2
votes

I'm quite new to Laravel and I'm trying to make a system that checks if a user is "logged-in".

For some reasons, I'm using SSPI Authentication. So basically, when the user arrives on the website, there's a login pop-up which asks for a login and password and the SSPI module auths against AD.

What I want to do is that, on any route, it will check for a session variable. If this variable doesn't exist, it redirects to a route where the SSPI is configured.

I tried the following :

Route::any('{all}', function()
{
if (!Session::get('PHP_USER_AUTH')) {
        redirect::route('auth');
} else {
        return 'Logged in as ' . Session::get('PHP_USER_AUTH');
}
})->where('all', '.*');

Route::get('/auth', function() {
    // Do something
});

And here's the SSPI configuration :

<files auth>
    AuthName "Laravel Auth"
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    require valid-user
</files>

The obvious problem with this is that when I arrive on any route, it will check for the session variable, won't find it and redirect to the auth route. But, on the auth route, it will also check for the variable, won't find it and redirect etc etc.

Is there a way of making something like all routes excepts or something. Or am I thinking the problem the wrong way ?

Thanks for your help.

1

1 Answers

4
votes

A quick workaround would be, to move the Route::get('/auth' ...); block above the Route::all(...); block.

That will tell Laravel to overwrite all routes.