I have created a custom middleware and i am checking if the password field is null and redirect user to change the password but it give me redirection error, any one can help? Let me add more details i want user to redirect to /change-password if the password field is empty
so here’s the whole process.
user verify the email, redirect to /change-password route instead of dashboard if password field in the database is empty other wise we redirect them to dashboard. Users shouldn’t access any route until they didn’t update the password.
Remember i am using laravel breeze for auth
Middleware code:
<?php
namespace AppHttpMiddleware;
use AppProvidersRouteServiceProvider;
use Closure;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;
class ChangePasswordMiddleware
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure(IlluminateHttpRequest): (IlluminateHttpResponse|IlluminateHttpRedirectResponse) $next
* @return IlluminateHttpResponse|IlluminateHttpRedirectResponse
*/
public function handle(Request $request, Closure $next)
{
$user = Auth::user();
if (empty($user->password)){
return redirect()->route('patient.password');
} else{
return redirect()->intended(RouteServiceProvider::HOME);
}
return $next($request);
}
}
My Routes:
Route::middleware(['auth', 'verified', 'changepassword'])->group(function (){
Route::get('/change-password', [PatientsController::class, 'passwordView'])->name('patient.password');
Route::get('/dashboard', [PatientsController::class, 'index'])->name('patient.dashboard');
Route::get('pricing', [PatientsController::class, 'pricing'])->name('patient.pricing');
});
changepassword is registered in my kernel.php and it’s a custom middleware.
i have tried to create a different group for routes but it still doesn’t work, i want changepassword middleware to force use to change the password and other routes shouldn’t work until the password field is updated
2
Answers
As mentioned in the comments, the middleware is being called over and over because the password is empty. Hence, the issue of too many redirects. Your routes must ignore the route for /change-password.
After this your too many redirects problem should go away.
Also, make sure your if/else logic is correct in the
handle()
method. Theelse
logic looks odd to me.Try
If the password is empty, it automatically redirects to
/change-password
route.