Laravel 10 Upgrade - Login on Nova is causing a redirect loop

[tiagoraposeiraff]

• Laravel Version: 10.13.5
• Nova Version: 4.25.1
• PHP Version: 8.2.3

Description:

After upgrading the Laravel version from v9.52.6 to v10.13.5 the Nova login stopped working.
It keeps returning a 302 status causing a Too Many Redirects Issue.

It goes from /nova to /nova/login, back and forth.
I was able to determine via var_dump that when reaching the LoginController::authenticated() method the user is there and it's valid.
But when it reaches the Authenticate::authenticate() middleware method and tries to perform the auth check, it always returns false, on ln 63: if ($this->auth->guard($guard)->check())

I also confirmed that the $guard variable is correct (web).

I search the web for similar issues and I couldn't find any, which led me to asking for some help here with this (possible) bug.

[crynobone]

Unable to reproduce the issue and we don't have enough information to replicate this

Please provide full reproducing repository based on fresh installation as suggested in the bug report template (or you can refer to https://github.com/nova-issues for example)

[thond1st]

Hi,

Also experiencing redirect loops when accessing /nova then it redirects to nova/login repeatedly
Just upgraded from an existing Laravel Nova 3 to Laravel Nova 4 following the upgrade guide up to the section before the High Impact Changes. Other none nova routes are working fine like our /log-viewer and /docs

Everything worked fine but I needed to remove some packages:
"outl1ne/nova-multiselect-filter": "^2.0"
"pos-lifestyle/laravel-nova-date-range-filter": "^1.3"

"laravel/framework": "^8.0",
"laravel/nova": "^4.0",
PHP version 7.4
Using Laravel Passport and upgraded it from 9 to 10

Thanks

[tiagoraposeiraff]

@thond1st can you elaborate on that?
It seems you're having the issue, but on Laravel 8, correct?
Did removing those packages fixed the issue entirely? How did you debug/found out those were the problem?

Thanks!

[thond1st]

@thond1st can you elaborate on that? It seems you're having the issue, but on Laravel 8, correct? Did removing those packages fixed the issue entirely? How did you debug/found out those were the problem?

Thanks!

Hi @tiagoraposeiraff ,
Yes, I am on Laravel 8. Planning to move slowly to a later version where all 3rd party packages will be working.
Removing the packages solved the composer update errors.
I just fixed the nova/login redirect loop yesterday. I had a mistake merging Nova 3 web middleware with the one from Nova 4 inside config/nova.php. Some of the old lines shouldn't be there. Please see screenshot below.

[tiagoraposeiraff]

@thond1st thanks for the info
I do have the correct values within middleware
What do you have for api_middleware?

[thond1st]

Hi @tiagoraposeiraff, You're welcome.

'api_middleware' => [ 'nova', Authenticate::class, Authorize::class, ],

[tiagoraposeiraff]

thanks @thond1st !
I have another custom middleware before those 2, but even with that commented out, I get the same issue.

I'm having trouble figuring out why the auth check fails, since the login was successful and there's no visible error on any of the logs

[FaridAghili]

I've faced same problem before and it was because of CloudFlare's rocket loader, I've disabled that and it fixed.

[alekbless]

Hello @tiagoraposeiraff,

Did you solve this?

I've tried uninstalling third-party packages and also checked the middlewares in nova.php:

'middleware' => [ 'web', HandleInertiaRequests::class, DispatchServingNovaEvent::class, BootTools::class, ],

I'am still struggling with the redirect loop unfortunately...

[tiagoraposeiraff]

@FaridAghili thanks for the input, but we don't use Cloudflare, so it can't be it.

@alekbless no, we had to put this on hold for a while but before that we still had the same issue, no luck...

[ADdora]

Hello
I am facing the same issue (too many redirects issue) when I try to upgrade to php 8, laravel 10 and Nova 3 to Nova 4
The issue was resolved by simply updating the config/nova.php file to be like vendor/laravel/nova/config/nova.php

    'middleware' => [
        'web',
        Authenticate::class,
        DispatchServingNovaEvent::class,
        BootTools::class,
        Authorize::class,
    ],

Replace this ☝️ by this 👇

    'middleware' => [
        'web',
        HandleInertiaRequests::class,
        DispatchServingNovaEvent::class,
        BootTools::class,
    ],

    'api_middleware' => [
        'nova',
        Authenticate::class,
        Authorize::class,
    ],

You can also check upgrade docs more information as I'm having other issues after logging in 😅

Hope that help.

[tiagoraposeiraff]

thanks for the suggestion @ADdora but my config/nova.php is already setup like you suggested 🙃

[Nciky12]

"Hi there! It seems like you're encountering a tricky issue with the Nova login after upgrading Laravel. While this might not be directly related to your problem, sometimes changes in Laravel versions can affect the behavior of authentication middleware.

One thing to check might be the changes in session handling or authentication middleware in Laravel v10.13.5 compared to v9.52.6. Sometimes, such upgrades require adjustments to your application's configuration, especially if there have been changes to the default authentication configuration or session handling.

Additionally, if you've made any customizations to the authentication flow in your application, those might need to be reviewed and adapted for the new version.

Lastly, it's worth considering if any changes in your application's environment or lifestyle (e.g., server configurations, session handling, or third-party packages) could be influencing this behavior.

I hope this helps in troubleshooting the issue. If you have any more details or specific error messages, please share them, and the community might be able to provide more targeted assistance. Good luck with resolving the problem!

[alekbless]

I tried removing 'web' from the 'middleware' array, then the login screen from Nova occurred:

But of course, unable to login. So it seems that there is some problem with our middleware for 'web'. Unsure where to debug from this.

[brunocfalcao]

I can also confirm that I am having an "endless" loop after login when using the new Nova version.

On my case I also changed the nova path to be on the root path ("/") instead of "/nova".

I'll try to investigate too. But clearly the pattern is right after you log in, it starts to happen.

[brunocfalcao]

So, since when I was testing other non-nova sites I was getting the same issue, i started to doubt it was a Nova issue.

So, on my cause, the "infinite" loop got resolved with a change on my Cloudflare SSL/TLS settings:

Resolution: Use the Full (Strict) SSL/TLS encryption and NOT the flexible one.

The Cloudflare explanation is given here:
https://developers.cloudflare.com/ssl/troubleshooting/too-many-redirects/

Hope it helps!

[alekbless]

Thanks @brunocfalcao but i'am not using Cloudflare. It will probably help others though 👍

[alekbless]

It is indeed related to the Laravel\Nova\Http\Middleware\Authenticate middleware as if I remove this from api_middleware:

'api_middleware' => [ 'nova', //Authenticate::class, Authorize::class, ],

I'am able to browse but now the routes is open to unauthenticated users

[apolo-17]

It worked for me

[Rey-17]

Hello good morning.

I had a redirection problem when a user is not logged in. The solution for me was to add the login path to the nova configuration file.

'routes' => [ 'login' => '/login' ]

[davidcorreia]

hello everyone,
i too have an issue upgrading which i believe is a incompatibility with laravel/ui

+exception: ArgumentCountError
Too few arguments to function Laravel\Nova\Http\Controllers\LoginController::redirectPath(), 0 passed
in vendor/laravel/ui/auth-backend/AuthenticatesUsers.php on line 120 and exactly 1 expected
@crynobone can you confirm?

[crynobone]

Unable to reproduce this issue, the whole login flow is checked via our dusk test

[davidcorreia]

i have created a fresh install for laravel 9 ad 10 https://github.com/davidcorreia/nova-redirect-login

with the simple goal of testing a login and access /nova/dashboards/main page
it got different results

can you take a look?

[crynobone]

I don't believe that's the right way to test Nova (calling multiple request in a single tests). Does the app failed to redirect correctly using the browser as it seem pretty standard install.

[davidcorreia]

my apologies,
i was able to login using the browser on laravel 10 but not on 9 (not sure why)

[davidcorreia]

quick update:
this project im working on has began with laravel 5.x
this redirect issue was solved by using the App\Http\Middleware\Authenticate in kernel.php, that comes from the fresh installation.

i hope this can help

[ugurdnlr]

i have same issue. are there any updates? i use a "multi-tenant" structure. it works in the main domain but not in the tenant's domain.

[davidcorreia]

do you have the App\Http\Middleware\Authenticate.php in your project?

[ugurdnlr]

yes in routeMiddleware
protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate::class,

[davidcorreia]

$routeMiddleware has been renamed to $middlewareAliases https://laravel.com/docs/10.x/upgrade#middleware-aliases

[ugurdnlr]

but i am using laravel version 9 now. sorry i didn't say it at the beginning.

[davidcorreia]

ah, i only had this problem by upgrading to L10 :/

[aminkhoshzahmat]

I have the same issue, also using multi-tenancy

    "require": {
        "php": "^8.1",
        "laravel/framework": "^10.0",
        "laravel/nova": "~4.0",
        "laravel/passport": "^11.0",
        "spatie/laravel-query-builder": "^5.1",
        "stancl/tenancy": "^3.5",
         ...
    },

@tiagoraposeiraff Hi, did you find any solution to your problem?

[damilareonifade]

did you find any solution for this

[aminkhoshzahmat]

@damilareonifade
Yeah, but don't know how exactly, just changed my config/nova.php to this:

    'middleware' => [
        'web',
        HandleInertiaRequests::class,
        DispatchServingNovaEvent::class,
        BootTools::class,
        SwitchTenantMiddleware::class,
    ],

    'api_middleware' => [
        'nova',
        Authenticate::class,
        Authorize::class,
    ],

[alekbless]

I tried to compare Kernel.php from my Laravel and the new Laravel 10 installation.

The $middlewarePriority was not added to the newer version, so when I removed this from my installation it redirected successfully.

Removed this from app/Http/Kernel.php

    /**
     * The priority-sorted list of middleware.
     *
     * This forces non-global middleware to always be in the given order.
     *
     * @var array
     */
    protected $middlewarePriority = [
        \App\Http\Middleware\AddAuthHeader::class,
        \Illuminate\Auth\Middleware\Authenticate::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\Authenticate::class,
        \Illuminate\Routing\Middleware\ThrottleRequests::class,
        \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \Illuminate\Auth\Middleware\Authorize::class,
    ];

[bad-mushroom]

I stumbled upon this thread troubleshooting the same issue. In my case I have a fresh install of L10 but I'm using a custom JWT auth guard by default. For Nova, I have it set to web.

I noticed if I dumped out the Config for nova, guard is empty even though I have it set in config/Nova.php

 "domain" => null
  "path" => "/nova"
  "guard" => null
  "passwords" => null
  "middleware" => array:4 [▶]
  "api_middleware" => array:3 [▶]

'guard' => env('NOVA_GUARD', 'web'),

Even after removing the env() wrapper and hard-coding a value it was always null.

I did config:clear and all that in between changes. What ended up fixing it was manually adding the value to .env:

NOVA_GUARD=web

Looking through the Nova code, the Authenticate middleware is definitely checking for it: $guard = config('nova.guard'); so I'm not sure why it would be null 🤷

Anyway, maybe this will help out someone with the same issue.