Back

Failing login after update from 5.3 to 5.4 with status 302


Martin Pavlov posted 5 months ago

Hi,

i have a pretty normal installation of a Laravel framework app, that uses the native Auth User middleware for authentication of users. My problem is, that after posting to login(...) the app redirects to /home and /home redirects with 302 to login again.

With Laravel 5.3 the authentication did work fine, but after the upgrade something seems broken. Here is my composer.json

"require": {
    "php": ">=7.2",
    "laravel/framework": "5.4.*",
    "doctrine/dbal": "^2.5",
    "guzzlehttp/guzzle": "^6.2",
    "ramsey/uuid": "^3.5",
    "laravelcollective/html": "^5.4",
    "hieu-le/active": "^3.3",
    "barryvdh/laravel-debugbar": "^2.2",
    "laracasts/flash": "^2.0",
    "kalnoy/nestedset": "^4.1",
    "barryvdh/laravel-ide-helper": "^2.2",
    "aws/aws-sdk-php": "^3.0",
    "spatie/laravel-fractal": "^3.3.0",
    "sofa/eloquence": "5.4",
    "laravel/passport": "4.0.0",
    "league/oauth2-server": "6.0",
    "league/flysystem-aws-s3-v3": "^1.0",
    "symfony/yaml": "^3.1",
    "dusterio/laravel-plain-sqs": "^0.1.7",
    "aws/aws-sdk-php-laravel": "^3.1",
    "unisharp/laravel-ckeditor": "^4.6",
    "unisharp/laravel-filemanager": "^1.7",
    "jms/serializer": "^1.5",
    "kyslik/column-sortable": "5.4.0",
    "mpociot/laravel-apidoc-generator": "^2.0",
    "paulvl/backup": "^3.0",
    "laravel/tinker": "^1.0"
  }

The Kernel.php

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * These middleware are run during every request to your application.
     *
     * @var array
     */
    protected $middleware = [
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    ];

    /**
     * The application's route middleware groups.
     *
     * @var array
     */
    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
            \App\Http\Middleware\DisallowRegistrationIfUsersExist::class,
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
            \App\Http\Middleware\Permissions::class,
        ],

        'api' => [
            // 'throttle:600,1',
            'bindings',
            'client_credentials_auth',
            // 'auth:api', /pwd
            /// not working together with client_credentials_auth
        ],
    ];

    /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'client_credentials_auth' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,
        'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
        'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
        'roles' => \App\Http\Middleware\Roles::class,
        'permissions' => \App\Http\Middleware\Permissions::class,
    ];
}

RedirectIfAuthentitcated.php

class RedirectIfAuthenticated
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string|null  $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        if (Auth::guard($guard)->check()) {
            return redirect('/home');
        }

        return $next($request);
    }
}

And part of the routing file web.php

Route::get('/', function () {
    if (\App\Model\User::count()) {
        return redirect('/login');
    }

    return view('welcome');
})->middleware(['guest']);

Route::get('/unhashtagparasaberlarutaserver', function () {
    dd(config('app'));
});

Auth::routes();
Route::group(['middleware' => 'roles:superadmin|editor|supervisor'], function (){

    // Home
    Route::get('home', '[email protected]');


});

I really hope that someone has a clue :)

Nick Dijkstra replied 5 months ago

Isn't it because of your roles middleware?

Martin Pavlov replied 5 months ago

I tried without it. It still does not work. After HTTP 200 to /login I get redirected to /home with 302 and then back to /login.

totally strange problem!


Sign in to participate in this thread!



We'd like to thank these amazing companies for supporting us