Configuring Multi Auth Middleware - Native Laravel 5.4 Multiple Authentication Series (Part 3)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] everybody welcome back to the dev marketer channel in this videos can be part three of our little mini series on working on building up a multiple authentication system in level using all of the native authentication scaffolding and facades and everything okay so the first video of this series if you're if you're just jumping into this video and you're confused while going through it just keep in mind this is a third part of the series and if you want to see how we built up the guards and everything like that you're going to want to go to the first video or at least watch the playlist and all those links will be down in the description so the first video we set up an admin model and our user model and then we went ahead and configured them and we now have a guard for each of them we have the admin guard and the web guard the web guard protects our users the admin guard protects for admins or our employees or whatever we want to call them okay so that worked out great the last video we set up our login forms so now we have a login form for admin and a login form for users and that's working beautifully but we still have one last problem and that's what I want to talk about in this video is basically how to solve this one last thing which is all about redirects and it's making sure you get redirected to the right place and of course this is just a problem because label is out of that when you run your authentication scaffolding by default you just have the one there's just the one type of user right so it's all set up and basically hard-coded for that one type of user and that's what we need to configure is we need to say hey there's now multiple types of users let's set it up for multiple users and make sure it redirects to the right place depending on the user so let me show you guys the problem real quick we'll just illustrate it here in the browser and then I'll talk to you guys about the solution so make sure you guys understand what the problem is before you know we try to solve the problem that you may not understand so let's start by going to the home page now the home page is for users only right we have a authentication middleware in there so if someone is not authenticated as a user they're going to get kicked off of the home page and sent to the login page that's our the for the users right and sure enough we click home and it redirects us to the user login page as we would expect that we normal that's normal that's normal because it is hard-coded to always go to the slash login page we're going to want to make this more dynamic but at least it does provide the functionality we need now the problem we see is when we try to go to the admin page now if we go to the admin page we're trying to go somewhere that only admins are allowed you would expect then if we're not authenticated that it redirects us to the admin login page so that we could log in as an admin but what happens if you click this you click enter well I'm logged in as an admin alright let's log out real quick let's try that again slash admin and now you can see it since I'm not logged in as an admin it redirects us to the user login page and that's not expected we would normally expect it to take us to an admin login page so that we can then fill out the form log in and then go back to our intended page and that's not going to be functionality we get here now we would have to manually type in admin slash login in order to get there ok so that is one problem that we've got let's see the other problem that we have with redirects is now if we're logged in and we're going to a page protected by guest middleware so let's see how we can recreate this show you guys what's going on with this one this is again if you're using the guest middleware which we currently use our guest middleware on our login forms but you might have guessed middleware throughout the rest of your application but when use your guest middleware what happens if someone is currently logged in and they go to a page with your guest middleware normally it would redirect them to like the dashboard or home page for that user because they're not allowed to access the page they're trying to access because it's protected by the guest middleware but we get kind of weird results when we do this here so let's demonstrate this let's actually log in now as a admin we're going to log in ok so now that we're logged in as an admin what we would do let's try now to access something protected by the admin guest middleware that would be the login page right so let's go to admin slash login and click it and where does it take us it takes us to the normal login page now why is that happening this is confusing what it's actually trying to do is because we're protected it thinks that we are logged in right it doesn't really know that there's multiple it hasn't really been programmed for multiple user types so what happens is when we try to access admin slash logged in the guest middleware will catch on and say hey you can't do this you're logged in or you already logged in as an admin and so it's like let's just redirect you so it falls back on a redirect and then it redirects them well once again that redirect URL is hard-coded for the users and so it ends up sending us to the user dashboard which is the slash home well we're not at then the next problem is then we're not authenticated as user so then slash home then kicks us out and sends us to the user login because that's what hard-coded for that okay so there's two different problems that we got and they're both related to middleware so if that makes sense I know there's a lot going on there but basically the two problems we have is we want to make sure that if we are logged in that we and are sorry if we are sub if there's a authentication middleware requiring you to be logged in as a certain type of user we want to make sure that it redirects you to the login page for that type of user okay that's the first problem we want to solve the second problem we want to solve is that if you are trying to go to a page protected by a guest middleware for specific guard and you're logged in as that guard we want to make sure that you get redirected to the correct page for that guard not just always slash home okay so those are kind of the two things we got to worry about with redirects look dive into the app and see how that works first things first we need to understand I guess what's happening there's two different types of middleware sort middleware that basically happens we can see the middleware in our app and then providers are not providers are HTTP and then kernel and you can kind of see what's happening down here so we've got whenever we're using the off middleware like this one right here you can see that it actually uses this authenticate is the middleware okay so we're using this authenticate middleware and this is actually in our foundation this is in the vendor folder for the root of the application now when we use our guest middleware it's using this middleware called redirect if authenticated and this in our app folder so this is pretty easy to access now this one we usually don't want to edit hard codes like the stuff in your vendor folder you really don't want to end it edit that because it can't be saved to your repository or it's hard to upgrade and stuff like that and luckily we don't really need to edit this hard code even though it's using the authenticate middleware that's in the illuminate folder it actually throws an exception so we can actually just build upon the exception that it throws which is in our app folder here instead of having to change the hard code for label okay so when you run the authenticate middleware and you're not authenticated what it does is it throws an exception to redirect you to the login page and that exception that it throws is actually handled up here under app exceptions Handler and then down here at the very bottom we have one a protected function called unauthenticated and you can see that it comes in and is an authentication exception okay so when that middleware runs and it you're not authenticated it throws this exception that's unauthenticated exception so we can actually edit what happens when your unauthenticated by just editing the code in this exception handler okay so let's go ahead and do that well first let's start by just taking a look at what's happening first of all we see we have an if statement here the if statement is checking to see whether the current request is expecting JSON in return what this would normally mean if a request is expecting JSON or return this would be an API request okay so the user is submitting something via an API and so they're generally they're responding back and forth with JSON instead of a full web request and so if that's the case we just want to reply back in JSON right that makes sense so that's what happened here so if it's expecting JSON then we'll give a JSON that's exactly what we do so we send back a response we're not allowed to view the page so we send back a response in JSON and we simply send it this response so we say error I'm authenticated alright and then they know they're not authenticated and then with that we attach an HTTP code call a 401 HTTP code alright now that basically solves our API so if they're logging with an API we really don't need to customize that we'll just let that be the response for garlis of what our api which guard they're trying to access we're just going to send back the generic unauthenticated and that works now with the users where we really need to make sure we don't get the user confused so if the user is trying to access a user back-end we want to redirect them to the user login if they're trying to if they're trying to access the admin back-end we want to redirect them to the admin login ok and so that's what we're going to do down here you can see that by default it's just hard coded to just always redirect us to this route this login route so it's always to the generic user login page no matter what so what we're going to want to do here is add some logic to see which guard they're using and then depending on the guard they're using we send them to the right to the right login page so let's go ahead and do that here let's get that set up what we're going to do to start with is we're actually just going to we're going to pull the guard out of this exception so this is you can see up here we have this exception object which is an authentication exception type and inside the exception object there is the guard that they're trying to access is in there so let's just pull that out and then we're going to see what the guard is equal to and then send it to the right place so let's do that by we're going to create a variable called guard and we're going to set it equal to we're going to create an array out of this exception and then we're going to get the guards only this passes in basically a collection but we don't want that we just want one item the first item basically and so this is going to just give us the string so basically we should be getting if we go to our config off we should be getting one of these in response we should get Web API admin or admin API that's we're going to get one of those four options and theoretically we shouldn't be getting admin API or API because those would be caught up here so that leaves basically we just speak either getting web or admin and of course if you have more than this and you might get you might have more than just two but we basically just going to have web or admin so all we need to do is see whether guard is equal to web or admin and then send it to the right place so that's what we're going to do we're going to use a switch statement here instead of it Ness in a bunch of if statements we're going to switch against the guard variable and the first thing I want to check is if we're using the admin the admin guard if we're using the admin guard then we're going to tell it to go to the admin log in and we can do that with a variable called login and set that equal to our named route which is login or admin login ok that's good and then now down here we'll just catch everything else which should just be the web but it might be the API it should be literally wouldn't work so it'd be the web response so with that we'll just catch it as the default and we'll just send it to the login and that's basically our default login page if for any other option ok so now we have this variable called login which is equal to the name of the named route that we want to forward them to so now down here when we redirect them let's just make this dynamic to go to that login variable and that way if they are trying to access the admin guard it'll go to the admin login if they're trying to access a different guard like the web guard it'll send them to the normal login and that's it ok so that's it for this one redirect is just going to redirect them now to that login page so that now solves the problem of if we go back to our kernel and look at our guards here so we went ahead and solved this problem so now if somebody is if there is a page that is protected by off middleware we will make sure to redirect them to the correct login page if they're not logged in so that's also the first problem the second problem is for pages protected by the guest middleware the guest middleware only wants people that are not logged in ok so if you're logged in then we don't want you seeing that page instead we normally would redirect you to the home page for that authentication alright so we want to redirect if authenticated so this is what we're going to edit now let's go over here it's just under the middleware folder redirect it's authenticated so middleware redirect if I indicated right there and you can see what's going on here so this is the middleware basically it checks to see if we're logged in and then it redirects us home and then if we're not logged in then it will come over here and just let us continue on and go to the request okay remember this is middleware so basically next just means go to the next middleware and or just start loading the page so basically what it does is it just sees are we logged in if we are logged in then it it redirects us to the slash home and that's just hard coded otherwise it continues on and lets us view the page and so forth so this is actually this is actually pretty easy because we actually have this variable called guard and it's available here and of course it could be equal to null if there's no guard specified but by default the guard will be equal to whatever guard we're trying to access in the middleware so guard will either be equal to web or le be equal to admin as a string okay so that's pretty easy so because we have that right on the box we can actually do the same thing we test it they didn't last one we can just test against that guard and then redirect to the correct page depending on the guard that it is okay so in order to do this it gets a little bit different but it's not it's still not too bad what we're going to do is we're going to create let me just I'm just going to comment that out here and up here at the top we're going to create another switch statement right just like we did in the last time and we're going to switch it against guard once again and then we're going to add our case value and we want to check to see if there if it's you trying to use the admin guard we're logged as admin we also now need to check that we are actually authenticated Bernie is off we're actually going to wanna make sure that we are inside of that same guard okay and check like that and then here we can return redirect and we're going to redirect them to the route for let's see this is the admin so admin dashboard that okay so we go in here if they're an admin if they are an admin but let's say they're they're trying to access an admin page then in that case this is going to trigger because the guard is going to be equal to admin okay so they're trying to access an admin page let's say they're logged in as a user but not as an admin well what would happen is they're going to enter this right here then they're going to go to the if statement and it's going to say off guard and it's going to test it against admin well if they're logged in as a user but not an admin then this is going to fail so it's then not going to redirect them okay in that case it's actually going to break out of the switch statement and then just continue on with the request which is the effect that we want okay because you want that person if it's only protected against say admins and you're not logged in as an admin but you're logged in as a user we still want you to see that page then does that make sense so in that case we want to make this allowed okay and this will work now if they are law if you're trying to access an admin and you're logged in as an admin then this will succeed and it will redirect you to the admin dashboard so that's what we want now down below let's go ahead and this will be for our this will be for the normal user let's go ahead and do that so for the user there we go we're going to test against that guard and then if it's successful will redirect them home okay so this is for users this is for admins let's clear this up and then if all else fails we just let them return to the next request perfect okay so let's try it out now that's basically everything we need I'm going to have written tutorial for this this one's kind of hard to explain because I don't know I just had there's like so many like redirects going on in middlewares I had a hard time explaining it if you're confused and you rewatch it and it still doesn't make sense I'm going to have a written tutorial that you can go it's going to be down below it'll be on my website you it'll be written out and hopefully in written form I can make this make a lot more sense and you can understand it by reading it so if you're confused on what's going on I recommend reading the tutorial okay so let's try this out now so but first of all let's log in as a admin okay so I tried to go to the admin page I'm logged in as an admin already it looks like so because I'm wrong I would I was going to say we would hope that it would redirect us to the admin login but I'm logged in so ads let's now try I'm logged out of everything so now let's try to access the admin homepage we would hope now that if everything worked correctly that it will redirect us to the admin login instead of the user login solet because it wasn't doing that at the beginning of the video so we click it and sure enough we're on the admin login page so that's a really really good sign and of course as expected if we go to the home page this would be this would redirect us to the user login okay so that's a good sign so we know that our redirect for the page is protected by authentication it is redirecting us to the correct login form for that guard so that's a good sign the other thing we wanted to test is now if we are logged if a page is protected by a guest and you're logged in from what from the guard that it's protecting against then it will send you to the correct page for that guard okay so let me the practical example this let's login now as a dev a admin again and why not okay so now to test this last part what we're going to do is we are going to test obviously we want to make sure if we go to admin log in now while we're logged as an admin we would expect it to kick us out because admin login is protected by guest middleware it's going to see we're currently logged in this admin and then redirect us to admin dashboard hopefully that works because before it would have redirect us to the home page for the user let's go and try it sure enough it sends us to now to the correct dashboard so that's a good sign if I try to go to the home page right I'm not logged in as a user I'm only logged in as an admin so if I'm try to go to the home page the authentication middleware should kick me out and send me to the login page for the user and then that one should let me in even though I'm logged in as an ad in I'm not logged in as a user so it should let me view the login page so let's click enter I'm sure enough it does the last test we can do is let's um just go back and I'm going to log out now we're going to log in as a user ok so now I'm logged into the user and now that logged in as a user I want to try to go to our login page it shouldn't let us perfect goes back to the correct dashboard the user dashboard and now let's try to go to the admin page of course the admin page we're not logged in as an admin it should send us to the admin login and it should let us see the admin login instead of redirecting us back to the user homepage ok because if we're logged into the user but not as an admin and the ads the the login page for the admin is only protecting against admin guest and not all guests alright so we click it and sure enough admin login it allows us to do this and we could also now log in as both alright and now we should have access to basically everything ok so home admin login redirects us back home perfect admin slash login read access to admin so our page is working a hundred percent as intended so hopefully you guys ain't found that interesting and informative now if you guys are confused I've got written just written instructions for all this on a blog post post and the links of that is down in the description I highly recommend you go over there you might want to save this all the code snippets are there that's probably the easiest one to follow along now that you've seen it in action and if you ever try to do this again the instructions on over there will be pretty easy I think alright now if you guys that basically sums up most of what we need to do for the multiple authentication in level if you do want to learn how to use password resets with multiple users that will be the final video the next video coming up so I recommend you take a look at that one but until next time guys have some fun and level and hit me up by the way if you guys have if you guys have any questions or you just want to say thank you I love hearing things from you guys so you can hit me up on Twitter or you can email me and I'll do my best to get back to you guys ok so much for tuning in guys I'll see you guys in the next video
Info
Channel: DevMarketer
Views: 99,049
Rating: undefined out of 5
Keywords: laravel, code, php, help, tutorial, authentication, login, users, admins, best
Id: P8T3MjZPDdI
Channel Id: undefined
Length: 22min 13sec (1333 seconds)
Published: Sat Feb 25 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.