fix: replace route closures with controllers, add Argon2id password migration

- Replace closures in web.php and auth.php with dedicated controllers (LoginRedirectController, LogoutController, TwoFactorChallengeController, EmailVerificationController) to fix route caching issues - Add migration to increase password column to VARCHAR(255) for Argon2id support - Fix 500 error caused by route cache incompatibility with closures
2026-05-20 23:40:18 +02:00
parent 75b78c17fa
commit 1fe8d10c90
7 changed files with 106 additions and 14 deletions
@@ -0,0 +1,19 @@
 <?php
 declare(strict_types=1);
 namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 class EmailVerificationController extends Controller
 {
    public function __invoke(Request $request): RedirectResponse
    {
        $request->user()->sendEmailVerificationNotification();
        return back()->with('status', 'verification-link-sent');
    }
 }
@@ -0,0 +1,16 @@
 <?php
 declare(strict_types=1);
 namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use Illuminate\Http\RedirectResponse;
 class LoginRedirectController extends Controller
 {
    public function __invoke(): RedirectResponse
    {
        return to_route('welcome');
    }
 }
@@ -0,0 +1,22 @@
 <?php
 declare(strict_types=1);
 namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Session;
 class LogoutController extends Controller
 {
    public function __invoke(): RedirectResponse
    {
        Auth::guard('web')->logout();
        Session::invalidate();
        Session::regenerateToken();
        return redirect('/');
    }
 }
@@ -0,0 +1,16 @@
 <?php
 declare(strict_types=1);
 namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use Illuminate\Contracts\View\View;
 class TwoFactorChallengeController extends Controller
 {
    public function __invoke(): View
    {
        return view('auth.two-factor-challenge');
    }
 }
@@ -0,0 +1,24 @@
 <?php
 declare(strict_types=1);
 use Illuminate\Database\Migrations\Migration;
 use Illuminate\Database\Schema\Blueprint;
 use Illuminate\Support\Facades\Schema;
 return new class extends Migration
 {
    public function up(): void
    {
        Schema::table('users', function (Blueprint $table) {
            $table->string('password', 255)->change();
        });
    }
    public function down(): void
    {
        Schema::table('users', function (Blueprint $table) {
            $table->string('password', 60)->change();
        });
    }
 };
@@ -1,6 +1,8 @@
 <?php
 use App\Http\Controllers\Auth\EmailVerificationController;
 use App\Http\Controllers\Auth\SocialAuthController;
 use App\Http\Controllers\Auth\TwoFactorChallengeController;
 use Illuminate\Support\Facades\Route;
 use Laravel\Fortify\Features;
 use Laravel\Fortify\Http\Controllers\RegisteredUserController;
@@ -38,14 +40,11 @@ Route::middleware(['guest', 'throttle:60,1'])->group(function () {
 });
 // Two factor challenge login
-Route::get('/two-factor-challenge', static fn () => view('auth.two-factor-challenge'))->name('two-factor.login');
+Route::get('/two-factor-challenge', TwoFactorChallengeController::class)->name('two-factor.login');
 // Email verification resend
-Route::post('/email/verification-notification', static function () {
+Route::post('/email/verification-notification', EmailVerificationController::class)
-    request()->user()->sendEmailVerificationNotification();
+    ->middleware(['auth', 'throttle:6,1'])->name('verification.send');
    return back()->with('status', 'verification-link-sent');
 })->middleware(['auth', 'throttle:6,1'])->name('verification.send');
 // Two factor challenge with throttle
 if (Features::enabled(Features::twoFactorAuthentication())) {
@@ -1,5 +1,7 @@
 <?php
 use App\Http\Controllers\Auth\LoginRedirectController;
 use App\Http\Controllers\Auth\LogoutController;
 use App\Http\Controllers\Miscellaneous\HomeController;
 use App\Http\Controllers\Miscellaneous\InstallationController;
 use App\Http\Controllers\Miscellaneous\LocaleController;
@@ -32,19 +34,13 @@ Route::middleware(['maintenance', 'check.ban', 'force.staff.2fa'])->group(functi
    // Home routes (guest only)
    Route::middleware(['guest', 'throttle:60,1'])->withoutMiddleware('force.staff.2fa')->group(function () {
-        Route::get('/login', static fn () => to_route('welcome'))->name('login');
+        Route::get('/login', LoginRedirectController::class)->name('login');
        Route::get('/', HomeController::class)->name('welcome');
        Route::get('/home', HomeController::class)->name('home');
    });
    // Logout route
-    Route::post('/logout', static function () {
+    Route::post('/logout', LogoutController::class)->name('logout');
        auth()->guard('web')->logout();
        session()->invalidate();
        session()->regenerateToken();
        return redirect('/');
    })->name('logout');
    // Authenticated routes
    Route::middleware('auth')->group(function () {