Middleware affect bindings for insert in database

3
votes

I have a problem with my laravel app.

I want to add middleware for rank control on route.

When i add my custom middelware to my route group bindings of SQL statement are in double.

When i take off my custom middleware it's work fine.

I really don't understand why.

There is my AuthRank.php : 

class AuthRank {

public function handle($request, Closure $next, $rank)
{
    $response = $next($request);

    $user = Auth::user();

    if(!$user || $user->rank < $rank)
    {
          return redirect('/');
    }

    return $next($request);
}}

There is my Kernel.php : 

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Adldap\Laravel\Middleware\WindowsAuthenticate::class, // Inserted here.
    ],
    'api' => [
        'throttle:60,1',
    ],
];

/**
 * The application's route middleware.
 *
 * These middleware may be assigned to groups or used individually.
 *
 * @var array
 */
protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'auth.rank' => \App\Http\Middleware\AuthRank::class, 
];

And there is an extract of my Routes.php : 

 Route::group(['prefix' => 'GestionUtilisateurs','middleware' =>'auth.rank:99'], function () 
{
    Route::post('/copy', ['uses' => 'userController@copyUser']);
});

The results of problem with custom middleware:

Statement : insert into MY_TABLE (DATE, USER_ID, ROLE_ID) values (:p0, :p1, :p2) Bindings : [2016/08/09,2016/08/09,1,1,99,99]

without my custom middleware it return me :

Statement : insert into MY_TABLE (DATE, USER_ID, ROLE_ID) values (:p0, :p1, :p2) Bindings : [2016/08/09,1,99]

And this is good

I know the "web" middleware it's by default in

app/providers/RouteServiceProvider.php

But when i delete it, my auth don't work.

Why it's not work with my custom middleware ?

Thx !

1
phplaravellaravel-5laravel-5.2
You're invoking $next($request); twice in your middleware. Your controller's action gets executed twice. So, you got TWICE the records. You located that it's because of your middleware and you didn't check what you repeat twice in it?Mjh

1 Answers

0
votes

I don't see any code that could affect your query. What I do see is that you seem to have an error in your code:

class AuthRank {

    public function handle($request, Closure $next, $rank)
    {
        // Isn't this repeated unnecessarily?
        // $response = $next($request);

        $user = Auth::user();

        if(!$user || $user->rank < $rank) {
            return redirect('/');
        }

        return $next($request);
    }
}

Try removing the excess code. If it doesn't work, provide more details in how it is you are creating your affected query and we might be able to help more.