0

So I have a custom login flow in my laravel website. Ther users are located in an external data store that are accessible via an API. The flow is basically this. (minified)

public function login(Request $request) {
    $resultFromAPI = //call external API with email and password from $request
    if($resultFromAPI) {
        $user = User::find($resultFromAPI->user->user_id);
        if($user) { //user exists
             Auth::login($user);
             //dump( Auth::user() );
             return redirect('/');
        } else {
             $user = User::create([...]); //from $resultFromApi->user
             Auth::login($user);
             //dump( Auth::user() );
             return redirect('/');
        }
    }
}

If I try to login using user2@example.com, the dump will show that user's object. However, the second I'm redirected to /, Auth::user() will be user1@example.com My local db shows these two user records, but it's defaulting to the first user. I'm using the default logout function to logout and clear the sessions, and I've confirmed that Auth::user() is null when the logout function is called. I'm stuck.

EDIT: I tried Auth::attempt(...) instead of Auth::login(...), it didn't change anything

EDIT2: I started from scratch using a clean installation of laravel 5.4, rewrote the login part to this

if ($this->attemptLogin($request)) {
  $request->session()->regenerate();
  $this->clearLoginAttempts($request);

  return $this->sendLoginResponse($request);
}

instead of this

Auth::login($user);
return redirect('/')

Still same issue

Tarek Deeb
  • 168
  • 9
  • Did you not forgot some testing codes somewhere like `Auth::loginUsingId($user_id, true);` or something like that ?? – Maraboc Jul 21 '17 at 09:38
  • I traced the flow from calling `/login` to redirecting to `/`, including the middleware. (I'm using the `auth` middleware in the routes) I even searched the entire directory for `Auth::`, and got nothing out of the ordinary. – Tarek Deeb Jul 21 '17 at 10:10
  • Assuming the user with email `user2@example.com` have the id = 2, try to use `Auth::loginUsingId(2, true);` without calling your external api in the `login` method and then `return redirect('/');` to see if it will generate the same broblem !! – Maraboc Jul 21 '17 at 10:15
  • Still same problem. Redirects me with `user1@example.com`. I tried to echo the email (`Auth::user()->email`) and commented out the redirect function, and I got `user2@example.com`. – Tarek Deeb Jul 21 '17 at 10:23

1 Answers1

0

Finally solved the issue. My primary key was a custom uuid retrieved from my external api. I reverted the primary ley to be the default one ($table->increments('id'); and it worked.

I looked it up, turns out I could've done public $incrementing = false; insided my User model and it would've stopped Laravel from thinking it's an incrementing field, and that might've solved it, but I haven't tested that.

Tarek Deeb
  • 168
  • 9