Laravel form validation directly displays Forbidden solution?

Question

// App\Http\Requests\LoginRequest

<?

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;

class LoginRequest extends FormRequest
{

    public function authorize()
    {
        return false;
    }


    public function rules()
    {
        return [
            'username' => [
                'required',
            ]
        ];
    }
}

// App\Http\Controllers\Admin
<?php


namespace App\Http\Controllers\Admin;
use App\Http\Requests\LoginRequest;
use Illuminate\Cache\RateLimiter;


/**
 * Class Auth
 * @package App\Http\Controllers\Admin
 */
class Auth extends BaseController
{

    public function login()
    {
        return view('admin.login');
    }

    public function dologin(LoginRequest $request)
    {
        dd($request->fails());

        $rl = app(RateLimiter::class);
        $res = $rl->tooManyAttempts($this->getFailKey($request),5,3);
        if ($res)
            return redirect()->back()->withErrors(['errors'=>'3分钟内错误超过5次，请稍后重试']);
        $rl->hit($this->getFailKey($request));
    }

    private function getFailKey(Request $request)
    {
        return $request->input('username').':'.$request->ip();
    }
}

postForbidden is displayed directly after logging in. Why?

update The problem has been solved.

authorize should return true. Return false and a forbidden message will appear. But here comes the problem. I want to handle the logic myself when auth is false. What to do?

Answer 1

Override the following method of the base class:

    /**
     * Get the response for a forbidden operation.
     *
     * @return \Illuminate\Http\Response
     */
    public function forbiddenResponse()
    {
        return new Response('Forbidden', 403);
    }
    

Override this method according to your own logic under your LoginRequest.