Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Laravel 11: Authorizing Users on page load returns Null user and Unauthorized #362

Open
webdevnerdstuff opened this issue Apr 17, 2024 · 10 comments

Comments

@webdevnerdstuff
Copy link

webdevnerdstuff commented Apr 17, 2024

Issue:

On page load the auth user is null and causes the auth callback to be false.

Specs:

PHP: v8.3.3
Composer:

"require": {
    "php": "^8.2",
    "inertiajs/inertia-laravel": "^1.0",
    "laravel/framework": "^11.0",
    "laravel/jetstream": "^5.0",
    "laravel/sanctum": "^4.0",
    "laravel/tinker": "^2.9",
    "opcodesio/log-viewer": "^3.0",
    "tightenco/ziggy": "^2.0"
},
"require-dev": {
    "fakerphp/faker": "^1.23",
    "laravel/pint": "^1.13",
    "laravel/sail": "^1.26",
    "laravel/telescope": "^5.0",
    "mockery/mockery": "^1.6",
    "nunomaduro/collision": "^8.0",
    "phpunit/phpunit": "^11.0",
    "spatie/laravel-ignition": "^2.4",
    "barryvdh/laravel-debugbar": "^3.13",
    "itsgoingd/clockwork": "^5.2"
},

Problem Solving:

In Laravel 11 the providers has moved and I'm not sure if it's causing this to behave this way. Inside my AppServiceProvider I added something like the following:

LogViewer::auth(function ($request)
{
    $roles = config('log-viewer.roles');
    $hasAccess = (new RolePermissionHelper)->userHasRole($request->user(), $roles);

    return $hasAccess;
});

If I dump the $request->user() on the page load it is Null, but if I dd the user, it shows the user with all of it's data. Also if I dump($hasAccess) the result is false, and if I dd($hasAccess) the result is true, but still comes back Unauthorized. If I return true; it does work (expected since it's straight logic).

I thought that maybe the api or web middleware was blocking it somehow, so I added the following inside of bootstrap/app.php which is new in Laravel 11 to append/prepend (I tried both append/prepend) to the middleware:

$middleware->web(append: [
    \App\Http\Middleware\HandleInertiaRequests::class,
    \Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
    \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class,
]);

$middleware->api(append: [
    \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class,
]);

This has the same result of Unauthorized.
I also tried adding it to every other Provider I have to see if it would make a difference (it didn't).

Additional Info:

This problem did not occur for me in Laravel ^10. Unfortunately this is a private repo/company site so I can't share the full code. I also looked at this Issue 264 since it seemed similar, but it didn't quite apply in this situation.

I'm running out of ideas of things to try, so any help would be appreciated. Thank you!

@arukompas
Copy link
Contributor

hey @webdevnerdstuff

can you share your config/log-viewer.php configuration? Does the middleware property include the 'web' middleware? Otherwise the authenticated user will not be resolved for Log Viewer routes.

@webdevnerdstuff
Copy link
Author

<?php

return [
    'enabled' => env('LOG_VIEWER_ENABLED', true),
    'api_only' => env('LOG_VIEWER_API_ONLY', false),
    'require_auth_in_production' => true,
    'route_domain' => null,
    'route_path' => 'admin/logs',
    'back_to_system_url' => config('app.url', null),
    'back_to_system_label' => null, // Displayed by default: "Back to {{ app.name }}"
    'timezone' => null,

    'middleware' => [
        'web',
        \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class,
    ],

    'roles' => env('LOG_VIEWER_ROLES') ? explode(',', env('LOG_VIEWER_ROLES')) : null,
    'api_middleware' => [
        \Opcodes\LogViewer\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class,
    ],
    'api_stateful_domains' => env('LOG_VIEWER_API_STATEFUL_DOMAINS') ? explode(',', env('LOG_VIEWER_API_STATEFUL_DOMAINS')) : null,
    'hosts' => [
        'local' => [
            'name' => ucfirst(env('APP_ENV', 'local')),
        ],
    ],
    'include_files' => [
        '*.log',
        '**/*.log',

        // You can include paths to other log types as well, such as apache, nginx, and more.
        '/var/log/httpd/*',
        '/var/log/nginx/*',

        // MacOS Apple Silicon logs
        '/opt/homebrew/var/log/nginx/*',
        '/opt/homebrew/var/log/httpd/*',
        '/opt/homebrew/var/log/php-fpm.log',
        '/opt/homebrew/var/log/postgres*log',
        '/opt/homebrew/var/log/redis*log',
        '/opt/homebrew/var/log/supervisor*log',

        // '/absolute/paths/supported',
        '/var/log/pbunny/*',
    ],
    'exclude_files' => [
        // 'my_secret.log'
    ],
    'hide_unknown_files' => true,
    'shorter_stack_trace_excludes' => [
        '/vendor/symfony/',
        '/vendor/laravel/framework/',
        '/vendor/barryvdh/laravel-debugbar/',
    ],
    'cache_driver' => env('LOG_VIEWER_CACHE_DRIVER', null),
    'lazy_scan_chunk_size_in_mb' => 200,
    'strip_extracted_context' => true,
];

@stf-alexander
Copy link

Having the same error after upgrading to Laravel 11.

@stf-alexander
Copy link

Sorry, in my case the Gate definition was missing in a Service Provider after the Laravel 11 update.

@AlexandreCConcept
Copy link

Hey 👋
I'm experiencing the same problem after upgrading to Laravel v11.x
Before, everything was fine.
So, what I do :

bootstrap/app.php :

return Application::configure(basePath: dirname(__DIR__))
                  ->registered(function (Application $app) {
                      $app->usePublicPath(path: base_path('/../public_html'));
                  })
                  ->withRouting(
                      web: __DIR__.'/../routes/web.php',
                      commands: __DIR__.'/../routes/console.php',
                      health: '/up',
                  )
                  ->withMiddleware(function (Middleware $middleware) {
                      $middleware->alias([
                          'role'                 => RoleMiddleware::class,
                          'permission'           => PermissionMiddleware::class,
                          'role_or_permission'   => RoleOrPermissionMiddleware::class,
                      ]);
                      $middleware->web(append: [
                         AuthorizeLogViewer::class,
                      ]);
                  })
                  ->withExceptions(function (Exceptions $exceptions) {
                      //
                  })->create();

Providers/AppServiceProvider.php :

public function boot(): void
    {
        LogViewer::auth(function ($request) {
            return $request->user()
                   && $request->user()->hasRole('super_admin');
        });
    }

If I make a dd($request->user() && $request->user()->hasRole('super_admin')); it returns true

log-viewer.php

I've also add this in the config file :

'middleware' => [
        'web', ViewLogs::class,
        AuthorizeLogViewer::class,
    ],

Did I miss something? I've a 401 😇
Thanks you

@stf-alexander
Copy link

@AlexandreCConcept try to set LOG_VIEWER_API_STATEFUL_DOMAINS in your .env file.

@AlexandreCConcept
Copy link

It's good, thanks! 😃

@masterei
Copy link

i fixed mine by making sure APP_URL is same as the domain

@agus-wisnu
Copy link

i fixed mine by making sure APP_URL is same as the domain

can you explain more about this?

@arukompas
Copy link
Contributor

i fixed mine by making sure APP_URL is same as the domain

can you explain more about this?

If you host your app behind a domain yourdomain.com, then that should be the value of your APP_URL environment variable. It should match the domain (or subdomain) you enter in the browser to visit your app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants