Skip to content
Advertisement

How to use on Laravel guard for the main domain and another for the subdomains

I’m building a multi-tenant application where the idea is the admins access through the main domain (http://myapp.app) to the dashboard and the regular users access to another dashboard on their respective subdomains (http://tenant-a.myapp.app).

To achieve this I created a custom guard(admin) that uses the session driver and the admins provider which is a custom provider that uses the eloquent driver and my table admins.

// config/auth.php

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

   'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
   ],

   'admin' => [
        'driver' => 'session',
        'provider' => 'admins',
   ]
],


'providers' => [
   'users' => [
       'driver' => 'eloquent',
       'model' => MonicaModelsUser::class,
    ],

   'admins' => [
       'driver' => 'eloquent',
       'model' => MonicaModelsAdmin::class,
   ],
],

After reading a lot of documentation about how the authentication works I got the admins dashboard working event with the reset password system but the part of the subdomains still present some issues.

The login for the regular users on the tenant subdomain seems to be working since I got my user logged and if I check the remember option this is reflected on the database getting a token.

The most important issue that have is when I try to retrieve the user using the authentication functions (facade or injected) I can’t get the user, the method always return me null.

I’ve tried to specify the guard to the auth object but still not work.

When I use the guard object it has a member user that it suppose to contain the logged user but it is always null and if you are about to ask me why I need the user it’s because I need to check the permissions of the user.

My theories are that my session only works with the main domain and not with the subdomians or I need to specify another cookie but honestly I’m just guessing.

I don’t even know what part of my code will be useful to post but if you are related with this problem, every light that you can give me is welcome, let me know if you need more information or an specific piece of my code.

Thanks in advance

UPDATE

This is an extract of the UserController.php

use IlluminateAuthAuthManager as Auth;
use IlluminateContractsAuthAccessGate;
use MonicaHttpControllersController;

class UsersController extends Controller
{
    protected $auth;

    protected $gate;

    public function __construct(Auth $auth, Gate $gate)
    {
        $this->middleware('web');
        $this->auth = $auth;
        $this->gate = $gate;
        $this->auth->guard('web');
        $this->auth->shouldUse('web');
        $u = $this->auth->guard();
        dd($u);
    }
}

And this is the guard object dumped:

SessionGuard {#311 ▼
  #name: "admin"
  #lastAttempted: null
  #viaRemember: false
  #session: Store {#294 ▼
    #id: "XIWy7hEJRuX1cL2bBN7pf7DqT54PpbTyYBXPv6He"
    #name: "no_named_app_session"
    #attributes: array:5 [▼
       "_token" => "RrTXOZwj56Nk9OqxkdkLdDztfZb6TeW2knVf5xc7"
       "_previous" => array:1 [▼
       "url" => "http://monica.app/admin/admins"
    ]
      "_flash" => array:2 [▼
        "old" => []
        "new" => []
    ]
      "url" => []
      "login_admin_59ba36addc2b2f9401580f014c7f58ea4e30989d" => "66f4aab0-6566-11e8-b51d-673dcbafed23"
]
  #handler: FileSessionHandler {#295 ▼
    #files: Filesystem {#115}
    #path: "/home/vagrant/Code/PHP/monica/storage/framework/sessions"
    #minutes: "120"
  }
  #started: true
}
  #cookie: CookieJar {#292 ▼
    #path: "/"
    #domain: null
    #secure: false
    #sameSite: null
    #queued: []
  }
  #request: Request {#42 ▶}
  #events: Dispatcher {#26 ▶}
  #loggedOut: false
  #recallAttempted: false
  #user: Admin {#328 ▶}
  #provider: EloquentUserProvider {#308 ▼
    #hasher: BcryptHasher {#310 ▶}
    #model: "MonicaModelsAdmin"
  }
 }

Advertisement

Answer

After reviewed the life cycle of the Laravel Request I found that the user is not available inside of the Auth or Guard objects when the constructor of the Controller classes is being executed If you try to access to the logged user on the controller constructor

public function __construct(Auth $auth, Gate $gate)
{
    $this->auth = $auth;
    $this->gate = $gate;
    $this->middleware('auth:web');
    $this->auth->shouldUse('web');
    $user = $this->auth->user()  // null
}

But if you access to the user in on the the controller methods, the user is going to be returned

public function index($subdomain)
{
    $user = $this->auth->user()->toArray();
}

This is user var dumped

array:6 [▼
    "id" => "670732c0-6566-11e8-93c6-41f6face77c8"
    "tenant_id" => "66f815e0-6566-11e8-83b2-37a662a96205"
    "name" => "user"
    "email" => "user@aetech.com"
    "created_at" => "2018-06-01 06:38:32"
    "updated_at" => "2018-06-01 06:38:32"
]
User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement