Support the ongoing development of Laravel.io →
sloothword
posted 11 years ago
Authentication Requests

I am trying to secure my POST routes with an auth filter

routes.php:

Route::filter('loggedIn', function()
{
    if ( Auth::guest() )
    {
        return Redirect::guest('login');
    }
});

Route::post('firstroute', array('before' => 'loggedIn', 'uses' => 'ThingController@myPostMethod'));

Route::get('anotherroute', array('before' => 'loggedIn', 'uses' => 'ThingController@myGetMethod'));

I also use

return Redirect::intended('/')

in my UserController after successful login.

For the GET-Route "anotherroute" it is working as intended:

  • Guest user GETs "anotherroute"
  • User gets redirected to login page
  • User logs in
  • User gets redirected to "anotherroute" with GET

But for POST-Route "firstroute" it breaks:

  • Guest user POSTs to "firstroute"
  • User gets redirected to login page
  • User logs in
  • User gets redirected to "firstroute" (presumably with GET)
  • This results in error "NotFoundHttpException"

As a newcomer to Laravel i am not sure how to fix this:

Workaround 1
Forget Redirect::intended after the route filter catches a post-route and redirect to the page with the form again.

-> Problem: Bad User Experience. User has to fill form twice.

Workaround 2

  • Fake POST request in an accompanying GET-route:
Route::get('firstroute', array('before' => 'loggedIn', 'uses' => 'ThingController@myFakePostMethod'));
  • Save the Input in the route filter to Session
  • Restore Input from Session in ThingController@myFakePostMethod and call $this->myPostMethod()

-> Problem: Every POST-route needs an extra fake Route just for this; not very DRY

Workaround 3
Like 2, but uses the same Controller method for handling POST and GET input

-> Persisting after GET-Requests just does not feel right.

Workaround 4
Save the intended Controller action in route filter and call this directly after login with Controller::callAction or similar

-> Problem: I miss all the initialization Laravel does when handling Routes (more precise its done with the wrong route "login" instead the intended one). I have no idea whether i am missing something this way. Input? Session? "before"-"after"-Events/Hooks in Controller or somewhere else? File Upload Handling?

-> Problem: URL still shows "login"

How is this problem usually handled? I cannot believe i am the only one :-) but a search didn't gave any results. Maybe you can help me with search terms...

Last updated 3 years ago.
0
guesthouser
replied 11 years ago

I am also facing the exact same problem and google is not helping out :-(

return Redirect::intended('/');

always goes to to the getController however it should go to postController in my case.

@Sloothword Did you got any resolution for this problem?

Last updated 3 years ago.
0
erikeklund
replied 10 years ago

I have the very same problem

Imo, ideally the built in "intended" method should conserve the post data and re-post this on successful login. If that's not possible, I would prefer it going to the supplied argument (i e "/") rather than doing a GET to the intended URL.

Any of you figured out a solution to this yet?

Last updated 3 years ago.
0
iansirkit
replied 10 years ago

Laravel's Redirect uses the HTTP response redirect method. There is no redirect method with POST in HTTP hence it doesn't exist in Laravel.

You can build a method to capture the post data and then POST it after a user logs in, but you will have to do it with CURL, or something similar, you can't use an HTTP response code to redirect and POST, redirect is by nature a GET request.

Last updated 3 years ago.
0
sloothword
replied 10 years ago

Well in the end i used something similar to Workaround 3: My route filter persists not only the intended route but also the POST data. After redirect i get redirected (via GET) to the controller action, check for saved POST data and use this.

As i only needed that functionality in two special cases it was not worth it to implement some generic system. But i could swear i saw some tutorial online for extending the Laravel redirect/request system to also handle POST. Unfortunately i could not find it again.

@IanSirKit Yes, HTTP redirect only supports GET, but you could also just call the POST request without redirecting the browser via something like

$request = Request::create('api/items', 'POST', $params);
return Route::dispatch($request)->getContent();
Last updated 3 years ago.
0
zhuston
replied 10 years ago

I had this same desire to redirect back for POST requests. I wrote up here on stackoverflow how I did it.

http://stackoverflow.com/questions/18900193/auth-filter-redirecting-back-to-original-post-request-in-laravel/20712245#20712245

I am now working on adapting it for Laravel 5 as the same approach doesn't seem to be working.

0

Sign in to participate in this thread!

Eventy

Your banner here too?

Sloothword sloothword Joined 22 Apr 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy NativePHP
Fathom
Forge
Envoyer
Beyond Code
BairesDev
N-iX
Litslink

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) Bluesky Bluesky GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2025 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise