I’m following the documentation for authentication using mezzio-authentication-session that lives here:
https://docs.mezzio.dev/mezzio-authentication-session/v1/login-handler/
It works to log me in, but it doesn’t appear to properly redirect to the address I was at before the /login redirect
so for example,
- I go to mydomain.com/api/test
- It creates a session in the SessionMiddleware
- I see that the request->uri->path is ‘/api/test’
- It calls the AuthenticationMiddleware callable, which fails to authenticate, naturally, returning an unauthorizedResponse.
- This causes the a 302 Found response with a Location header of /login. There is no Referer Header
- The browser calls /login automatically
- It looks for the referer, and doesn’t find one. defaults to ‘/’
- It returns the login page to browser
- I fill out login form, and POST it
- Login succeeds and forwards the request to /
Is it the responsibility of the browser to send a Referer header or is it the responsibility of Mezzio to somehow tell the browser to submit it with the request to the new location?
If it is the responsibility of Mezzio, what am I missing from my code (I’m guessing I have to set the redirect into the session), and where should it go? LoginHandler is where I would expect, but it doesn’t get that far - it fails to authenticate first… but since it is redirecting to the login page, it appears to be behaving as expected. So, I’m not sure changing my pipeline order will help, though I have tried swapping the RouteMiddleware and the callable for the AuthenticationMiddleware, but it didn’t seem to help. Perhaps I should set it in the callable before it calls the AuthenticationMiddleware, but I don’t know. I feel like this should work just from the documentation example, since it specifically calls out the use case:
“Create a handler that will both display and handle a login form, redirecting to the originally requested location once a successful authentication occurs.”
$app->pipe(\Mezzio\Session\SessionMiddleware::class);
$app->pipe($factory->callable(
function ($request, $handler) use ($container) {
if ($request->getUri()->getPath() === '/login') {
return $handler->handle($request);
}
$authenticationMiddleware = $container->get(
Mezzio\Authentication\AuthenticationMiddleware::class
);
return $authenticationMiddleware->process($request, $handler);
}
));
$app->pipe(RouteMiddleware::class);