1

In the filters file I have the following:

Route::filter('auth', function()
{
    if (Auth::guest()) return Redirect::to('user/login');
});

These are the routes I have in my routes.php file:

Route::group(['before' => 'auth'], function ()
{
    Route::resource('section', 'SectionController');
    Route::resource('article', 'ArticleController');
});

Route::controller('user', 'UserController');

the UserController is where the action takes place. Inside the UserController this method handles the login form post which is standard Laravel blade template, no package in use:

Blade file:

    {{ Form::open(['url' => 'user/signin']) }}
{{ Form::token() }}
    <div class="form-group">
        <label>{{ trans('user.email') }}</label>
        <input type="email" name="email" value="" class="form-control">
    </div>

    <div class="form-group">
        <label>{{ trans('user.password') }}</label>
        <input type="password" name="password" value="" class="form-control">
    </div>

    <input type="submit" class="btn btn-primary" value="{{ trans('login') }}">
                {{ Form::close() }}

and this is the UserController post action:

public function postSignin()
{
    //
    if (Auth::attempt(['email' => Input::get('email'), 'password' => Input::get('password')]))
    {
        return Auth::user()->email;
    }
    else
    {
        return Redirect::to('user/login')->with('message', trans('login.failure'));
    }
}

and this is the migration file I use:

public function up()
{
    //
    Schema::create('users', function ($table) {
        $table->increments('id');
        $table->string('email', 16)->unique();
        $table->string('password', 255);
        $table->timestamps();
    });
}

But when I login, I get an exception:

Illuminate \ Session \ TokenMismatchException

thrown in the filters.php file:

Route::filter('csrf', function()
{
    if (Session::token() != Input::get('_token'))
    {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

What am I doing wrong? Does Auth::attempt Hash the password? it is Hashed in the Seeder I use to generate the root user. When I dump the Session::token() it's identical to my Form::token() but still, the TokenMismatchException is thrown within the filters.php file.

Update I disabled the csrf filter in order to be able to actually see the tokens. The two tokens Session::token() and Form::token() are identical before I submit the form, I checked this by looking at the HTML source code. When I submit the form and and dump the tokens using dd() inside my postSignin method the Session::token() has changed. It is no longer identical to the Session::token() seen in the HTML source code.

return array(
    'driver' => 'array',
);

Session config in local folder.

Improve this question
5
  • Please also post your blade file. If you use {{ Form::open() }} the csrf hidden field is automatically added, if you created the form by hand, it is not, unless you added it; but then we'd need to see how you formatted it. Commented Jan 11, 2014 at 8:03
  • @Luceos the blade file has been added. Standard blade template, csrf is automatically set. Commented Jan 11, 2014 at 8:18
  • oh i get it; this error is cause by "vanilla" laravel? Commented Jan 11, 2014 at 9:25
  • are you using APC (see: stackoverflow.com/questions/20129864/…) Commented Jan 11, 2014 at 9:44
  • yup, vanilla laravel. I am not using APC. I haven't changed anything in the settings except the local/database.php as described in the documentation. Commented Jan 11, 2014 at 9:57

2 Answers 2

Reset to default
1

FYI - this is not an auth issue - it has nothing to do with login authentication.

This relates to a CSRF token, due to the form submission. Somewhere in your code, you must be calling the CSRF filter.

Adding this to your form should solve the problem:

{{ Form::open(['url' => 'user/signin']) }}
    {{ Form::token() }}

    ....  /// rest of form stuff here 

{{ Form::close() }}

edit: make sure your session configuration is also correct. If it is set to 'array' it will not work. It should be 'file' or some other option.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I added this to the login form, still the same exception is being thrown TokenMismatchException. Checking the source code of the page I get 2 identical tokens when I add Form::token() - it's already present, added by Laravel.
There's some problem with your session? What is your session config?
the session was set to array, no wonder it wasn't identical across requests, it wasn't persistent.
please update the answer to contain the configuration issue, in case other people get to this page.. Or answer it yourself.
0

After more fiddling around I realized the solution was to hash the password. In Laravel 4.1 passwords have to be hashed in order for Auth to work.

Adding a hash to the password in the DB seeder, I can log in

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.