Reputation: 181
laravel 5.4, adding second authentication (admin panel)
i want to create a second authentication in laravel 5.4 for an administration page.
First of all let me describe my problem: I have a functionable user login (default laravel auth) via 'web'-guard. Now i want to create a second authentication for the admin panel. I have another table which is storing the name, a token (which is something like a password) and an authority level.
The second/separate table is a dependency given by the system the page is developed for so i can't change that.
I have the login page for the administration panel but when i try to authenticate i get redirected back to the login everytime.
I already googled the whole thing and came across some good examples:
https://jamesmcfadden.co.uk/custom-authentication-in-laravel-with-guards-and-user-service-providers
- other links are in the controller paste on pastebin (link down below)
But i wasn't able to figure it out.
Here's what i did already:
Added a second guard named 'admin' in config/auth.php
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'admin' => [ 'driver' => 'session', 'provider' => 'admin', ] ], 'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\User::class, ], 'admin' => [ 'driver' => 'eloquent', 'model' => App\Admin::class, ] ],Added the needed model
namespace App; use Illuminate\Notifications\Notifiable; use Illuminate\Foundation\Auth\User as Authenticatable; class Admin extends Authenticatable { use Notifiable; protected $fillable = [ 'mID', 'mAccount', 'mName', 'mServerIP', 'mAuthority', 'mToken' ]; protected $hidden = [ 'mContactIP', 'mToken' ]; protected $table = 'administration'; protected $connection = 'common'; public $timestamps = false; public function getAuthIdentifierName() { return 'mAccount'; } }Added necessary routes in routes/web.php
Route::group(['prefix' => 'admin'], function () { Route::get('/login','Auth\ElevationController@showLoginForm')->middleware('web'); Route::post('/login','Auth\ElevationController@elevate'); Route::get('/logout','Auth\ElevationController@demote'); Route::get('/', function (){return redirect('admin/dashboard');}); Route::get('/dashboard', 'AdminController@index'); });Added a new middleware under app/Http/Middleware named 'RedirectIfElevated' via the command 'php artisan make:middleware'
public function handle($request, Closure $next, $guard = 'admin') { if (!Auth::guard($guard)->check()) { if(!Auth::guard('web')->check()) { return redirect('/'); } return redirect('/admin/login'); } return $next($request); }and in Kernel.php
protected $routeMiddleware = [ . . . 'admin' => \WarShape\Http\Middleware\RedirectIfElevated::class, ];finally i created my Controller: https://pastebin.com/s6iJgFAB
and created the view
@extends('layouts.app') @section('content') <div class="container"> <div class="row"> <div class="col-md-8 col-md-offset-2"> <div class="panel panel-default"> <div class="panel-heading">Elevation</div> <div class="panel-body"> <form class="form-horizontal" role="form" method="POST" action="{{ url('/admin/login') }}"> {{ csrf_field() }} <div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}"> <label for="mToken" class="col-md-4 control-label">Token</label> <div class="col-md-6"> <input id="mToken" type="password" class="form-control" name="mToken" required> @if ($errors->has('password')) <span class="help-block"> <strong>{{ $errors->first('password') }}</strong> </span> @endif </div> </div> <div class="form-group{{ $errors->has('g-recaptcha-response') ? ' has-error' : '' }}"> <label for="recaptcha" class="col-md-4 control-label">Solve Captcha <br> & Elevate!</label> <div class="col-md-6"> {!! app('captcha')->display($attributes = [], $lang = app()->getLocale()) !!} @if ($errors->has('g-recaptcha-response')) <span class="help-block"> <strong>{{ $errors->first('g-recaptcha-response') }}</strong> </span> @endif </div> </div> <input type="hidden" name="mAccount" value="{{ Auth::guard('web')->user()->login }}"> <div class="form-group"> <div class="col-md-8 col-md-offset-4"> <button type="submit" class="btn btn-primary"> Elevate </button> </div> </div> </form> </div> </div> </div> </div> </div> @endsection
So the question i need an answer to is:
- Where did i miss something? Where did i mess up?
I hope you can help me with this & thanks for your help!
Upvotes: 0
Views: 2333
Answers (2)
Reputation: 181
I fixed that with the following custom login method:
public function elevate(Request $request)
{
// login
$this->validateLogin($request);
$admin = Admin::where('mAccount', '=', Auth::guard('web')->user()->login)
->where('mToken', '=', $request->input('mToken'))->first();
if($admin){
Auth::guard('admin')->login($admin);
return redirect('/admin/dashboard');
}
else{
throw new \ErrorException('Elevation failed!');
}
}
protected function validateLogin(Request $request)
{
$this->validate($request, [
'mToken' => 'required|string|min:8',
'g-recaptcha-response' => 'required|captcha'
]);
}
Upvotes: 1
Reputation: 1230
I'm sorry if I doesn't answer your question, but can't you add a simple column in your user table, like is_admin and authorize only users where is_admin = 1 to access the administration panel with a middleware, instead of login twice?
Upvotes: 1
Related Questions
- Laravel 6 Multiple Authentications (Login Forms)
- how to create multiple login authentication?
- Multiple auth for laravel
- Laravel 5.1 multiple authentication
- Multiple Authentication in Laravel 5.3
- Laravel 5.3 using multiple authentication (e.g admin, customer)
- Laravel 5 multiple authentication
- Multiple Authentication in Laravel 5
- Laravel 5 Admin Panel Authentication
- Authentication from admin panel in Laravel 4