search

Home  >  Q&A  >  body text

Laravel middleware cannot recognize that user is logged in

I'm using Laravel 8 and I want to apply a middleware to check if the user has is_staff or is_superuser set to 1 then he can access the admin Dashboard, otherwise he wouldn't be able to access it.

To do this I created this:

public function handle($request, Closure $next)
    {
        if(Auth::check()) {
            if(auth()->user()->isSuperUser() || $request->user()->isStaffUser()) {
                return $next($request);
            }else{
                return redirect('/home');
            }
        }else{
            return redirect('/');
        }
    }

Now the problem is that it returns redirect('/'); means the middleware doesn't recognize that the user is logged in, but he is already logged in.

I have registered the middleware like this:

protected $routeMiddleware = [
...
'auth.admin' => \App\Http\Middleware\AdminAuthenticated::class,

and apply it to my admin route (RouteServiceProvider.php):

public function boot()
    {
        $this->configureRateLimiting();

        $this->routes(function () {
            ...

            Route::middleware('auth.admin')
                ->namespace($this->namespace)
                ->prefix('admin')
                ->group(base_path('routes/web/admin.php'));
        });
    }

This is admin.php Route:

Route::get('/',function (){
    return view('admin.master');
});

So what’s the problem here? How can I solve this problem?

P粉935883292P粉935883292245 days ago375

reply all(2)I'll reply

  • P粉354602955

    P粉3546029552024-03-26 21:14:39

    You're not showing the entire route, but I bet your usage will never be logged.

    You may apply for:

    Route::middleware('auth.admin')
                    ->namespace($this->namespace)
                    ->prefix('admin')
                    ->group(base_path('routes/web/admin.php'));

    For all management routes. So you have the login form and when you fill in the login data the user hits some endpoint which also has this middleware applied so it never reaches your controller where the user is actually logged in because the middleware redirects back to /.

    All routes except login/reminder password should apply middleware, otherwise login will not be possible.

    reply
    0
  • P粉797004644

    P粉7970046442024-03-26 20:56:59

    I think you also need to add the web middleware to the admin route.

    public function boot()
    {
        $this->configureRateLimiting();
    
        $this->routes(function () {
                ...
            Route::middleware(['web', 'auth.admin'])
                ->namespace($this->namespace)
                ->prefix('admin')
                ->group(base_path('routes/web/admin.php'));
        });
    }
    

    Auth::check() Try to get the currently logged in user from the session.

    web The middleware group activates the session, which applies a bunch of middleware

    //app/Http/Kernel.php
     'web' => [
         \App\Http\Middleware\EncryptCookies::class,            
         \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
         \Illuminate\Session\Middleware\StartSession::class,
         \Illuminate\View\Middleware\ShareErrorsFromSession::class,
         \App\Http\Middleware\VerifyCsrfToken::class,
         \Illuminate\Routing\Middleware\SubstituteBindings::class,
     ],
    

    Without web Middleware sessions will not be available

    reply
    0
  • Cancelreply