I get Auth::user is null in Laravel

Question

I create middleware for an admin role using the following code:

php artisan make:middleware AdminMiddleware

After that, I create a route for the login page:

Route::get('admin/login', ['middleware'=>'web','as'=>'admin.login','uses'=>'AdminController@loginView']);
Route::post('admin/login',['middleware'=>'web','as'=>'admin.login','uses'=>'AdminController@login']);
Route::group(['prefix'=>'admin','middleware' => ['auth.admin','web']],     function()
{
    Route::get('/', ['as'=>'admin.home','uses'=>'AdminController@index']);
    Route::get('/home',    ['as'=>'admin.home','uses'=>'AdminController@index']);
});

And the controller is

class AdminController extends Controller
{
    //
    function index(){
        return 'welcome';
    }

    function loginView(){
        return view('admin.login');
    }

    function login(Request $request){
        $error = $this->validate($request, [
            'email' => 'required|email',
            'password' => 'required|min:5',
        ]);
        $email = $request->input('email');
        $password = $request->input('password');
        $remember = $request->input('remember');

        if (Auth::attempt(['email' => $email, 'password' => $password,'type'=>'admin'], $remember)) {

            // Authentication passed...
            Auth::login(Auth::user(), $remember);
            return redirect()->route('admin.home');
        }
        else{//('message', 'Login Failed')
            return redirect()->route('admin.login')->withErrors($request->all(), "message")->withInput();
        }
    }
}

And in AdminMiddleware

public function handle($request, Closure $next)
{
    var_dump(Auth::user());
    if(!Auth::check()){
        return redirect()->route('admin.login')->withErrors('You are not logged in');
    }
    elseif ($request->user()->type != 'admin'){
        dd($request->user());
        return redirect()->route('admin.login')->withErrors('You have not authority');
    }
    return $next($request);
}

The error is: I always get null for each $request->user() or Auth:user in AdminMiddleware.

Answer 1

You're passing the middleware to the route group in an incorrect order.

Right now you have this order ['auth.admin', 'web'] which means that the auth.admin middleware will be executed before the middleware from the web group, and since web contains the StartSession middleware, you won't have any session in auth.admin which is needed to get the authenticated user.

So simply switch the middleware order like so:

Route::group(['prefix'=>'admin','middleware' => ['web', 'auth.admin']], function () {
    // now the session is set up in `web` and then you have it in `auth.admin`
});

Answer 2

In my case the actual problem was a blank line before the PHP starting tag.

I used following core PHP function to redirect instead of returning a view file from controller or instead of using Laravel redirect.

header('Location: /');

It printed the actual file which had a blank line. Removing this line fixed my problem.

There were thousands of files in my code base. My assumption was that I had tried different scripts to find such blank lines at start of any file and there was no such file as per those scripts results. I assumed there was no blank line in any of my files. But header('Location: /') proved that my assumption was not wrong, and I was working on the wrong lines.