Laravel: If isActive Middleware return false I can't login with different user until delete cookies

Question

I have isActive middleware where I set 1 to acitive and 0 when user is not active.

isActive.php inMiddleware folder look like this:

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;

class IsActive
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (Auth::check()) {
          if (Auth::user()->isActive()) {
            return $next($request);
          }
        }

        return redirect('/')->with('nonActive', 'Account is not active');
    }
}

and I have method in User model:

public function isActive()
{
    if ($this->is_active == 1) {
        return true;
    }

    return false;
}

In Kernel.php in protected $routeMiddleware I add this:

'is.active' => \App\Http\Middleware\IsActive::class,

and I have group middleware in routes and all this works fine.

But, when isActive Middleware return false I can't login with different user. Always get return false as if that user is inactive too until I delete cookies. After deleting I can login just fine with user that is active.

Change your if to if(Auth::check && Auth::user()->isActive()) php is short circuiting. — adam
I think the problem might be that this middleware is blocking authentication, essentially you can't re-login because this middleware won't let you. Your options are to logout before attempting to login again or move the IsActive middleware underneath the authentication middleware so that you can login again without logging out. — adam

adam adam · Accepted Answer · 2018-11-15T19:24:23

Your route group:

Route::group(['middleware' => 'auth'], function () {
    // your active and auth user routes
});

If you want a user to be active in order to authenticate, use a global scope in your User model:

use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Builder;

class User extends Model
{
    ...
    protected static function boot()
    {
        parent::boot();

        static::addGlobalScope('isactive', function (Builder $builder) {
            $builder->where('is_active', '=', 1);
        });
    }
    ...
}

This way a user will not be found unless they are active and you won't need the IsActive middleware.

Source: https://laravel.com/docs/5.7/eloquent#global-scopes

To customize authentication failure errors override sendFailedLoginResponse in your LoginController

protected function sendFailedLoginResponse(Request $request)
{
    return redirect('/')->with('nonActive', 'Account is not active');
}

Laravel: If isActive Middleware return false I can't login with different user until delete cookies

2 Answers