laravel with multi auth: middleware for multiple user

@pdlbibek

Since you have different middleware, you can define which route is accessible via which types of users.

For example-

// For admin access only.
Route::get('/route-b', function () {
    //
})->middleware('auth'); 

// For Student access only. 
Route::get('/route-c', function () {
    //
})->middleware('auth.student');

// For both, Admin and Student access. 
Route::get('/route-D', function () {
    //
})->middleware('auth', 'auth.student');

Check more: https://laravel.com/docs/master/middleware#assigning-middleware-to-routes

If I assign middlewares as above, I get this error: Call to a member function middleware() on null

If I assign middleware like the following, I can't access the routes by both the users and throws It redirects to many times error

Route::group(['prefix'=>'admin',  'middleware'=> ['auth', 'auth:student'] ], function () {}

Also Target class [auth.student] does not exist. if I use "auth.student"

@pdlbibek You don't have any routes in your group. Also your tag is not closed properly.

Route::prefix('admin')->middleware(['auth', 'auth:student'])->group(function () {

    Route::get('users', 'UserController@index'); // Missing this?

});

@fylzero I do have routes in my group, just showing the relevant line of code here :) Here for example:

Route::group(['prefix'=>'admin',  'middleware'=> ['auth', 'auth:student'] ], function () {
       Route::get('home', 'DashboardController@display')->name('admin.home');
}

@pdlbibek Try writing the group tag as I have it, let me know if you get the same error.

You aren't closing that tag properly...

Either do this...

Route::group(['prefix'=>'admin',  'middleware'=> ['auth', 'auth:student'] ], function () {
    Route::get('home', 'DashboardController@display')->name('admin.home');
});

Or even better, this...

Route::prefix('admin')->middleware(['auth', 'auth:student'])->group(function () {
    Route::get('home', 'DashboardController@display')->name('admin.home');
});

@fylzero I have it exactly like your first example.

And I get this error as I've mentioned earlier: localhost redirected you too many times.

my kernel.php is something like this:

    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'student' => \App\Http\Middleware\Student::class,
    ];

@pdlbibek That likely solved one problem and revealed another. Sounds like you have an infinite redirect, probably in your middleware.

It could just be cookies glitching on the login. Try using it with an incognito window or clear your cookies and try again.

@fylzero Tried on incognito, and also by clearing cache/cookies.

same results:

• ERR_TOO_MANY_REDIRECTS from admin user (this is the same page an admin user is redirected to after login)

• Redirects to students page (i.e defined on ReddirectIfAuthenticated.php) for student user

@pdlbibek So based on your middlewear your routes should be...

Route::prefix('admin')->middleware(['auth', 'student'])->group(function () {
    Route::get('home', 'DashboardController@display')->name('admin.home');
});

I'm assuming you're trying to hit the /home route... can you post your DashboardController display method? Also, post your student middlewear.

@fylzero The display method is pretty simple:

    public function display() 
    {
        $title = 'Dashboard';
        $totalusers = User::count();
        $totalstudents = Student::count();
    return view('dashboard.home', compact('title', 'totalusers','totalstudents'));
    }

I have doubts on the way I have my handle set on my student middleware:

    public function handle($request, Closure $next)
    {
        if (!Auth::check()) {
            return redirect()->route('studentlogin');
        }
        if(Auth::guard('student')->check()){
            return $next($request);
        }
        return redirect('admin/home')->with('error','You don\'t have admin or student access');
    }

@pdlbibek Comment this out like this and let me know if the redirect error goes away.

public function handle($request, Closure $next)
{

    // if ( ! Auth::check() ) {
    //     return redirect()->route('studentlogin');
    // }

    // if( Auth::guard('student')->check() ){
        return $next($request);
    // }

    // return redirect('admin/home')->with('error','You don\'t have admin or student access');

}

Also, you don't need to auth check here. That is what your auth middleware is doing already.

So remove that. That actually might be your problem. If this middleware is running and you aren't yet authenticated, that would probably cause a loop. Depending on the order your auth middleware is loaded in.

@fylzero The ERR_TOO_MANY_REDIRECTS when an admin user login, is gone now, Thanks!

But I still can't access the route from student user given that I've 'middleware'=> ['auth', 'student'] defined on the route.

Also, I am now confused about the way middlewares are assigned like 'student' vs 'auth.student' vs 'auth:student'

@pdlbibek I think you're conflating auth:api with how your custom middleware is defined.

You didn't define your middleware as auth:student... you defined it as student so use that.

['auth', 'student'] is what you want because you want auth and student middleware. That array will apply both. auth:student means nothing because it isn't defined.

Look at kernel.php that is where you define the aliases for your middleware.

Don't let the colon confuse you. It is simply part of the alias name for auth:api. You could use auth:student if you define it that way... but I would avoid doing that so it doesn't confuse you or another developer later. Stick with simple names if you can.

@fylzero Great insights. Thanks!

For larausers wandering around the same issue, You can find the details about this issue & answer on:

https://laracasts.com/discuss/channels/laravel/laravel-6-multi-auth-routing