search

laravel / ideas

Issues board used for Laravel internals discussions.
939 stars 28 forks source link

[Proposal] provide config for (custom) authentication urls #341

Closed Frondor closed 6 years ago

Frondor commented 7 years ago

I've been coding a new package for multi-authentication "out of the box", and I'm facing the problem that I can't use auth:guard middleware because when an unauthenticated user tries to access a protected route (/dashboard/settings), the AuthorizationException redirects to /login route, and I need it to be /dashboard/login instead.

In my opinion, 'login' shouldn't be hardcoded in return redirect()->guest('login') at app/Exceptions/Handler.php#L63

This is the PR I'm proposing https://github.com/laravel/laravel/compare/master...Frondor:master

Modelizer commented 7 years ago

IMO we do not treat login URL as a config? I think you should directly handle it in Handler.php file.

Frondor commented 7 years ago

@Modelizer what if you need to handle it from a package? You can't override/extend that handler's method, which is pretty unique for this specific exception. Anyway, it doesn't feel "right" to me, to hardcode any URL in scaffolding code.

Modelizer commented 7 years ago

It's quite rare we need to handle in an external package, can you give us a package name or a link which override default behavior? or elaborate on your point that its looks we need to put in a config file?

Frondor commented 7 years ago

The case is quite simple and it's explained within a comment in my PR. You (for one of many reasons) decide not to use Auth::routes(), so you add them manually with different URLs. You still use $this->middleware('auth') in your controllers, but, let's say your login route is now example.com/dashboard/signin.

Now, without being authenticated yet, you try to access example.com/dashboard (which is protected with auth middleware). Your request will be rejected because you have no active session, hence the AuthorizationException shall be triggered, which response is handled at https://github.com/laravel/laravel/blob/master/app/Exceptions/Handler.php#L57 And there you go, instead of getting redirected to example.com/dashboard/signin it does redirects you to a route you're not using at all example.com/login.

Yes, you can manually edit the handler but to me, imho, it feels dirty. There's also the case where you are implementing the whole dashboard from a package (routes, views, etc...), you want the user to simply install your package, plug it to config/app.php and play. In that case, you can't use a custom url for login, because there's no way you can handle this from within the package.