1

pretty much the title sums it up. I have a laravel application which I develop on my laptop & also test when it is running on 127.0.0.1/8000 - I just added middleware for different users (Admin, Employee & Portal user)

When not logged in and trying to access the admin route (127.0.0.1/8000/admin/reporting) I successfully get denied and redirected to the home page. Now I pushed it to GitHub & pulled on the ubuntu VM, the changes are present which I double checked.

But when I access the URL of the server I can still access all pages without being authenticated.

Had anyone of you a similar problem? I am not sure what code I should provide, so just let me know and I will add it to the post.

Thanks

Edit: middleware code

protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        'admin' => \App\Http\Middleware\AdminMiddleware::class,
        'employee' => \App\Http\Middleware\EmployeeMiddleware::class,
        'portal' => \App\Http\Middleware\PortalMiddleware::class,
    ];

Admin Middleware:

 public function handle(Request $request, Closure $next)
    {
       if (!Auth::user() || Auth::user()->abteilung_name != 'Geschäftsführung') {
           return redirect('/')->with('redirect_error', 'Auf diese Seite haben Sie keinen Zugriff');
       }
        return $next($request);
    }

Employee Middleware:

 public function handle(Request $request, Closure $next)
    {
        if (!Auth::user() || !auth()->user()) {
            return redirect('/')->with('redirect_error', 'Auf diese Seite haben Sie keinen Zugriff');
        }
        return $next($request);
    }

Portal middleware:

public function handle(Request $request, Closure $next)
    {

        if (!Auth::user() || !Auth::guard('portal')->user()) {
            return redirect('/')->with('redirect_error', 'Auf diese Seite haben Sie keinen Zugriff');
        }
        return $next($request);
    }

Here is an example route, all others look pretty much the same - just the middleware at the end differs depending on the route.

Route::get('/admin/reporting', [AdminController::class, 'getReportingView'])->name('reporting')->middleware('admin');
Frevelman
  • 338
  • 3
  • 11
  • you could provide the middleware ... are you sure you are not currently authenticated? – lagbox Jan 17 '22 at 15:34
  • @lagbox will do, give me a second. I was authenticated, I logged out, deleted cookies, closed browser but it still worked – Frevelman Jan 17 '22 at 15:35
  • 1
    this is the same user being checked in all these middleware `Auth::user()` is the same guard in each .. `!Auth::user() || !auth()->user()` that is the same being checked twice – lagbox Jan 17 '22 at 15:38
  • 1
    @lagbox yeah it checks if someone is authenticated, if not redirect to homepage. Admin & employee are saved in the same table, the only difference is the department they work for. that's the `abteilung_name` – Frevelman Jan 17 '22 at 15:40
  • Ah just saw it, ye u r right. but it is just too much code, the functionality per se works on my laptop as intended, but on the server it doesn't work at all – Frevelman Jan 17 '22 at 15:41
  • the only way to get through that Admin middleware is if the user is authenticated and they have a field matching that value (including juggling the values) ... so not sure what to tell you – lagbox Jan 17 '22 at 15:44
  • @lagbox correct. it is so confusing, when being on localhost it works perfectly, but on the server it is like it just doesn't exist. Very weird – Frevelman Jan 17 '22 at 15:45
  • did you cache your routes on the server before you added the middleware to the routes? recache your routes `php artisan route:cache` (should be part of your deployment process) – lagbox Jan 17 '22 at 15:46
  • 2
    omg. I used this command million times already, but I didn't think about it now. Now it works, thanks a lot!!!!! :D yippie. Do you want to add it as answer? so I can accept it – Frevelman Jan 17 '22 at 15:49

1 Answers1

2

It would seem your routes are cached. Since this is on your server (host) you should recache the routes:

php artisan route:cache

You should make this part of your deployment process as well as recaching the configuration (php artisan config:cache), running composer install, running migrations (php artisan migrate), etc.

If this isn't really a live site and you are still in development you could also not cache the routes at all, then you wouldn't need to be recaching them every time you make changes to your routes. You could clear the cache with php artisan route:clear. This is how you would run locally, without the routes cached. Just make sure when you are deploying your live site that caching the routes is part of your process.

lagbox
  • 48,571
  • 8
  • 72
  • 83