I want to set up two login paths,
Laravel 5 provides auth middleware for authentication. The middleware also provides default views for login, password reset, etc, which I'm planning use as-is, functionally.
!: What changes are needed in routes.php and in Controllers to manage these two logins?
!!: How do I manage their redirects (one to admin panel, other back to homepage)? (presently auth redirects to 'home' view by default)
Edit: I know how to prevent unauthorized access, however I'm talking about a setup where I can manage both accesses separately.
One way is to bind same controller to different paths if the user pool is actually the same.
You can decide where to redirect based on logged in user type in the RedirectIfAuthenticated Middleware.
You could check on your controller if the user is admin or user and present him the correct view, but do you really need a login page different for your users and admins? Do you really need a recover password different for both? If not then you can use the AuthController for both of them, if so then why don't you create two controllers that extend AuthController?
For me the best solution and to keep things clean and separated why don't you extend or even modify RedfirectIfAuthenticated
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\RedirectResponse;
use User;
class RedirectIfAuthenticated {
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->check())
{
//we have a logged user check if it's admin
if($this->auth->user()->admin){
return new RedirectResponse(url('/admin'));
}else{
return new RedirectResponse(url('/user'));
}
}
return $next($request);
}
}
You could also create a middleware to protect your admin routes:
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class VerifyAdmin {
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$this->auth->user()->admin)
{
if ($request->ajax())
{
return response('Unauthorized.', 401);
}
else
{
//redirect user or guest to home page or something like that
}
}
return $next($request);
}
}
register your middleware:
// Within App\Http\Kernel Class...
protected $routeMiddleware = [
'auth' => 'App\Http\Middleware\Authenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
'auth.admin' => 'App\Http\Middleware\VerifyAdmin',
];
On your routes:
Route::group(['prefix' => 'admin', 'middleware' => 'auth.admin'], function()
{
Route::resource('profile','API\ProfileController');
});
Admin and Users in the same laravel app is a bad idea simply because the app will share the same session and storage information. There will be a myriad of egde cases that will cause information to bleed through any logic "walls" you set up and you'll end up spending way too much time patching those bleeds. What you really want to do is set up separate laravel applications for each: admin.project.com & project.com. That way you get two separate sessions and storage. All you need to do is ensure that the databases you need are setup in both database.php config files. You can even host BOTH projects on the same server with separate deployments, listening to different ports. TRUST ME this is the best way to go.
