0

I'm in the process of upgrading our web app from laravel 4.2 to laravel 5.2. I've managed to solve most of the problems but this particular problem is leading me in loops.

This is how the route group for admin dashboard looks like:

Route::group(['middleware' => 'web','prefix' => 'adm'], function ()
{
      Route::get('login', ['as' => 'admin.login.view', 'uses' => 'AdminLoginController@loginView']);
      Route::post('login', ['as' => 'admin.login.attempt', 'uses' => 'AdminLoginController@attempt']);
      Route::get('logout', ['as' => 'admin.logout', 'uses' => 'AdminLoginController@logout']);

 ...other routes pertaining to admin dashboard
}

The login functions and all functions within the admin panel work as expected. The only problem is when the user logs out, any one can access the remaining routes in the admin panel (no login required). I have placed Auth::check() and checked for auth in various controllers, the login and logout work as expected.

Auth::check() fails if user is not logged in and passes if user has logged in. How do I make sure all the routes within this group are accessible only to logged in users. I have tried creating another middleware called authAdmin and tried to use that instead of the web middleware. In that case I can't even login.

Improve this question
4
  • Do you maintain two sessions? Like normal user and admin user? Commented Feb 2, 2017 at 3:57
  • Currently I don't do that. But ideally I would like to maintain 2 sessions for normal and admin users. Commented Feb 2, 2017 at 4:01
  • 1
    Your issue even after user session has expired, you are able to access page that should be accessed only when a person is logged in? Then I think the problem lies with how you are handling "auth" route. You are calling it on controller or on route group? Commented Feb 2, 2017 at 4:05
  • Actually I just figured out the problem. I was not calling the "auth" route anywhere. So basically I fixed the problem using 2 middlewares. One web middleware for the login routes and all other routes in a custom auth middleware called authAdmin. Commented Feb 2, 2017 at 4:10

1 Answer 1

Reset to default
1

I create new middleware for login and in the page look like this

namespace App\Http\Middleware;

use Closure;
class Login
{
    public function handle($request, Closure $next)
    {
        $messages = config('message');

        if ($request->session()->has('userId')) {
            return $next($request);
        }

        return redirect('/')->withErrors("Please login first");
    }
}

In Kenel.php register Login class

protected $routeMiddleware = [
    'login'      => \App\Http\Middleware\Login::class,
     ...

In route file

Route::group(['middleware' => ['web'],'prefix' => 'adm'], function () {

    Route::get('login', ['as' => 'admin.login.view', 'uses' => 'AdminLoginController@loginView']);
    Route::post('login', ['as' => 'admin.login.attempt', 'uses' => 'AdminLoginController@attempt']);
    Route::get('logout', ['as' => 'admin.logout', 'uses' => 'AdminLoginController@logout']);

    Route::group(['middleware' => 'login'], function () {
         [Your other route here]
    });
)};

Hope this help

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, already figured it out. I'll accept your answer as it's correct!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.