Community Learn Tools Library Leisure
search
English
Laravel middleware cannot recognize that user is logged in
P粉935883292
P粉935883292 2024-03-25 23:18:57
0
2
363

I'm using Laravel 8 and I want to apply a middleware to check if the user has is_staff or is_superuser set to 1 then he can access the admin Dashboard, otherwise he wouldn't be able to access it.

To do this I created this: 

public function handle($request, Closure $next)
    {
        if(Auth::check()) {
            if(auth()->user()->isSuperUser() || $request->user()->isStaffUser()) {
                return $next($request);
            }else{
                return redirect('/home');
            }
        }else{
            return redirect('/');
        }
    }

Now the problem is that it returns redirect('/'); means the middleware doesn't recognize that the user is logged in, but he is already logged in.

I have registered the middleware like this: 

protected $routeMiddleware = [
...
'auth.admin' => \App\Http\Middleware\AdminAuthenticated::class,

and apply it to my admin route (RouteServiceProvider.php): 

public function boot()
    {
        $this->configureRateLimiting();

        $this->routes(function () {
            ...

            Route::middleware('auth.admin')
                ->namespace($this->namespace)
                ->prefix('admin')
                ->group(base_path('routes/web/admin.php'));
        });
    }

This is admin.php Route: 

Route::get('/',function (){
    return view('admin.master');
});

So what’s the problem here? How can I solve this problem?

P粉935883292
P粉935883292

reply all(2)
P粉354602955
P粉3546029552024-03-26 21:14:39 2 floor

You're not showing the entire route, but I bet your usage will never be logged.

You may apply for:

Route::middleware('auth.admin')
                ->namespace($this->namespace)
                ->prefix('admin')
                ->group(base_path('routes/web/admin.php'));

For all management routes. So you have the login form and when you fill in the login data the user hits some endpoint which also has this middleware applied so it never reaches your controller where the user is actually logged in because the middleware redirects back to /.

All routes except login/reminder password should apply middleware, otherwise login will not be possible.

Like +0
Add Reply
P粉797004644
P粉7970046442024-03-26 20:56:59 1 floor

I think you also need to add the web middleware to the admin route. 

public function boot()
{
    $this->configureRateLimiting();

    $this->routes(function () {
            ...
        Route::middleware(['web', 'auth.admin'])
            ->namespace($this->namespace)
            ->prefix('admin')
            ->group(base_path('routes/web/admin.php'));
    });
}

Auth::check() Try to get the currently logged in user from the session.

web The middleware group activates the session, which applies a bunch of middleware

//app/Http/Kernel.php
 'web' => [
     \App\Http\Middleware\EncryptCookies::class,            
     \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
     \Illuminate\Session\Middleware\StartSession::class,
     \Illuminate\View\Middleware\ShareErrorsFromSession::class,
     \App\Http\Middleware\VerifyCsrfToken::class,
     \Illuminate\Routing\Middleware\SubstituteBindings::class,
 ],

Without web Middleware sessions will not be available

Like +0
Add Reply
Popular Topics
More>
Popular Articles
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template