Search code examples
phplaravelsessionencryptionexternal

Check Laravel 5.7 login from external script not working with POST

I'm having exactly the same problem as Álvaro did here:

Check Laravel 5.7 login from external script

I had an external script I've not used since upgrading to 5.7 with the cookies encryption and now it's not working on POST requests, just GET.

I've tried the Route::any('/'... trick in his own answer, however, I can't see where he's getting the $response variable from in his sample code either - and I've tried disabling both:

\App\Http\Middleware\EncryptCookies::class,
\App\Http\Middleware\VerifyCsrfToken::class,

from the Http\Kernel

In regards to my code - it's pretty much exactly the same as his - and isn't working:

require_once __DIR__.'/../../../vendor/autoload.php';

$app = require_once __DIR__.'/../../../bootstrap/app.php';

$app->make('Illuminate\Contracts\Http\Kernel')
    ->handle(Illuminate\Http\Request::capture());

$isAuthorized = Auth::check();
if(!$isAuthorized){
    echo "Not Authorized";
    exit();
}

Seemed to have hit a dead end with this one so any advice towards a fix or even the mysterious $response would be greatly appreciated!

Edit/Update: Interestingly, I have a Route::fallback() within my routes/web.php and removing that causes auth to fail on the external GET request too, so it may actually be associated with Routing and it not being loaded from within the Laravel app router provider?

Solution

  • Got it! After such a long time working on this, maybe working through writing the question above led me to a clearer frame of mind in actually looking into this.

    To investigate, something I did was stick this in my external PHP file, just below:

    require_once __DIR__.'/../../../vendor/autoload.php';

$app = require_once __DIR__.'/../../../bootstrap/app.php';

$app->make('Illuminate\Contracts\Http\Kernel')
    ->handle(Illuminate\Http\Request::capture());

    I added this:

    echo json_encode(Route::current()->parameters());

    This simply guided me to see which route declaration was catching the request, and it was the fallback route - which doesn't match on POST.

    What made my situation (and therefore resolution) different to the original requestor / question was that my 'addons' folder was within my laravel Public folder. This meant it wasn't catching a generic / route path - but the actual addons/file.php as the route parameter.

    Therefore my resolution was simply adding this to the bottom of my routes web.php file - just before the fallback route:

    Route::any('addons/file.php', null);

    All sorted - now the addons are loaded and authenticated fine.