CODEWITHSUNDEEP
laravelmiddleware
TJ Sherrill
TJ Sherrill

Reputation: 2645

How to keep two Laravel middleware from creating endless redirects?

I have two middleware that are not route middleware. They are specifically to make sure that two things are in place for logged in users. Payments and documents signed.

My kernel.php:

    protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',
    'App\Http\Middleware\VerifyCsrfToken',
    'App\Http\Middleware\AuthenticateSigned',
    'App\Http\Middleware\FeesOwed',
    'App\Http\Middleware\DeniedAccess'
];

The ones that are creating this issue are AuthenticateSigned and FeesOwed

The first AuthenticateSigned:

public function handle($request, Closure $next)
{
    if ($this->auth->guest())
    {
        if ($request->ajax()){
            return response('Unauthorized.', 401);
        } else {
            return redirect()->guest('login');
        }

    } else if(!$this->auth->user()->role->administrator){ // the users not an admin

        if(!$this->auth->user()->agreement_id || $this->auth->user()->signed_current_membership_agmt == 0 ){
            if ($request->ajax()){
                return response('Unauthorized.', 401);
            } else {
                return redirect()->route('agreement');
            }
        }

        return $next($request);

    } 

    return $next($request);

}

then my FeesOwed:

public function handle($request, Closure $next)
{

    $uri = $request->server()['REQUEST_URI'];

    if($this->auth->user() 
        && $this->auth->user()->role_id != 3
        && $this->auth->user()->unpaidFees() // Does the user have past due fees
        && $uri != '/profile/investment-fees' // view of form to pay fees
        && $uri != '/profile/charge-investment-fees' // post request to pay fees
        && $uri != '/profile/pay-payment'

        && $uri != '/logout'
        //&& !$this->auth->user()->role->administrator // admins shouldn't be subject to this
        ){
        \Session::flash('message','You must pay past due management fees before using the rest of the members platform.');

        return redirect()->route('profile.investment-fees');
    } 

    return $next($request);
}

I have read a ton of SO posts and laracasts and all of the notes are either "your missing a return $next($request);" or they are route middleware.

These middleware run all the time because there are times when its important for a user to know that they need to sign a new agreement or pay fees.

Any help is greatly appreciated. Thanks

Upvotes: 4

Views: 103

Answers (1)

Camilo
Camilo

Reputation: 7184

When a guest user tries to access /login, the AuthenticateSigned middleware will redirect it to /login, causing an infinite redirect loop.

Avoid redirecting when the requested URL is the same as the one you are trying to redirect to.

Upvotes: 4

Related Questions