Support the ongoing development of Laravel.io →
Authentication Security
Last updated 2 years ago.
0

Show us your routes file. Also is your Auth::attempt() called ? Check it by dd() before the call.

Last updated 2 years ago.
0

Looks like it is called, testing with dd() shows it is, and returning true, even in the if ($auth) { dd($auth).... The routes sections are:


Route::group(array('before' => 'guest'), function() {

		Route::post('/account/login', array(
			'as' => 'account-login',
			'uses' => 'AccountController@postLogin'
		));

});

Route::group(array('before' => 'auth'), function() {

	Route::group(array('before' => 'csrf'), function() {

		Route::post('/account/change-password', array(
			'as' => 'account-change-password',
			'uses' => 'AccountController@postChangePassword'
		));

       });

});

The /account/change-password is the intended URL in my testing.

Last updated 2 years ago.
0

Don't get it, as far as I understand the snippet with Auth::attempt() is for postLogin method. Then you want to redirect to account/change-password ? The main problem here is that you are redirecting user to intended route and fallback to /. But since your account-change-password route is POST then you can't really redirect to it(you can only redirect to GET routes, just like the anchors work). Quick note, you don't have to add a / before url.

Last updated 2 years ago.
0

Oops, I forgot to include the get:

	Route::get('/account/change-password', array(
		'as' => 'account-change-password',
		'uses' => 'AccountController@getChangePassword'
	));

So, the get is also on the Route::group(array('before' => 'auth'), ... route group, and my expectation is that the Auth::attempt will load the login page and then the Redirect::intended('/'); will load the intended URL, but this is not happening.

Last updated 2 years ago.
0

Noob mistake....

if ($auth) {
                Redirect::intended('/');
            } else {
                return Redirect::route('account-login');                
            }

Should be:

if ($auth) {
                return Redirect::intended('/');
            } else {
                return Redirect::route('account-login');                
            }

Missed the return...

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

mikebirduk mikebirduk Joined 24 Nov 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.