Closed BnodpriA closed 3 weeks ago
It's on the code.
vendor\devdojo\auth\src\AuthServiceProvider.php
public function boot(): void { Route::middlewareGroup('two-factor-challenged', [TwoFactorChallenged::class]); Route::middlewareGroup('two-factor-enabled', [TwoFactorEnabled::class]); Route::middlewareGroup('view-auth-setup', [ViewAuthSetup::class]); ...
vendor\devdojo\auth\src\Http\Middleware\ViewAuthSetup.php
public function handle($request, Closure $next) { if (! app()->isLocal() && ! Gate::allows('viewAuthSetup')) { return redirect('auth/login'); } if (app()->isLocal() || Gate::allows('viewAuthSetup')) { return $next($request); } abort(403); }
Meaning, only when you are local you can access it.
@RudyAnconi thanks a lot.
Thanks @RudyAnconi
Yep, it will be accessible if your .env
APP_ENV
is set to local
. You can enable authorization on production
by defining a gate, explained here: https://devdojo.com/auth/docs/setup-customizations/#authorization
Hello guys, first of all, huge applause to the creator of this package. I loved it. However, I was not able to figure out the way to protect
/auth/setup
since I didn't find its route declaration. I wanted to add middleware so that only authenticated admin users have access to this route or any feature that can disable this page during production.