Why laravel 6 auth returns false after redirecting by using custom guard?

Question

I am trying to make auth through laravel package using admins table. In the project directory I added admin guard into config/auth.php

'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\User::class,
        ],

        'admins' => [
            'driver' => 'eloquent',
            'model' => App\Admin::class,
        ],

        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],

And in the guard array

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'token',
        'provider' => 'users',
        'hash' => false,
    ],

    'admin' => [
        'driver' => 'session',
        'provider' => 'admins',
    ],
    ],

Following is my login controller inside pacakge

class LoginController extends Controller
{

   use AuthenticatesUsers;
   protected $redirectTo = '/admin/dashboard';
   protected function redirectTo()
   {
         return '/admin/dashboard';
   }

   public function __construct()
   {
       $this->middleware('guest')->except('logout');
   }
   public function login(Request $request)
   {   
       if(Auth::guard('admin')->attempt($request->only('email','password'), true)){
           return redirect()
               ->intended(route('dashboard'))
               ->with('status','You are Logged in as Admin!');
       }
   }

}

and following is my dashboard controller

class DashboardController extends Controller
{
    public function __construct()
    {
        /* dd(Auth::check()); */ //return false : just want to show you

          $this->middleware('auth:admin');
    }

    public function index()
    {
        return view('xyz::dashboard');
    }

}

And in my Admin.php Model following script is there

namespace App;

class Admin extends \ABC\xyz\App\Models\Admin
{

}

Which is extending package model

namespace ABC\xyz\App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Foundation\Auth\User as Authenticatable;
class Admin extends Authenticatable
{

    protected $table = 'admins';
}

And below are the routes from my package

    $namespace = 'ABC\Xyz\App\Http\Controllers';
    Route::group([    
    'namespace' => $namespace,
    'middleware' => ['web'], 
    'prefix' => 'admin'
], function () {
    Route::get('login', function(){
        return view('xyz::auth.login');
    })->name('login');

    Route::post('/login', 'Auth\LoginController@login')->name('customLogin');
});

Route::group(['namespace' => $namespace,'prefix' => 'admin',  'middleware' => ['auth']  ], function () {
    Route::get('dashboard', 'DashboardController@index')->name('dashboard');
});

When I try to login, after submitting valid details it does not redirecting me to dashboard, nothing happening. Also when I try for open forcefully /dashboard it take me to login page.

Also right after login attempt when I try Auth::check() it's returns true but same thing returning false in dashboardController.php construct function. In the same way Auth::guard('admin')->user() returns user's info while on dashboardController.php it's returns null.

Strange Result of php artisan route:list

As you can see in DashboardController.php construct I added $this->middleware('auth:admin');

So when I try to add dd(Auth::guard('admin')->user()) and then check in terminal php artisan route:list it returns null and sometime false, any idea why it is happening?

I don't know what and where I am missing something.

I would like to request you kindly guide me about it. I would appreciate.

Thank you

Answer 1

Please note that the Auth::check doesn't work on construct. this is because the middleware hasn't run yet, so Auth::check() should return false or null when you try to check in construct.

In your login controller, why are you using two redirectto?

   protected $redirectTo = '/admin/dashboard';
   protected function redirectTo()
   {
     return '/admin/dashboard';
   }

it is better to stick with one :-)

inside your Admin.php , add this:

protected $guard = 'admin';

for your web.php routes, replace

Route::group(['namespace' => $namespace,'prefix' => 'admin',  'middleware' => ['auth']  ], function () {
Route::get('dashboard', 'DashboardController@index')->name('dashboard');
});

with

Route::group(['namespace' => $namespace,'prefix' => 'admin',  'middleware' => ['auth:admin']  ], function () {
Route::get('dashboard', 'DashboardController@index')->name('dashboard');
});

finally, in DashboardController.php

replace the

        /* dd(Auth::check()); */ //return false : just want to show you

With:

    $this->middleware(function ($request, $next) {
        dd(Auth::check());  //return false : just want to show you
        die;    
    });

Auth::check() should return true!

Answer 2

Auth::guard('admin')->attempt($request->only('email','password') its returning true or false? If returning false then maybe toy didnt hashed your password Try add this in your Model

 public function setPasswordAttribute($password)
    {
        $this->attributes['password'] = Hash::make($password);
    }

Answer 3

The problem is in your routes file:

Route::group(['namespace' => $namespace,'prefix' => 'admin',  'middleware' => ['auth']  ], function () {
    Route::get('dashboard', 'DashboardController@index')->name('dashboard');
});

You are using the default guard with auth middleware. After you are logged in with admin guard you may not be logged in by your default web guard. That is why it fails and tries to redirect you to login page:

When I try to login, after submitting valid details it does not redirecting me to dashboard, nothing happening. Also when I try for open forcefully /dashboard it take me to login page.

Instead, you should specify in your group that you are using the admin guard:

Route::group(['namespace' => $namespace,'prefix' => 'admin',  'middleware' => ['auth:admin']], function () {
    Route::get('dashboard', 'DashboardController@index')->name('dashboard');
});

However, you already specified in your DashboardController to use $this->middleware('auth:admin');, so there is no need to specifiy it in the route group again. The following is enough and reduces the likelihood to create an error:

Route::group(['namespace' => $namespace,'prefix' => 'admin'], function () {
    Route::get('dashboard', 'DashboardController@index')->name('dashboard');
});

Answer 4

An extraction sample of the how you should define your admin model:

 // app/Admin.php
<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class Admin extends Authenticatable
{
    use Notifiable;

    protected $guard = 'admin';

    protected $fillable = [
        'name', 'email', 'password',
    ];

    protected $hidden = [
        'password', 'remember_token',
    ];
}

For more on multiple authentications guards see: How to use multiple authentication guards