Using a custom middleware redirects me to /home, even if middleware is empty in Laravel

Question

I'm pretty out of any ideas right now.

The case is: I have a route for an API-endpoint (working fine, responding JSON etc.).

If I now apply the built-in 'auth' middleware to the route, I'm redirected ALWAYS to the /home route. Looks like I'm doing sth. wrong with the auth? I think wrong, because:

This curious redirect also kicks in, if I don't use 'auth' but a custom middleware, that contains NOTHING but

public function handle($request, Closure $next)
{
    print "WTF";
    throw new AuthenticationException('Unauthenticated.');
}

[the print and the Exception are never thrown! I'm landing again without errors at /home.]

Not all middleware is producing this error: For example, 'auth.basic' and 'web' are just working fine with this route.

I also applied 'web' and my own middleware both to the route according to some results I found, that said that using 'web' solved similar problems for them, but guess what, nothing changed.

TL:DR: If I use my own middleware or 'auth' I'm getting redirected, BEFORE the middleware itself is executed.

Update: After fiddling around with the code and the great tipp from mnies, I found this very curious Bug:

If I just uncomment AuthenticationException, suddenly my code is working as intended. It may be that loading the Exception-Class calls RedirectIfAuthenticated Middleware?! - which is definitely called!

The easy solution is now, using a different Exception for my custom middleware, but the Problem is that the default 'auth'-MW is also using this Exception and so causing the same Bug.

Remember: I am not using other middleware than just this own one, the bug seems really loading the Exception, like WTF?

So I still need help why this is happening!

Bug: using

throw new AuthenticationException('Unauthenticated.', []);

causes 'guest'-MW (RedirectIfAuthenticated) being called instead of intended MW-stack! (nothing of the original MW-stack is being executed, no matter the order.

Update 2: It seems that RedirectIfAuthenticated is thrown only because I got redirected before to the /login route (and from there as described to /home through it), but that doesn't change the issue that this random redirect occurs.

[I'm trying atm to reproduce this Bug in a fresh installation]

Update 3: I was not able to reproduce the bug in a fresh installation with Laravel 5.4.19.... Trying to compare both installations now. D:

Using Laravel 5.3.30.

Some of my code for context:

Route:

Route::get('/admin/user/get', ['middleware' => ['simpleauth', 'web'], 'uses' => 'UserEditAdmin\Controllers\Controller@get']);

Custom middleware:

class SimpleAuth
{

    public function __construct(){}

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     * @throws AuthenticationException
     */
    public function handle($request, Closure $next)
    {
        print "WTF";
        throw new AuthenticationException('Unauthenticated.');
    }
}

'web' from Kernel.php:

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,

     \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

It would be great if you could put a minimal example of this problem on Github. — mniess, Apr 27 '17 at 17:24

mniess · Answer 1 · 2017-05-04T09:19:19.387

1

Have a look at your \App\Http\Kernel.php. It looks like you're always calling the \App\Http\Middleware\RedirectIfAuthenticated middleware (aliased to guest). It you want to debug, you could just throw an exception in that middleware to get a stacktrace of what is called when.

edited May 04 '17 at 09:19

answered Apr 27 '17 at 11:35

mniess

927
11
18

This really seems to be the Issue, Exception from RedirectIfAuthentificated is thrown - but i didn't append it to the route... ? I'm going searching now, but thanks a lot :) - I added my 'web' from Kernel.php above, I'm never calling the RedirectIfAuthentificated... – Benjamin Möckl Apr 27 '17 at 11:41
The stacktrace should tell you more. My guess would be that you define `guest` somewhere, e.g. in your controller. – mniess Apr 27 '17 at 17:19
There is sadly no stacktrace. No Errors thrown anywhere. You can try yourself, the AuthenticatedException is internally caught by laravel, and the redirect is the result (obviosly not the intended one)... if i would now where this is written down, i may search there - tomorrow i guess... But I know for sure: guest is never defined there anywhere! I searched about 5 hours today on this problem ^^ [btw. thy for your ideas] – Benjamin Möckl Apr 27 '17 at 23:33
1

@BenjaminMöckl sorry, I was wrong in my original answer. I wrote "throw an exception in the **route**" but meant to say **middleware**. Just open the RedirectIfAuthenticated middleware and just before the redirect to /home happens, throw your own exception. You will see the whole stacktrace unless your app is in production mode. – mniess May 04 '17 at 09:21
Somehow i got it working now, it was kinda bunch of little settings together producing this behavior - now working fine :) and thy for your help ^^ – Benjamin Möckl May 08 '17 at 12:56

Using a custom middleware redirects me to /home, even if middleware is empty in Laravel

1 Answers1