I have a collection of routes with the following middleware user flow:
Admins create a user account (without a password), users get an email they must verify, upon clicking the link, they are authenticated and brought to a password creation page.
I want to employ this logic using middlewares on basic site pages, i.e. homepage, faq, privacy policy, etc.
So if users verify their email (which automatically authenticates them), they must create a password and failing to do so / going to any other page, brings them back to the password creation page - I have a password.created middleware that successfully does this.
If users are not logged in and are in guest mode or if they are logged in and authenticated (any user type), I would like to give them full access to all non-admin pages.
This is what I tried, but it keeps redirecting to the login page:
Route::middleware(['verified', 'password.created', 'can:guest'])->group(function() {
Route::get('/', 'HomepageController@getHomepage')
->name('home');
Route::get('/privacy-policy', function () {
return view('/privacy-policy');
})->name('privacy-policy');
Route::get('/faq', function () {
return view('/faq');
})->name('faq');
Route::get('/auth/password/create', 'RegisterController@getCreatePassword')
->name('auth/password/create');
Route::post('/auth/password/create', 'RegisterController@postCreatePassword')
->name('auth/password/create');
Route::get('/email/verify/{id}/{hash}', 'VerificationController@verifyAccount')
->name('user/verification');
});
To recap, if a user has verified their email, they must create a password before accessing any other page. If they are not logged in or already created a password and they are logged in, provide full access to basic pages.
I am having a hard time getting this logic to work properly using middlewares.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire