Question 16634 in Laravel Question posted in
The official Laravel Documentation can be found here.

Too many redirect on laravel middleware

I have created a custom middleware and i am checking if the password field is null and redirect user to change the password but it give me redirection error, any one can help? Let me add more details i want user to redirect to /change-password if the password field is empty

so here’s the whole process.

user verify the email, redirect to /change-password route instead of dashboard if password field in the database is empty other wise we redirect them to dashboard. Users shouldn’t access any route until they didn’t update the password.

Remember i am using laravel breeze for auth

Middleware code:

<?php

namespace AppHttpMiddleware;

use AppProvidersRouteServiceProvider;
use Closure;
use IlluminateHttpRequest;
use IlluminateSupportFacadesAuth;

class ChangePasswordMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  IlluminateHttpRequest  $request
     * @param  Closure(IlluminateHttpRequest): (IlluminateHttpResponse|IlluminateHttpRedirectResponse)  $next
     * @return IlluminateHttpResponse|IlluminateHttpRedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        $user = Auth::user();

        if (empty($user->password)){
            return redirect()->route('patient.password');
        } else{
            return  redirect()->intended(RouteServiceProvider::HOME);
        }

        return $next($request);
    }
}

My Routes:

Route::middleware(['auth', 'verified', 'changepassword'])->group(function (){
   Route::get('/change-password', [PatientsController::class, 'passwordView'])->name('patient.password');
   Route::get('/dashboard', [PatientsController::class, 'index'])->name('patient.dashboard');
   Route::get('pricing', [PatientsController::class, 'pricing'])->name('patient.pricing');
});

changepassword is registered in my kernel.php and it’s a custom middleware.

i have tried to create a different group for routes but it still doesn’t work, i want changepassword middleware to force use to change the password and other routes shouldn’t work until the password field is updated

Tags:

2

Answers


  1. 0

    As mentioned in the comments, the middleware is being called over and over because the password is empty. Hence, the issue of too many redirects. Your routes must ignore the route for /change-password.

        Route::middleware(['auth', 'verified', 'changepassword'])->group(function (){
       Route::get('/change-password', [PatientsController::class, 'passwordView'])
          ->name('patient.password')
          ->withoutMiddleware([AppHttpMiddlewareChangePasswordMiddleware::class]);
       ...
       ...
    });

    After this your too many redirects problem should go away.

    Also, make sure your if/else logic is correct in the handle() method. The else logic looks odd to me.

    Login or Signup to reply.
  2. 0

    Try

    public function handle(Request $request, Closure $next)
{
    $user = Auth::user();

    if (empty($user->password)){
        abort(302, 'Please change your password', ['Location' => route('patient.password')]);
    }

    return $next($request);
}

    If the password is empty, it automatically redirects to /change-password route.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search