I'm pretty out of any ideas right now.
The case is: I have a route for an API-endpoint (working fine, responding JSON etc.).
If I now apply the built-in 'auth' middleware to the route, I'm redirected ALWAYS to the /home route. Looks like I'm doing sth. wrong with the auth? I think wrong, because:
This curious redirect also kicks in, if I don't use 'auth' but a custom middleware, that contains NOTHING but
public function handle($request, Closure $next)
{
print "WTF";
throw new AuthenticationException('Unauthenticated.');
}
[the print and the Exception are never thrown! I'm landing again without errors at /home.]
Not all middleware is producing this error: For example, 'auth.basic' and 'web' are just working fine with this route.
I also applied 'web' and my own middleware both to the route according to some results I found, that said that using 'web' solved similar problems for them, but guess what, nothing changed.
TL:DR: If I use my own middleware or 'auth' I'm getting redirected, BEFORE the middleware itself is executed.
Update: After fiddling around with the code and the great tipp from mnies, I found this very curious Bug:
If I just uncomment AuthenticationException, suddenly my code is working as intended. It may be that loading the Exception-Class calls RedirectIfAuthenticated Middleware?! - which is definitely called!
The easy solution is now, using a different Exception for my custom middleware, but the Problem is that the default 'auth'-MW is also using this Exception and so causing the same Bug.
Remember: I am not using other middleware than just this own one, the bug seems really loading the Exception, like WTF?
So I still need help why this is happening!
Bug: using
throw new AuthenticationException('Unauthenticated.', []);
causes 'guest'-MW (RedirectIfAuthenticated) being called instead of intended MW-stack! (nothing of the original MW-stack is being executed, no matter the order.
Update 2: It seems that RedirectIfAuthenticated is thrown only because I got redirected before to the /login route (and from there as described to /home through it), but that doesn't change the issue that this random redirect occurs.
[I'm trying atm to reproduce this Bug in a fresh installation]
Update 3: I was not able to reproduce the bug in a fresh installation with Laravel 5.4.19.... Trying to compare both installations now. D:
Using Laravel 5.3.30.
Some of my code for context:
Route:
Route::get('/admin/user/get', ['middleware' => ['simpleauth', 'web'], 'uses' => 'UserEditAdmin\Controllers\Controller@get']);
Custom middleware:
class SimpleAuth
{
public function __construct(){}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
* @throws AuthenticationException
*/
public function handle($request, Closure $next)
{
print "WTF";
throw new AuthenticationException('Unauthenticated.');
}
}
'web' from Kernel.php:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
