CODEWITHSUNDEEP
phplaravellogout
Vannian
Vannian

Reputation: 1530

Unable to logout with laravel 6 with POST request

I read that using get request to logout could have csrf attack so I want to implement post request to logout.

Here what i did in web.php

Route::redirect('/', '/it');

Route::group(['prefix' => '{locale?}'], function () {
    Route::get('/','HomeController@index')->name('/');
...
    Route::get('/admin/dashboard', 'AdminViewController@index')->name('dashboard')->middleware('auth')
...
    Route::get('/contact', 'ContactController@index')->name('contact');
    // Route::get('logout', function()
    // {
    //     auth()->logout();
    //     Session()->flush();
    //     return Redirect::to('/');
    // })->name('logout');

    Auth::routes();

});

I know people say to remove Auth from group but for me this is fine.

Here what I have in AuthRouteMethods which automatically created:

<?php

namespace Laravel\Ui;

use Illuminate\Support\Facades\Route;

class AuthRouteMethods
{

    public function auth()
    {
        return function ($options = []) {
            // Authentication Routes...
            $this->get('login', 'Auth\LoginController@showLoginForm')->name('login');
            $this->post('login', 'Auth\LoginController@login');
            $this->post('logout', 'Auth\LoginController@logout')->name('logout');

            // Registration Routes...
            if ($options['register'] ?? true) {
                $this->get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
                $this->post('register', 'Auth\RegisterController@register');
            }

            // Password Reset Routes...
            if ($options['reset'] ?? true) {
                $this->resetPassword();
            }

            // Password Confirmation Routes...
            if ($options['confirm'] ??
                class_exists($this->prependGroupNamespace('Auth\ConfirmPasswordController'))) {
                $this->confirmPassword();
            }

            // Email Verification Routes...
            if ($options['verify'] ?? false) {
                $this->emailVerification();
            }
        };
    }


    public function resetPassword()
    {
        return function () {
            $this->get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
            $this->post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
            $this->get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
            $this->post('password/reset', 'Auth\ResetPasswordController@reset')->name('password.update');
        };
    }

    public function confirmPassword()
    {
        return function () {
            $this->get('password/confirm', 'Auth\ConfirmPasswordController@showConfirmForm')->name('password.confirm');
            $this->post('password/confirm', 'Auth\ConfirmPasswordController@confirm');
        };
    }


    public function emailVerification()
    {
        return function () {
            $this->get('email/verify', 'Auth\VerificationController@show')->name('verification.notice');
            $this->get('email/verify/{id}/{hash}', 'Auth\VerificationController@verify')->name('verification.verify');
            $this->post('email/resend', 'Auth\VerificationController@resend')->name('verification.resend');
        };
    }
}

and in UI i have this implementation:

                        <li><a href="{{ route('logout', app()->getLocale()) }}" onclick="event.preventDefault(); document.getElementById('loggout-form').submit();">Logout</a>

                      </ul>
                    </div>

                <form id="loggout-form" {{ route('logout', app()->getLocale()) }} method="POST" style="display:none;">
                    @csrf
                </form>

and when I run the call I got this error:

Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException

**The POST method is not supported for this route. Supported methods: GET, HEAD.**

Upvotes: 1

Views: 2243

Answers (1)

Muhammad Bilal
Muhammad Bilal

Reputation: 344

You should define your logout route in web.php like as following It will create the following route:

POST | logout | App\Http\Controllers\Auth\LoginController@logout

You will need to logout using a POST form. This way you will also need the CSRF token which is recommended.

<form method="POST" action="{{ route('logout') }}">
  @csrf
  <button type="submit">Logout</button>
</form>

Upvotes: 2

Related Questions