withoutAuthenticationRoutes with default login: /login creates redirect loop #6786
Comments
|
Unable to reproduce the issue, please provide full reproducing repository based on fresh installation as suggested in the bug report template (or you can refer to https://github.com/nova-issues for example) Relevant files/information:
|
|
I would believe this can be solved if your |
|
It is named login. It does not make sense to register a redirect from /login to /login in |
|
Unable to reproduce the issue, please provide full reproducing repository based on fresh installation as suggested in the bug report template (or you can refer to https://github.com/nova-issues for example) |
|
I have the same issue. We have build a package that is in use for all our nova 4/5 applications to provide Google single sign on.
php artisan route:list --path=login
GET|HEAD login ......................... nova.pages.login › Laravel\Nova › AuthenticatedSessionController@create
POST login ................................ nova.login › Laravel\Nova › AuthenticatedSessionController@store
GET|HEAD login/google ................. nova.login.google › All4sports\LaravelNovaGoogleSso › RedirectController
Showing [3] routes
so far i was able to narrow it down to |
|
Don't use |
|
I do not understand, what is so hard to get this problem. You are adding a redirect from /login to /login in if ($this->withAuthentication === false && ! empty($this->loginPath)) {
Nova::router(middleware: $this->authenticationMiddlewares)
->group(function (Router $router) {
// dont do this if $this->loginPath === '/login'
$router->redirect('/login', $this->loginPath)->name('nova.pages.login');
});
} else {
if (
$this->withDefaultAuthentication === true
&& ! Route::has('login')
&& Nova::url('/login') !== '/login' // add the same check above
) {
Route::redirect('/login', Nova::url('/login'))->name('login');
}
Nova::router(middleware: $this->authenticationMiddlewares)
->group(static function (Router $router) use ($limiter) {
$router->get('/login', [AuthenticatedSessionController::class, 'create'])->name('nova.pages.login');
$router->post('/login', [AuthenticatedSessionController::class, 'store'])
->middleware(array_filter([$limiter ? 'throttle:'.$limiter : null]))
->name('nova.login');
});
Nova::router()
->group(static function (Router $router) {
$router->post('/logout', [AuthenticatedSessionController::class, 'destroy'])->name('nova.logout');
});
} |
There are at least 8 variations on how one can set up authentication, which is why a full reproduction repository is important. if ($this->withAuthentication === false && ! empty($this->loginPath)) {This is valid as of now, my suggestion was. -GET|HEAD product-base.test/login/google nova.login.google › All4sports\LaravelNovaGoogleSso › RedirectContr…
+GET|HEAD product-base.test/login/google login › All4sports\LaravelNovaGoogleSso › RedirectContr… |
|
Now, if you can't do that. A full reproduction repository is required for us to determine if there any additional variant we need to cover. |
|
the algorithm inside It was first like this: if ($this->withAuthentication === true) {
}
elseif (! empty($this->loginPath)) {
}And now it is this: if ($this->withAuthentication === false && ! empty($this->loginPath)) {
} else {
}Where in the first scenario i would never enter the And that would seem like an api breaking change |
|
This is a paid product. Should be enough help, to point to the exact line in your code, where the error occurs. And maybe this should be fixed in Laravel also. A redirect to the same path always creates a loop and therefore should not be added. |
This may solve your issue but would only lead to others having regression bugs. The only way to solve the issue is by showing the full use case. |
|
I was in the process of creating a test case, but then I could not reproduce the issue! What I found out is that it is only a problem if the ServiceProvider that registers the route is auto-registered (it comes from a package). So, a quick fix for now can be to suppress auto-registering for the package and manually register the ServiceProvider. I will now create a test case with two public projects to illustrate the full problem. |
|
Here is the test case: https://github.com/all4sports/nova-issue-6786 Three commits |
|
Based on your reproduction repository.
/**
* Register the Nova routes.
*/
protected function routes(): void
{
Nova::routes()
->withoutAuthenticationRoutes(login: false, logout: false)
->register();
} |
|
Thanks @crynobone this fixes my problems :) |
|
Hey there, We're closing this issue because it's inactive, already solved, old, or not relevant anymore. Feel free to open up a new issue if you're still experiencing this problem. |
|
It still creates a redirect loop from |
|
using |
|
https://nova.laravel.com/docs/v5/customization/authentication Not clear from the docs that |
|
If anything, we will add an exception if developer try to set the same URL since it's not suppose to work. |
|
Yeah, make it as complicated as possible, instead of changing the defaults to |
Description:
Not sure when this was introduced, but in our app a default custom /login route now creates a redirect loop. We had to rename the route.
In 5.3.1 we had this route registration in NovaServiceProvider and it worked with a custom /login route:
After upgrading to 5.4.1 it needs to be this:
Using /login instead of /custom-login creates a redirect loop, because of line 244 in
PendingRouteRegistration.php:The text was updated successfully, but these errors were encountered: