search

laravel / pulse

Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application.
https://pulse.laravel.com
MIT License
1.42k stars 164 forks source link

Laravel pulse does not work with specific guard different than the default guard #311

Closed CostiNec closed 7 months ago

CostiNec commented 7 months ago

Pulse Version

1.0@beta

Laravel Version

10.0

PHP Version

8.1.20

Livewire Version

3.0.2

Database Driver & Version

mysql Ver 8.0.36-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu))

Description

I have a different guard for my admins. My guard is not the default guard.

`'defaults' => [ 'guard' => 'web', 'passwords' => 'users', ],

/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session"
|
*/

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'admins' => [
        'driver' => 'session',
        'provider' => 'admins',
    ],
],`

My guard is using a custom model named AdminUser instead of User. If I set up in AuthServiceProvider:

`Gate::define('viewPulse', function () {
        return true;
    });`

I receive 403 no matter what because I have a different guard for my admins and laravel pulse does not see that I'm logged in.

Also I use laravel nova for my admins.

I think the solution is to make the guard used for laravel pulse configurable in config/pulse.php

Steps To Reproduce

  1. Create a new guard: 'admins' => [ 'driver' => 'session', 'provider' => 'admins', ],

  2. Create a new provider for your guard: 'admins' => [ 'driver' => 'eloquent', 'model' => App\Models\AdminUser::class, ],

  3. Install laravel nova and change the default guard.

  4. Log in into nova as admin

  5. Add in AuthServiceProvider: Gate::define('viewPulse', function () { return true; });

  6. Try to access laravel pulse. You will receive 403

driesvints commented 7 months ago

Hey there,

Can you first please try one of the support channels below? If you can actually identify this as a bug, feel free to open up a new issue with a link to the original one and we'll gladly help you out.

Thanks!

timacdonald commented 7 months ago

@CostiNec, in the docs we reference the ResolvesUsers contract which you may implement if you have multiple guards or a more complex user configuration.

gcjbr commented 7 months ago

That also happens for me.

I'll take some time to try to figure it out.

sahapranta commented 7 months ago

@gcjbr @CostiNec 

<?php

namespace App\Services;

use Closure;
use Illuminate\Contracts\Auth\Access\Gate;
use Illuminate\Http\Request;

class AuthorizePulse
{   
    public function handle(Request $request, Closure $next): mixed
    {
        // $this->gate->authorize('viewPulse');

        abort_unless(auth('admin')->check(), 404, 'Access denied');

        if ($this->gate->forUser(auth('admin')->user())->allows('viewPulse')) {            
            return $next($request);
        }

        abort(404, 'Access denied');
    }
}

Then in the config/pulse.php

'middleware' => [
  'web',
   AuthorizePulse::class, // add this class
],