stackoom
  简体   繁体   中英

Laravel Protecting Routes from other System Request

 原文  2021-12-02 19:22:30       php/ laravel/ api/ authentication/ office365

Question

We have this system that our students access to get access to other platforms that we provide, such as Office 365 with student license and other programs...

We have access to create this access links, create an route and add some availables TAGS that they provide, such as student email, student unique code, student cellphone...

This links work as a bridge to our Laravel 6.0 application, that link should send the student to an internal page that they can create their office 365 account (if they dont already have) and redefine their passwords, but the problem is, I cannot garantee that this logged user will not change manually (from dev inspector) the data that is passed from the route parameter, and access other student data and change their Office password.

The point is, I can control that this page can be only accessed from this previous URL (this system that the student is logged), and It works, but I cannot do a Middleware from my application that check's if the user is logged in other application, and we don't have any API to check authentication from this system..

Is there any way to protect our routes from this other system?

Controller method that receive this parameters coming from the other system and verify the previous URL: 

    public function index($ra, $email){
    
    if(url()->previous() != "https://other.system/" ){
        return view('errors.503');
    }
    
    $usuario = UsuariosMicrosoft::where('login', '=', $ra)->get();
    
    return view('portaloffice.pagina', compact('ra', 'email', 'usuario'));

}

This is my route:

Route::get('office365/{ra}/{email}', 'PortalOffice\PortalOfficeController@index')->name('portaloffice.usuario');

1 answers

solution1
 0  2021-12-02 20:49:20

It's generally a pretty bad idea to secure things by keeping URLs secret. They're fairly easily sniffed or guessed.

The way projects usually protect from unauthorised access is to use the Auth guard, and with a relationship between the model you're trying to protect and the User model.

After setting up the models, relationships and guards you end up with something like this in your controller:

$user = Auth::user();
$user->UsuariosMicrosoft->get()
return $user;

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Protecting Routes in Laravel 5.3 Laravel protecting routes not working Protecting routes in laravel with filters Laravel 6 authentication protecting routes Laravel 5.3 protecting routes from user have different roles protecting admin and user routes laravel 5 Laravel 4: protecting routes provided by a controller Laravel protecting routes with verified middleware not working Laravel 5.1 protecting routes with ownership using middleware Protecting Routes with Role Permissions using middleware Laravel
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM