How to perform custom auth validation in Laravel

Question

I have created a laravel application by using custom auth. By whych, user can login using mobile number alone. And once they enter mobile number and submit they will recieve one time password on mobile as sms. And on the next screen they should enter the one time password and login in. And i have successfully implemented this funcitons.

But my problem is when i validate one time password, if its correct it log's in and if its wrong i get a error stating The GET method is not supported for this route. Supported methods: POST. , I dont know which causes this error, as all the routes are in POST only.

Please guide me to achive this, if the one time password is wrong the page should redirect to same page stating the error showing "One time password is not matched".

My Route:

Auth::routes(['login' => false]);

Route::get('/home', 'HomeController@index')->name('home');

Route::post('/otp', 'AuthController@showOtpForm')->name('otp');

Route::post('/loginsuccess', 'AuthController@loginsuccess')->name('loginsuccess');

And form tag on Login.blade.php is as follows

<form class="login-form" action="{{ route('otp') }}" method="post">

And form tag and hidden value from login page on otp.blade.php is as follows

<form class="login-form" method="POST" action="{{ route('loginsuccess') }}">

<input type="hidden" value="{{ $phone }}" name="phone">

And my Auth Controller is as follows,

 public function showOtpForm(Request $request)
    {
        try
        {
            $newotp =  mt_rand(100000, 999999);

            $user = User::where('phone', $request->phone)->firstOrFail();
            $user->otp = $newotp;
            $user->save();

            return view('auth.otp')->with('phone', $request->phone);
        }
        catch(ModelNotFoundException $e)
        {
            //dd(get_class_methods($e)); // lists all available methods for exception object
            echo "No user found, please register or try again later.";
        }

    }


    public function loginsuccess(Request $request)
    {
        try
        {
            $user = User::where('phone', $request->phone)->firstOrFail();
                if($user->otp === $request->otp)
                {
                    Auth::login($user);
                    return redirect()->route('home');
                }else{
                    return redirect()->back();
                }
        }
        catch(ModelNotFoundException $e)
        {
            dd($e);
        }
    }

Please help me to validate, if one time password is correct means it should go to route ('home') and if one time password is wrong then it should be redirect to same page on which users types one time password but with error.

Answer 1

The problem is the following statement:

return redirect()->back();

This redirects the user back on your otp route. You defined that the route is only accessible by using a POST request. The problem is that the redirection uses a GET request.

So either you think about redirecting the user to the login route like return redirect()->route('login'); so that he has to enter his mobile number again (would eventually be a little bit more secure) or you change your otp route from GET to POST like this:

Route::get('/otp', 'AuthController@showOtpForm')->name('otp');

If you change POST to GET you must also change the method in your form on the login view.

---

BTW: You can not pass login => false as parameter for Auth::routes() . Possible parameters are:

Auth::routes([
  'register' => false, // Registration Routes...
  'reset' => false, // Password Reset Routes...
  'verify' => false, // Email Verification Routes...
]);

You need to override the login route and just redirect it to home or somewhere else.