laravel-mongodb icon indicating copy to clipboard operation
laravel-mongodb copied to clipboard

Published 20 hours ago verified publisher icon mongodb

Laravel framework 9.21 breaks authentication flow.

Open devravi opened this issue 2 years ago • 6 comments

Description:

After running the composer update upgrades laravel/framework to 9.21.0 (released two days ago). After the upgrade when the user logs in successfully, it redirects the user to the path that requires authentication, however, the user cannot see the page and the unauthenticated method of Illuminate\Auth\Middleware\Authenticate is executed.

The same issue is also present in laravel/framework version 8.83.20.

Steps to reproduce

run composer update in the root of the project, make sure the composer.json file contains laravel/framework:^9.20.0

Expected behaviour:

After authentication user must be able to see protected pages.

Actual behaviour:

The user is considered unauthenticated and sent back to login page.

The following merge in 9.21.0 and 8.83.20 can be cause for this: https://github.com/laravel/framework/pull/43278

Workaround

Lock laravel/framework in your composer.json to 9.20.0/8.83.19 to make it work.

devravi avatar Jul 21 '22 12:07 devravi

you can also add to your user model:

public function qualifyColumn($column)
    {
        if (Str::contains($column, '.')) {
            return $column;
        }

        return $column;
        //return $this->getTable().'.'.$column;
    }

as a temporary fix.

which I appreciate can be shortened to:

public function qualifyColumn($column)
    {
        return $column;
    }

but I left the rest in as this is the original code from src/Illuminate/Database/Eloquent/Model.php

shopapps avatar Jul 21 '22 15:07 shopapps

Preface - I've not worked with this package/MongoDB.

However... Judging by this function: https://github.com/jenssegers/laravel-mongodb/blob/ad4422a98da47c1dad1fc7464e3370269be7a51d/src/Eloquent/Model.php#L77-L80

I'm assuming that this package/MongoDB doesn't support 'tables' in the same way that SQL DBs do. Therefore, 'qualifying' columns (prefixing with table names) doesn't work, thus the following needs to be implemented on the Model class:

    public function qualifyColumn($column)
    {
        return $column;
    }

As similarly suggested by @shopapps.

For future proofing I'd suggest overriding the qualifyColumns function too:

    public function qualifyColumns($columns)
    {
        return $columns;
    }

BenWalters avatar Jul 21 '22 21:07 BenWalters

Thanks, @BenWalters & @shopapps,

Suggestions are working fine.

devravi avatar Jul 22 '22 13:07 devravi

Ideally, this would be included in the laravel-mongodb base model for future safety as I'm guessing prefixing the table name via dot notation could cause all kinds of issues when dealing with json docs containing sub-arrays. 🤔

shopapps avatar Jul 22 '22 13:07 shopapps

@shopapps Agree. "collection.field" notation won't work in the case of MongoDB. (and not needed because of the way MongoDB handles joins.)

devravi avatar Jul 22 '22 13:07 devravi

I think this was reverted in the latest Laravel version 9.22.1: https://github.com/laravel/framework/commit/472466e4b67273e3a9f092a0f667ba7689651a3d

apeisa avatar Aug 01 '22 08:08 apeisa