Level 75
Apr 8, 2020
6
Level 1
Intended lost after login
Hello :)
i'am using the authentication controllers included with Laravel. So i have the code below:
- in /routes/web.php:
Auth::routes();
Route::get('/home', function () { return view('index'); });
Route::get('/mypage', 'MyController@index');
-
in /app/Http/Controllers/MyController.php
public function __construct(MyRepository $myRepo) {
$this->middleware('auth'); ....}
So i need to be sign in to acces to '/mypage', but i never been redirect to previous page after that. It's always redirect to '/home'
So i change the function in /app/Http/Middleware/RedirectIfAuthenticated.php
public function handle($request, Closure $next, $guard = null) {
if (Auth::guard($guard)->check()) {
return redirect()->intended('/home');
}
return $next($request);
}
And add this function to /app/Http/Controllers/Auth/LoginController.php
public function showLoginForm() {
// Get URLs
$urlPrevious = url()->previous();
$urlBase = url()->to('/');
// Set the previous url that we came from to redirect to after successful login but only if is internal
if(($urlPrevious != $urlBase . '/login') && (substr($urlPrevious, 0, strlen($urlBase)) === $urlBase)) {
session()->put('url.intended', $urlPrevious);
}
return view('auth.login');
}
But the same result, always redirect to '/home', so i search in
/vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php
And i found that function:
protected function sendLoginResponse(Request $request) {
$request->session()->regenerate();
$this->clearLoginAttempts($request);
return $this->authenticated($request, $this->guard()->user())
?: redirect()->intended($this->redirectPath());
}
$request->session()->regenerate(); // regenerate the session so the value in intended() will be deleted!!!
so automatically
return redirect()->intended('/home'); // return always '/home'
Please, do you have any idea how to fix this?
thanks :)
Level 1
Just i wanna say that i know that i can create a custom controller to handle the postLogin like that:
public function postLogin(Request $request) { try { if (Auth::check()) { return Redirect::route('home'); }
// Try to log the user in
if (Auth::attempt(['email' => strip_tags($request->email), 'password' => strip_tags($request->password)])) {
return redirect()->intended('home'); //Redirect back
}
return redirect('login')->with('error', __('auth.Incorrect username or password. Please try again.'));
} catch (Exception $e) {
// Ooops.. something went wrong
return redirect('login')->withInput()->with('error', __('auth.Incorrect username or password. Please try again.'));
}
}
But i really want use the default system in laravel, :)
Level 1
@jlrdw Thank you for your reply :)
But I want to apply it to all routes on my site, so if the user accesses any page that requires authentication, it will be redirected later to the requested page.
I forgot to mention that I use Laravel 5.8 :D
Level 75
That is part of the out of the box Authentication, it's from the trait.
That is put there by Taylor for you to use if needed. I use it to either redirect to a user area or an admin area.
All I know is my out of the box of Authentication works. It seems that the only folks that have problems is when they try to heavily modify it.
You should stick with just letting authentication do its job meaning it requires the user to be logged in.
Then after logged in use authorization to determine who can do what.
Are you aware that Jeffrey has free videos on authentication and on authorization he covers all this.
Just go to the from scratch series.
Level 1
I think the difference between the default authentication process and your proposition that there is no session regeneration, so "return redirect()->intended('/home');" will return the last page visited
without session regeneration, Can it produce a problem (security or other)!
Level 75
My proposition is to use out of the box Authentication just like it scaffolds. And use authorization to determine what the logged in user can or cannot do.
I only used that one method from the trait for a special case. That's what it's there for.
Edit: you may need to set up just a route group. That's what I have a route group for all routes requiring Authentication.
I personally like just regular routes, I don't mess with resource routes.
Please or to participate in this conversation.