我在Laravel 5.2中进行了多次身份验证,一切正常。我能够验证管理员,重定向到仪表板并成功注销。但问题是,当用户未经过身份验证并且我将仪表板的路由放在网址中时,即使管理员未经过身份验证,也会打开信息中心。
我的管理模式
<?php
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
class System_admin extends Authenticatable
{
protected $guard="admins";
protected $table="system_admin";
protected $primaryKey="admin_id";
protected $fillable = [
'admin_name', 'admin_email', 'admin_password','city_id','admin_address','admin_mobile','admin_status'
];
public function getAuthPassword() {
return $this->admin_password;
}
}
我的config / auth.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
//for admin
'admins' => [
'driver' => 'session',
'provider' => 'admins',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
//for admin
'admins' => [
'driver' => 'eloquent',
'model' => App\Models\System_admin::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You may also set the name of the
| table that maintains all of the reset tokens for your application.
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'email' => 'auth.emails.password',
'table' => 'password_resets',
'expire' => 60,
],
'admins' => [
'provider' => 'admins',
'email' => 'auth.emails.password',
'table' => 'password_resets',
'expire' => 60,
],
],
];
我的中间件AdminAuth.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class AdminAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $guard = 'admins')
{
if (Auth::guard($guard)->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('/admin');
}
}
return $next($request);
}
}
应用程序/ kernel.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'admins' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'admins' => \App\Http\Middleware\AdminAuth::class,
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
}
LoginController.php
<?php
namespace App\Http\Controllers\admin;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use \Auth;
use Session;
class LoginController extends Controller
{
public function viewlogin()
{
return view('admin.login');
}
public function checklogin(Request $request)
{
$credentials=array('admin_email' => $request->input('email'),'password' => $request->input('password'));
if(Auth::guard('admins')->attempt($credentials))
return redirect()->intended('/admin/dashboard');
else
return redirect('/admin')->with('error','Invalid Username or Password');
}
public function logout()
{
Auth::guard('admins')->logout();
return redirect()->intended('/admin');
}
}
路线
Route::group(['middleware' => ['admins']], function ()
{
Route::get('/admin','Admin\LoginController@viewlogin');
Route::post('/admin/login','Admin\LoginController@checklogin');
Route::get('/admin/dashboard','Admin\AdminController@dashboard');
Route::get('/admin/logout','Admin\LoginController@logout');
Route::resource('/admin/movies','Admin\MovieController');
Route::resource('/admin/states','Admin\StateController');
Route::resource('/admin/cities','Admin\CityController');
Route::resource('/admin/tax','Admin\TaxController');
Route::resource('/admin/smsgateway','Admin\SmsgatewayController');
Route::resource('/admin/smtpgateway','Admin\SmtpgatewayController');
Route::resource('/admin/paymentgateway','Admin\PaymentgatewayController');
});
Route::group(['middleware' => ['web']], function () {
});
当我登录并打开仪表板时,我可以看到已登录管理员的凭据。
但是当我退出并再次访问仪表板时,它应该重定向到登录,但它不会重定向到登录页面。
请帮助我,因为stackoverflow上的任何问题都没有得到我正在寻找的答案。
答案 0 :(得分:0)
您是否添加了auth中间件等
Route::group(['middleware' => ['admins', 'auth']], function (){..}
由于这将检查用户等,同样在5.2内,您不再需要中间件web
,因为它会自动烘焙到系统中。
答案 1 :(得分:0)
经过这段代码的大量修改后,终于找到了我出错的地方。 问题是中间件没有调用,所以我想可能是它没有在内核中正确注册,所以我编辑了像
的内核文件我从中间件组中删除了管理员,并将所有中间件复制到这样的全局中间件
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'admins' => \App\Http\Middleware\AdminAuth::class,
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
}
完成这些更改后,我的重定向问题得以解决,并且工作正常,没有任何问题。