Laravel broadcasting auth working or for web guard or for custom guard

0
votes

In project I have two auth guards, web (users, by default), and my custom (teachers). I have noticed, that teachers can't authorize in broadcast. After adding middleware in Broadcast::routes(['middleware' => ['web', 'auth:teacher']]), the teachers are authorizing successfully, but the users are redirecting to login page. So I have following problem:

  1. Having Broadcast::routes(); code, the broadcast working fine only for users guard, for teachers it returns 403 forbidden error.

  2. Having Broadcast::routes(['middleware' => ['web', 'auth:teacher']]); code, the broadcast working only for teachers guard, for users is redirecting to auth, login, then user page.

config/auth.php

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Authentication Defaults
    |--------------------------------------------------------------------------
    |
    | This option controls the default authentication "guard" and password
    | reset options for your application. You may change these defaults
    | as required, but they're a perfect start for most applications.
    |
    */

    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

    /*
    |--------------------------------------------------------------------------
    | Authentication Guards
    |--------------------------------------------------------------------------
    |
    | Next, you may define every authentication guard for your application.
    | Of course, a great default configuration has been defined for you
    | here which uses session storage and the Eloquent user provider.
    |
    | All authentication drivers have a user provider. This defines how the
    | users are actually retrieved out of your database or other storage
    | mechanisms used by this application to persist your user's data.
    |
    | Supported: "session", "token"
    |
    */

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'teacher' => [
            'driver' => 'session',
            'provider' => 'teacher',
        ],

        'api' => [
            'driver' => 'token',
            'provider' => 'users',
            'hash' => false,
        ],
    ],

    /*
    |--------------------------------------------------------------------------
    | User Providers
    |--------------------------------------------------------------------------
    |
    | All authentication drivers have a user provider. This defines how the
    | users are actually retrieved out of your database or other storage
    | mechanisms used by this application to persist your user's data.
    |
    | If you have multiple user tables or models you may configure multiple
    | sources which represent each model / table. These sources may then
    | be assigned to any extra authentication guards you have defined.
    |
    | Supported: "database", "eloquent"
    |
    */

    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\User::class,
        ],
        'teacher' => [
            'driver' => 'eloquent',
            'model' => App\Teacher::class,
        ],

        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],

    /*
    |--------------------------------------------------------------------------
    | Resetting Passwords
    |--------------------------------------------------------------------------
    |
    | You may specify multiple password reset configurations if you have more
    | than one user table or model in the application and you want to have
    | separate password reset settings based on the specific user types.
    |
    | The expire time is the number of minutes that the reset token should be
    | considered valid. This security feature keeps tokens short-lived so
    | they have less time to be guessed. You may change this as needed.
    |
    */

    'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,
            'throttle' => 60,
        ],
    ],

    /*
    |--------------------------------------------------------------------------
    | Password Confirmation Timeout
    |--------------------------------------------------------------------------
    |
    | Here you may define the amount of seconds before a password confirmation
    | times out and the user is prompted to re-enter their password via the
    | confirmation screen. By default, the timeout lasts for three hours.
    |
    */

    'password_timeout' => 10800,

];

app\Providers\BroadcastServiceProvider.php

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Broadcast;
use Illuminate\Support\ServiceProvider;

class BroadcastServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {   
        Broadcast::routes(['middleware' => ['web', 'auth:teacher']]);

        require base_path('routes/channels.php');
    }
}
1
phplaravel
what if you do Broadcast::routes(['middleware' => ['web', 'auth']]);?Nasa
@Nasa Working for users, for teachers redirecting from login to student (users are students in my project) multiple times and fails.Narek

1 Answers

2
votes

This is coming late, However, You should try this if you have not Broadcast::routes(['middleware' => ['auth:web', 'auth:teacher']]);

Broadcast::routes() works for student because the default 'auth:web' guard of the authentication middleware was used and when you added for the teacher you specified wrong 'web', instead of 'auth:web'. Trying using Broadcast::routes(['middleware' => ['auth:web', 'auth:teacher']]); or Broadcast::routes(['middleware' => ['auth:web,teacher']]);