search

fisayoafolayan / laravel-multiple-auth

A simple implementation of multiple authentication in Laravel. To follow along, this application has been documented as an article on Pusher blog.
81 stars 60 forks source link

'/admin' view is accessible without creating valid user? #2

Closed sijn82 closed 4 years ago

sijn82 commented 5 years ago

Thanks for your great tutorial, I found it easy to follow and understand (or so I'd thought 😉 ) each part of the process. However even though I haven't created any users for the site yet, I can still access the '/admin' and '/writer' pages and see the logged in message. Did I misunderstand a step? Or basically where would you look to diagnose this issue?

This is the app/Exceptions/handler (nb as you can see I changed the /writer for /warehouse but otherwise mirrored the tutorial exactly.

    {
        if ($request->expectsJson()) {
            return response()->json(['error' => 'Unauthenticated.'], 401);
        }

        if ($request->is('admin') || $request->is('admin/*')) {
            return redirect()->guest('/login/admin');
        }

        if ($request->is('warehouse') || $request->is('warehouse/*')) {
            return redirect()->guest('/login/warehouse');
        }

        return redirect()->guest(route('login'));
    } ```

 and my Http/Controllers/Auth/LoginController

```     public function __construct()
    {
        $this->middleware('guest')->except('logout');
        $this->middleware('guest:admin')->except('logout');
        $this->middleware('guest:warehouse')->except('logout');
    }

    // Login Form for Admins, determine template and url path
    public function showAdminLoginForm()
    {
        return view('auth.login', ['url' => 'admin']);
    }

    // Choose which fields require validation and what to do after the authentication check i.e redirects
    public function adminLogin(Request $request)
    {
        $this->validate($request, [
            'email'   => 'required|email',
            'password' => 'required|min:6'
        ]);

        if (Auth::guard('admin')->attempt(['email' => $request->email, 'password' => $request->password], $request->get('remember'))) {

            return redirect()->intended('/admin');
        }
        return back()->withInput($request->only('email', 'remember'));
    }

    // Login for Warehouse Operatives, determine template and url path
    public function showWarehouseLoginForm()
    {
        return view('auth.login', ['url' => 'warehouse']);
    }

    // Choose which fields require validation and what to do after the authentication check i.e redirects
    public function warehouseLogin(Request $request)
    {
        $this->validate($request, [
            'email'   => 'required|email',
            'password' => 'required|min:6'
        ]);

        if (Auth::guard('warehouse')->attempt(['email' => $request->email, 'password' => $request->password], $request->get('remember'))) {

            return redirect()->intended('/warehouse');
        }
        return back()->withInput($request->only('email', 'remember'));
    } ```

and my web.php

``` Route::view('/', 'welcome');
Auth::routes();

Route::get('/login/admin', 'Auth\LoginController@showAdminLoginForm');
Route::get('/login/warehouse', 'Auth\LoginController@showWarehouseLoginForm');
Route::get('/register/admin', 'Auth\RegisterController@showAdminRegisterForm');
Route::get('/register/warehouse', 'Auth\RegisterController@showWarehouseRegisterForm');

Route::post('/login/admin', 'Auth\LoginController@adminLogin');
Route::post('/login/warehouse', 'Auth\LoginController@warehouseLogin');
Route::post('/register/admin', 'Auth\RegisterController@createAdmin');
Route::post('/register/warehouse', 'Auth\RegisterController@createWarehouse');

Route::view('/home', 'home')->middleware('auth');
Route::view('/admin', 'admin');
Route::view('/warehouse', 'warehouse');

I'm using Laravel 5.7 in the latest Homestead box.

Thanks for any advice, and for the informative tutorial.

sijn82 commented 5 years ago

EDIT: After playing around with it a little I ended up just trying

Route::view('/admin', 'admin')->middleware('auth:admin');

on the route in web.php and it's behaving as I expected/wanted. Now navigating to the '/admin' url redirects to the 'login/admin' unless it's a valid user. Was this missing from your tutorial steps or have I bypassed key functionality or basically done something weird by taking this approach? Thanks.

Belhedi94 commented 5 years ago

Hi , Just make sure to include : use Exception; use Request; use Illuminate\Auth\AuthenticationException; use Response; in handler file :)

marcesdan commented 5 years ago

update the repo please...

Route::view('/admin', 'admin')->middleware('auth:admin'); Route::view('/writer', writer')->middleware('auth:writer');

lanwilds commented 5 years ago

I spent lot while doing this multi auth and its working fine now.. Written Tutor https://codemeda.com/how-to-use-multiple-authentication-table-in-laravel-app/ Git repo https://github.com/lanwilds/laravel-multi-auth-guards

fisayoafolayan commented 4 years ago

Hi guys,

I'll like to apologize for this really late response. The codebase has been updated,

I no longer directly maintain this codebase. Should you have new suggestions and fixes, please do submit a PR. Raising a PR will go a long way instead of issues.

Thank you