Ensure route security in Laravel 5 - check Auth first
For some reason I had a mind block and can't figure out which is probably a very simple fix.
I have a Laravel 5 application and I am using the Zizaco Entrust package for access control.
I want to protect the route, so I use route Protection in routes.php like this:
Entrust::routeNeedsRole('passtypes', array('admin'), null, false);
Works as expected except when the user session has expired or they are not logged in and try to access the route.
In this case, I want to first authenticate with Laravel and redirect to the login page; however Entrust first redirects a 403 error; which confuses the user who has the ability to view this page, but they reportedly don't have access, not that they are not logged in / the session has expired.
I am running authentication in the controller and not on the route:
public function __construct()
{
$this->middleware('auth');
}
So you just need to know how to get the same functionality, but by authenticating before requiring route resolution.
thank
source to share
It has been for a while, but I had a similar problem. The only difference is, my entire application must be protected. I ended up modifying the Authenticate Middleware descriptor method:
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
/**
* This is to protect the entire app, except login form,
* to avoid loop
*/
if($request->path() != 'auth/login')
return redirect()->guest('auth/login');
}
}
return $next($request);
}
And inside Kernel.php moved Authenticate from $ routeMiddleware to $ middleware
Then you can secure your routes with Entrust.
source to share