Authentication using Laravel auth scaffolding

[clemblanco]

Ok so let's say I've got my own login page using Laravel auth scaffolding and I'm redirecting the admin user to Nova myself, once authenticated.

I've removed withAuthenticationRoutes() and withPasswordResetRoutes() from my own authorization() function within app/Providers/NovaServiceProvider.php overriding the one from nova/src/NovaApplicationServiceProvider.php and all is good until i'm trying to logout.

I've got an admin user who has access to Nova and a simple user who has access to a protected area on my app.

According to nova/src/Http/Controllers/LoginController.php, upon logout Nova is redirecting to /nova using Nova::path() which is a protected route based on the Middleware but will still populate url.intended in the session before redirecting to my own login page.

Once I login again using a simple user (who is not supposed to know about Nova), he gets redirected /nova because it's in the session under url.intended but he doesn't have the right to see Nova so gets the 403 error response from abort(403); from nova/src/Http/Middleware/Authorize.php.

Is there any way I can specify a different path for post logout instead of Nova::path() when I don't need withAuthenticationRoutes()? Or maybe I'm not seeing this straight and I need to change whatever Middleware Nova is using... but no matter the middleware, Nova seem to always try to logout and redirect to/nova.

[clemblanco]

I think I could try to solve this without touching Nova with the following:

• Empty url.intended from the session when I land on my login page and the referrer is from /nova. Bit hacky but could work.
• Try to set Nova path to "" or "/" instead of "/nova"...
• Try to remove Authenticate::class from the middleware used by Nova and code my own one but I don't think the middleware is the issue here as the one from Nova does its job properly: protecting access to /nova.

Also, after reading a bit more here, I think this might be related to #28 #502 #697 #537.

[joachimVT]

I am having the same issue. I'm logged into nova with url.com/cms/ , when I logout from nova I go to my front-end website login. After a successful login I got redirected back to the nova login page. url.com/cms/.

Adding a custom guard for nova users did not fix this issue.

[clemblanco]

Nothing yet...

I could probably look into it and create a PR but there is no public repository as Nova ain't 100% open source.

[davidhemphill]

Feel free to join the repo now and PR this if you'd like if it's still a problem.

[taeo]

@davidhemphill - What do you mean by "join the repo now"? A little guidance would be great if the goal is to help paying customers.

I'm new to Nova and seeing a consistent trend of issues being closed with vague and/or unwelcoming replies from the Nova team.

Issues and questions around how to handle authentication for the front-end of a nova app are common as seen here > https://github.com/laravel/nova-issues/issues/43#issuecomment-424040883

We just added the ability to set a custom guard for Nova. Should come out in the next release.

👆 There was zero follow up on 'how-to'.

[trevorgreenleaf]

Any updates on this?

[colemvn]

Feel free to join the repo now and PR this if you'd like if it's still a problem.

This commit, with others, seemed unresolved. I'm taking this to Nova's support. Care to do any follow up on this matter?

[packytagliaferro]

I agree with @taeo. @davidhemphill people are paying for this product and a little customer service without being super vague or dismissive would be nice. I know with any products I sell, I am good at design and development and not customer service so I have people that have better "bed side manner" to handle it. Your product is great but lack of customer service or explanations/docs of how to use a fix is becoming a trend from what I have seen.

[clemblanco]

I have no idea what's going on here, I was just the messenger back then, simply reporting an issue.

I'm happy to do any follow up or help in whatever way but as far as I know, there is still no official way to contribute to Nova as it's not open source. Maybe there has been some documentation released in the meantime that I could have missed.

[alloyking]

@clemblanco I don't know if this is exactly what you need to solve the issue you are having. But I found that overriding the redirect in the logout() method in ⁨nova/⁩⁨src⁩/⁨Http⁩/⁨Controllers/LoginController.php accomplished what I needed. ⁩

[Ragash]

i also had the same problem and solved as @alloyking .

when you logout from nova, it will redirect to the base nova path (usually /nova) and then THIS will redirect you back to the login, setting the "intended" variable in session.

a more elegant one could be make that value part of the config, so consumer will do as they prefer

[salmanhijazi]

I solved this by modifying the NovaServiceProvider.php

protected function gate()
{
    Gate::define('viewNova', function ($user) {
        if($user->hasRole('admin')) {
            return true;
        } else {
            abort(redirect()->route('dashboard'));
        }
    });
}

[github-actions[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.