emexrevolarter's avatar

Laravel login not working on web , but only on graphql

I could login successfully using graphql endpoint from postman, but after setting up a form the laravel backend, and access it through a browser, it doesn't login the user in.

What could be wrong please? See my set-up below:

RegisteredUserController

class RegisteredUserController extends Controller
{
    /**
     * Handle an incoming registration request.
     *
     * @throws \Illuminate\Validation\ValidationException
     */
    public function store(Request $request): Response
    {
        $rules = [
            'firstname' => ['required', 'string', 'max:255'],
            'lastname' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'email', 'max:255', 'unique:'.User::class],
            'password' => ['required', 'confirmed', 'max:40', Rules\Password::min(6)
                ->letters()
                ->mixedCase()
                ->numbers()
                ->symbols()
                ->uncompromised()
                ]
            ];
            

        $validator = Validator::make($request->all(),$rules);

        if($validator->fails()) {

            throw ValidationException::withMessages(['error'=>$validator->errors()]);
            // return response()->json(['error'=>$validator->errors()], 401);
         }

         try {
            $user = User::create([
                'lastname' => $request->lastname,
                'firstname' => $request->firstname,
                'email' => $request->email,
                'password' => Hash::make($request->password),
                'role' => json_encode(config('constants.roles.user'))
            ]);
    
            event(new Registered($user));
    
            Auth::login($user);
    
            return response()->noContent();
         } catch(\Exception $e){
            // return redirect()->back()->with('error','Something goes wrong while uploading file!');
            throw new CustomException(
                config('constants.errors.invalid_upload').' Something went wrong',
                $e
                // config('constants.errors.error_reason')
            );
        }
    }
}

login.blade.php



            <form action="{{ route('login') }}" method="POST">
                @csrf
                <div class="modal-body">
                    <div class="form-group required">
                        <label for="name">Email</label>
                        <input type="email" class="form-control" id="name" name="email" placeholder="Email">
                    </div>
                    <div class="form-group required">
                        <label for="password">Password</label>
                        <input type="password" class="form-control" id="password" name="password" placeholder="password">
                    </div>
                    <div class="form-group required">
                        <label for="password">Remember Me</label>

                        <input class="form-check-input" type="checkbox" name="remember" id="flexCheckChecked" checked>
                    </div>
                    <div class="form-group required">
                        <input type="hidden" class="form-control" id="api" name="api_secret" value="{{env('API_SECRET')}}" >
                    </div>
                </div>
                <div class="modal-footer mt-3">
                    <button type="submit" class="btn btn-success">Login</button>
                </div>
            </form>

Note:

The Laravel app has the below modifications as per scaffolding

  1. I installed Auth Starter kit (breeze)
composer require laravel/breeze --dev
  1. Implemented API scaffold
php artisan breeze:install api

I suspect that the above may be the culprit. Actually, I wish to use the web (blade templates) for all admin management actions on the server. However, since graphql requests work so well, I am considering using the endpoint for admin actions as well.

0 likes
2 replies
LaryAI's avatar
Level 58

The issue could be related to CSRF protection. When accessing the login form through a browser, Laravel expects a CSRF token to be included in the request. However, when accessing the GraphQL endpoint through Postman, the CSRF token is not required.

To fix this issue, you can include the CSRF token in your login form by adding the following code to your form:

@csrf

This will include a hidden input field with the CSRF token in your form. Alternatively, you can disable CSRF protection for the login route by adding the following code to your app/Http/Middleware/VerifyCsrfToken.php file:

protected $except = [
    'login',
];

This will exclude the login route from CSRF protection. However, this is not recommended as it can leave your application vulnerable to CSRF attacks.

emexrevolarter's avatar

I updated the question with the login.blade.php code CSRF is included. I need a pointer in the right direct to resolve this problem.

Please or to participate in this conversation.