12

Laravel 5.1 really had minimal documentation.. I need clear idea about how to protect routes using Auth middileware..

Documentation tells to add "middleware" => "auth" parameter to route. or can do

    public function __construct() 
    {
      $this->middleware('auth');
    }

But How to use Auth middleware for actual user authentication and auto redirection to /login from protected routes ??

Improve this question

4 Answers 4

Reset to default
14

In Kernel.php - there are registered middlewares under protected $routeMiddleware like this:

/**
 * The application's route middleware.
 *
 * @var array
 */
protected $routeMiddleware = [
    'auth' => 'App\Http\Middleware\Authenticate',
    'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
    'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
];

You can see 'auth' is registered for using App\Http\Middleware\Authenticate.

Then you can follow this path - if you open /app/Http/Middleware/Authenticate.php, you will find public function handle:

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($this->auth->guest())
        {
            if ($request->ajax())
            {
                return response('Unauthorized.', 401);
            }
            else
            {
                return redirect()->guest('auth/login');
            }
        }

        return $next($request);
    }

and here is where redirection is managed, and you can modify it for your own needs, or you can create custom middleware.

finally - as it is written in documentation - in the controller, which will need to be authenticated, you will add

public function __construct() 
{
  $this->middleware('auth');
}

You can create a custom middleware if provided ones do not suit your needs.

Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

I already did this..all.. I was thinking left something..as my controller urls are not redirecting to login url for guests.. I am using controller created using command for resource controller
so is a routing issue? maybe you need to customize routes?
Route::group(['prefix' => 'user'], function() { Route::get('/', ['uses' => 'UserController@index']); Route::match(['get'], '/logout', ['uses' => 'UserController@logout']); Route::match(['post', 'get'], '/login', ['uses' => 'UserController@login']); Route::match(['post', 'get'], 'register', array('uses' => "UserController@register")); Route::get('/profile', array('uses' => "UserController@profile")); });
try to use it like: Route::group(['prefix' => 'user'], function() { Route::get('/', ['uses' => 'UserController@index']); Route::get('/logout', ['uses' => 'UserController@logout']); Route::get('/login', ['uses' => 'UserController@login']); Route::get('/register', ['uses' => 'UserController@register']); Route::get('/profile', ['uses' => "UserController@profile"]); }); hm, I'm not sure as I don't know what you have in UserController. For example, for post actions I use different methods like 'postLogin'...
Actually Laravel 5 is awesome.. PHP Namespaces is what you should have strong understanding about.
|
7

On laravel 5.2 if you want to hide the registration form or the login form views you should use your middleware as:

$this->middleware('mymiddleware', ['only' => ['register', 'showRegistrationForm', 'login', 'showLoginForm']]);

OR

$this->middleware('mymiddleware', ['except' => ['register', 'showRegistrationForm', 'login', 'showLoginForm']]);

That is because the register and login routes are the post methods on the AuthController while showXxxxForm are the form views.

Hope it helps anyone.

Improve this answer

Comments

2

In Laravel, Middleware is used make to some Routes are access only to the User when User is login, Otherwise it will redirect to the Login Page.

Auth::routes();
Route::middleware(['auth'])->group(function () {
//After Login the routes are accept by the loginUsers...

}
Route::middleware(['admin'])->group(function(){
//the Admin is logged in to access the Routes...
}
Improve this answer

Comments

0

//login authentication using middleware

1) make middleware:

php artisan make:middleware adminAuth

2) write in middleware file:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class loginAuth
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        $isAuthenticatedAdmin = (Auth::check());

        //This will be excecuted if the new authentication fails.
        if (!$isAuthenticatedAdmin){

            return redirect()->route('login')->with('message', 'Authentication Error.');
        }
        return $next($request);

    }
}

3) add app/http/kernal.php inside below line

protected $routeMiddleware = [
  'adminAuth' => \App\Http\Middleware\AdminAuth::class //Registering New Middleware
];

4)add routes in middleware:

Route::get('login',[AuthController::class,'index'])->name('login'); //named route

Route::get('dashboard',function(){
    return view('admin-page.dashboard');
})->middleware("adminAuth");
Improve this answer

1 Comment

I think you need to change the classname from loginAuth to AdminAuth.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.