I'm relatively new to Laravel and Backpack so please forgive me if I am asking a simple question. I have inherited a Laravel/Backpack system that I have to maintain. The general front facing website requires no authentication to access but there is a Backpack based administration area that does require authentication to access. All appears to be working, routing wise in both the general website and the admin area, except for one thing.
If a user forgets their password and they go through the "Reset Password" anchor via the login page, using the /admin/ routing group, the "Reset Password" pages gets displayed and the the email gets successfully sent and received. That's all good and great and I understand what is happening.
POST | admin/password/email | backpack.auth.password.email | Backpack\Base\app\Http\Controllers\Auth\ForgotPasswordController@sendResetLinkEmail | web,guest:admin |
GET|HEAD | admin/password/reset | backpack.auth.password.reset | Backpack\Base\app\Http\Controllers\Auth\ForgotPasswordController@showLinkRequestForm | web,guest:admin |
POST | admin/password/reset | | Backpack\Base\app\Http\Controllers\Auth\ResetPasswordController@reset | web,guest:admin |
GET|HEAD | admin/password/reset/{token} | backpack.auth.password.reset.token | Backpack\Base\app\Http\Controllers\Auth\ResetPasswordController@showResetForm | web,guest:admin |
However, when the email comes through, with the reset link on it, it is using the wrong route. It is defaulting to standard (Laravel) route to the main website and not the /admin route. For example, the reset anchor should refer to:
https://website.com/admin/password/reset/abc123?email=info@example.com
but instead the anchor is:
https://website.com/password/reset/abc123?email=info@example.com
and is picking up the resultant standard Laravel route:
GET|HEAD | password/reset | password.request | App\Http\Controllers Auth\ForgotPasswordController@showLinkRequestForm | web,guest |
GET|HEAD | password/reset/{token} | password.reset | App\Http\Controllers\Auth\ResetPasswordController@showResetForm | web,guest |
I have spent a long time digging into the code and cannot see how that is coming through. I was initially trying to debug through an Artisan server on my local host where I discovered that the anchor was set to:
http://127.0.0.1:8000/localhost/password/reset/abc123?email=info@example.com
What was strange about this was the 'localhost' bit. I looked in my .env file and
APP_URL=localhost
If I changed the APP_URL to "admin" it then worked, the anchors in the reset email were correct:
https://website.com/admin/password/reset/abc123?email=info@example.com
I wondered whether this was a deployment/dev issue so I went to the production server and the live website. The APP_URL was set correctly to
APP_URL=https://thecorrectdomain.com
If I change that APP_URL to "admin" my reset password anchors are now written correctly. That seems strange as I think the APP_URL should refer to the full website domain as shown above.
I have also seen some interesting articles where they advocate overriding the notification classes but surely that shouldn't be necessary for what should, I think, work anyway.
Has anybody any ideas on where I am going wrong?
Thanks
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire