I have problem with my custom middleware. It doesn't work. I have registered it in Kernel.php, only in $routeMiddleware. Here is my code:
/**
* The application's route middleware.
*
* #var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'test' => \App\Http\Middleware\TestMiddleware::class
];
}
Here is my Controller Code:
/**
* Middleware Activated
*/
public function __constructor()
{
$this->middleware('test');
}
and here is my custom middleware code:
protected $auth;
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (!$this->auth->check())
{
return redirect('/');
}
return $next($request);
}
When I'm logout and type in url
profile/21
it shows me the profile of user with id 21. I want to prevent that with middleware but it won't work for me.
Does anyone have an idea how to do that or where is the mistake?
To make sure if the middleware gets triggered put something like die('middleware triggerd'); inside the handle function of the middleware.
I noticed you have function __constructor() instead of function __construct().
That might be the problem.
If it does trigger the middleware but you still have the same problem try replacing:
if (!$this->auth->check()) with if (!\Auth::check())
Related
I did a custom middleware to handle the auth api token and I call this middleware in the controller, but it's not working I added dd('') inside the middleware to see if it displays anything and it did not worked.
My middleware is:
<?php
namespace App\Http\Middleware;
use Closure;
use App\ApiUser;
class ApiAuth
{
/**
* Run the request filter.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next, $var)
{
dd('If I put this dd it does not display anything');
$api_user_count = ApiAuth::where('api_token', $var)->count();
if($api_user_count == 0)
{
abort(403, "Auth failed")
}
return $next($request)
}
}
My controller is, how you can see I am sending a parameter to the middleware:
/**
* Remove the specified resource from storage.
*
* #param int $id
* #return \Illuminate\Http\Response
*/
public function store(Request $request)
{
$this->middleware('apiauth:'.$request->api_token);
$transaction = new Transaction;
$transaction->folio = $request->folio;
$transaction->dte_code = $request->dte_code;
$transaction->cashier = $request->cashier;
$transaction->amount = $request->amount;
if($transaction->save())
{
return response()->json('Ok', 201);
}
else
{
return response()->json('Error', 400);
}
}
I put the middleware in the path App\Http\Middleware\ApiAuth.php
I put the middleware in the kernel.php like this:
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* #var array
*/
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'apiauth' => \App\Http\Middleware\ApiAuth::class, // THIS IS THE MINE
];
The weird thing is that it does not display any error, it's like it does not exist so I wonder what it's wrong with this?
Thanks!
instead of calling the middleware manually from your controller method you can register the middleware to apply only for that one method
public function __construct()
{
$this->middleware('apiauth')->only(['store']);
}
then you can extract the api_token from $request
$api_user_count = ApiAuth::where('api_token', $request-> api_token)->get()->count();
I have the following middleware (LastSeen):
<?php
namespace App\Http\Middleware;
use Closure;
use Carbon\Carbon;
use Illuminate\Contracts\Auth\Factory as Auth;
class LastSeen
{
/**
* The authentication factory instance.
*
* #var \Illuminate\Contracts\Auth\Factory
*/
protected $auth;
/**
* Create a new middleware instance.
*
* #param \Illuminate\Contracts\Auth\Factory $auth
* #return void
*/
public function __construct(Auth $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->check()) {
$user = $this->auth->user();
$user->last_activity = Carbon::now();
$user->save();
}
return $next($request);
}
}
This was mostly taken from this answer ( Check if user online laravel ) as a stop-gap solution to a project I am working on.
I do have a TIMESTAMP column in my users table labeled last_activity and this is my Kernel file global middleware:
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* #var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\App\Http\Middleware\LastSeen::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\ModifyHeadersMiddleware::class,
];
I'm not sure where to go next, I am just beginning on middleware and am still learning but not sure what I'm doing wrong...
Thanks!
The problem is that info about authorized user is stored in session and LastSeen's auth check is running before session was started so it allways return false.
You need to move LastSeen middleware after StartSession middleware:
/**
* The application's route middleware groups.
*
* #var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\LastSeen::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
There are some issues, but the main mistake is you are calling the wrong Auth. You have to call the facade, you are calling the Auth factory. Another thing is, avoid the constructor. Keep it simple. Especially for MiddleWare. One last thing, you are updating the user status, not saving a new entry.
namespace App\Http\Middleware;
use Closure;
use Carbon\Carbon;
use Auth;
class LastSeen
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (Auth::check()) {
$user = Auth::user();
$user->last_activity = Carbon::now();
$user->update();
}
return $next($request);
}
}
I'm setting up a web application in which I would like to distinguish two route groups. Both groups work as expected on their own, but when combined one of them fails. I've checked documentation on L5.4 website and followed instructions. After a whole day of digging decided to ask you.
Here is my routes/web.php file:
Route::group(['middleware' => ['auth']], function () {
Route::group(['middleware' => ['medewerker']], function () {
Route::get('/urencorrectie','UrenRegelsController#urencorrectie');
});
Route::group(['middleware' => ['officemanager']], function () {
Route::get('/', 'DashboardController#index');
Route::post('/', 'DashboardController#index');
Route::get('/profile', function(){
return view('profile');});
});
});
Auth::routes();
Route::get('/home', 'HomeController#index');
In order to enable roles I addes a column Rolid to the user model. Rol 1 is officemanager and role 3 is employee.
Then in the subsequent middleware we find employee.php:
namespace App\Http\Middleware;
use Closure;
use Auth;
class Employee
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if(Auth::user()->Rolid=='3')
{
return $next($request);
}
else
{
return redirect('/home');
}
}
}
The Middleware officemanager.php file contains:
namespace App\Http\Middleware;
use Closure;
use Auth;
class Officemanager
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$user=Auth::user();
if(Auth::user()->Rolid=='1')
{
return $next($request);
}
else
{
return redirect('/home');
}
}
}
The code as is produces the following result:
- When an Officemanager logs in, he/she is redirected to the proper routes. Everything works fine.
- When an Employee logs in, he/she gets redirected to the /home redirect (bottom of routing/web.php file).
Any clues or help is very welcome. Kinda stuck on something probably basic.
[UPDATE]
In kernel.php both classes are mapped:
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'officemanager' => \App\Http\Middleware\Officemanager::class,
'employee' => \App\Http\Middleware\Employee::class,
];
The only thing that I can think of is that the Rolid of employee is not 3 - so try to debug it.
In general, it is not recommended to rely on DB ids in your code, because they can change between environments. I would add a relation for the user model and check the rol name:
User model:
public function role()
{
return $this->belongsTo('App\Role', 'Rolid');
}
Employee middlaware
class Employee
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if(Auth::user()->role->name == 'employee')
{
return $next($request);
}
else
{
return redirect('/home');
}
}
}
Office manger middleware:
class Officemanager
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if(Auth::user()->role->name == 'officemanager')
{
return $next($request);
}
else
{
return redirect('/home');
}
}
}
I have a problem when binding Class in service container. this is my route.
Route::group(['middleware' => 'partner', 'domain' => '{partner}.example.com'], function() {
$firebaseClient = app('App\Services\FirebaseClient');
$firebaseClient->pushData('users.json', ['name' => 'Risal Ganteng']);
});
this is my custom service provider for binding FirebaseClient.
class FirebaseClientServiceProvider extends ServiceProvider
{
/**
* Register FirebaseClient class with the Laravel IoC container.
*
* #return void
*/
public function register()
{
$this->app->bind(\App\Services\FirebaseClient::class, function($app)
{
$config = $app['config'];
$options = [
'api_version' => $config['services.firebase.api_version']
];
return new \App\Services\FirebaseClient($config['services.firebase.database_url'], $options);
});
}
}
and this is my custom route middleware to overide config services.firebase based on subdomain.
class PartnerMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$partner_id = $request->route('partner');
$partner = Partner::findOrFail($partner_id);
// set config
config([
'services.firebase.api_key' => $partner->firebase_api_key,
'services.firebase.auth_domain' => $partner->firebase_auth_domain,
'services.firebase.database_url' => $partner->firebase_database_url,
]);
return $next($request);
}
}
The problem is, when I try to get config in FirebaseServiceProvider the config services.firebase.* value is null because ServiceProvider registered before Route Middleware.
and how to resolve this?
Thank you.
You should not register your service provider in config/app.php file. Register FirebaseClientServiceProvider provider in PartnerMiddleware middleware dynamically.
class PartnerMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$partner_id = $request->route('partner');
$partner = Partner::findOrFail($partner_id);
// set config
config([
'services.firebase.api_key' => $partner->firebase_api_key,
'services.firebase.auth_domain' => $partner->firebase_auth_domain,
'services.firebase.database_url' => $partner->firebase_database_url,
]);
app()->register(FirebaseClientServiceProvider::class);
return $next($request);
}
}
Well, middleware executes much, much later than your service provider so overriding config has no effect. You have to bind your service after you change the config.
Why don't you move the binding to middleware? Just copy paste the whole block from register() and put it after config() in your middleware.
Alternatively, instead of resolving through service container, you could attach Firebase client to Request object in the middleware, after config().
i want to redirect particular page only to https, rest of page will remain in normal http.
i want to do this for payment page only.after successful payment site will run with normal http.
so please help me for do this.
i already try this one.
Route::resource('paynow', ['uses' => 'Account\PaymentController', 'https' => true]);
but this will not work for me.
I would go about it by creating a custom middleware in app\http\middleware to intercept the request before it hits those routes.
<?php
namespace App\Http\Middleware;
use Closure;
class SecurePayment
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->secure()) {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
}
Then add it to app/http/kernel.php in the route middleware group
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* #var array
*/
protected $routeMiddleware = [
.....
'secure-payment' => \App\Http\Middleware\SecurePayment::class,
];
and finally wrap your route in the group
Route::group(['middleware' => ['secure-payment']], function() {
Route::resource('paynow', ['uses' => 'Account\PaymentController']);
}):