a single route:
Route::get('/', array('before' => 'auth', 'uses' => 'HomeController#index'));
To change the redirect URL or send messages along, simply edit the filter in filters.php to your liking.
To avoid code repetition, You can use it in middleware. If you are using the Laravel build in Auth, You can directly use the auth middleware as given,
Route::group(['middleware' => ['auth']], function() {
// define your route, route groups here
});
or, for a single route,
Route::get('profile', function () {
})->middleware('auth');
If you are building your own, custom Authentication system. You should use the middleware which will check the user is authenticated or not. To create custom middleware, run php artisan make:middleware Middelware_Name_Here and register the newly created middleware.
It's absolutely correct what other people have replied.
This solution is for Laravel 5.4
But just in case, if you have more than one middleware applying to routes, make sure 'auth' middleware comes in the end and not at the start.
Like this:
Route::prefix('/admin')->group(function () {
Route::group(['middleware' => 'CheckUser', 'middleware' => 'auth'], function(){
});
});
Route::middleware(['auth'])->group(function () {
Route::get('dashboard','BackendController#dashboard')->name('dashboard');
});
This entry in the web.php route will take the user [who is not logged in] to the login page if (s)he tries to access a 'protected' URL, "dashboard" in this case.

Auth on create resource causing routing problems

I am trying to require auth before reaching the create resource and have seperated my resource routes accordingly.
Route::resource('posts','PostsController', ['except' => ['store','edit','update','destroy','create']]);
Route::group(['before'=>'auth'], function() {
Route::resource('posts','PostsController', ['only' => ['store','edit','update','destroy','create']]);});
Now for some reason when going to posts/create it redirects me to the show route. The auth is working fine on all other routes, and when create is removed it asks for login upon posting the create, but obviously I would like this section to be off limits regardless.
I would suggest you use controller filters instead.
This simplifies the routing to this:
Route::resource('posts', 'PostsController');
And in your post controller's constructor, you can configure the filter:
public function __construct()
{
$this->beforeFilter('auth', array('except' => array('index', 'show')));
}

Resources