- 00:00:00 so time to continue with this
- 00:00:02 application and time to work on do you
- 00:00:06 fact that currently every user is able
- 00:00:08 to check out but I want to restrict that
- 00:00:11 to locked in users only so that
- 00:00:15 certainly as something I'll work on next
- 00:00:17 a quick and easy way a level to make
- 00:00:20 sure that only locked end users can
- 00:00:22 reach the checkout page of course is to
- 00:00:25 go to the routes file then here which
- 00:00:28 you have this check out route and then
- 00:00:30 add a middleware to it add D off
- 00:00:33 middleware remember we're already using
- 00:00:35 the off malware it the user routes here
- 00:00:38 for example here where we want to
- 00:00:40 protect the profile and the logout route
- 00:00:43 so here I'm balls of protecting slash
- 00:00:46 check out and I'll also protect the post
- 00:00:49 route so that no user is able to somehow
- 00:00:52 issue a post check out requests through
- 00:00:55 the terminal or something like that
- 00:00:57 however if I do it like this and while I
- 00:01:01 reload this page
- 00:01:02 I'm redirected so I can go through a
- 00:01:04 shopping cart click checkout and I
- 00:01:06 redirect it to the sign-in page which is
- 00:01:08 great which is what I want but if I do
- 00:01:11 is sign in here I'm taken to the user
- 00:01:14 profile that and again I have to click
- 00:01:16 on shopping cart before I can actually
- 00:01:17 go to the checkout page if I click log
- 00:01:20 out while I'm redirected but it would be
- 00:01:23 nice if after signing in I would
- 00:01:26 automatically be sent to the checkout
- 00:01:28 page if that is where I wanted to go so
- 00:01:31 that this sign in it's not actually
- 00:01:33 redirecting me somewhere else thereafter
- 00:01:35 it would also be nice if I had some kind
- 00:01:38 of don't have an account yet sign up
- 00:01:42 link at the bottom and then again be
- 00:01:44 redirected to the check out page after
- 00:01:46 signing up so a bit of a more user
- 00:01:49 friendly process in this place here so
- 00:01:53 I'll first add a link here which is
- 00:01:55 pretty easy I'll go to my sign-in page
- 00:01:59 here this one and below the form I'm
- 00:02:02 adding text I just said don't have an
- 00:02:05 account
- 00:02:07 and then simply a link which says sign
- 00:02:12 up instead or something like that and
- 00:02:14 here of course this link should point to
- 00:02:17 my sign up route which is user I'll have
- 00:02:22 to look it up to be honest user user dot
- 00:02:27 sign up well that was easy
- 00:02:28 so here who's here I'll just link to
- 00:02:33 that page so now I at least have the
- 00:02:35 possibility of going to design up page
- 00:02:38 instead but still I don't have the
- 00:02:40 chance of or I don't get redirected to
- 00:02:43 the checkout page after doing so so in
- 00:02:46 order to implement that I'll need to go
- 00:02:50 to my middle aware file which I can full
- 00:02:53 find an email aware folder and here the
- 00:02:55 authenticate middleware is Tamila we're
- 00:02:57 responsible for protecting my routes
- 00:02:59 here and redirecting me and here I'm
- 00:03:02 setting up that I want to get redirected
- 00:03:03 to a user or sign in and that is of
- 00:03:06 course the correct behavior because I
- 00:03:08 want to redirect to this sign-in page if
- 00:03:10 the user is not logged in but I also
- 00:03:13 want to store the URL the user tried to
- 00:03:16 access previously to signing in so here
- 00:03:21 I will store this in my session put and
- 00:03:24 I'll just name it old URL of course you
- 00:03:27 name it whatever you want and then I'm
- 00:03:29 going to retrieve the old URL on my
- 00:03:32 request where a half does URL method
- 00:03:35 which just gives me the URL the user
- 00:03:37 wanted to access so with that I making
- 00:03:40 sure that I will actually not redirect
- 00:03:44 the user instantly but before doing so I
- 00:03:47 will at least store which URL he wanted
- 00:03:50 to access and I can also do it and here
- 00:03:52 because it's not relevant for dhx case
- 00:03:54 so with that I'm making sure that I at
- 00:03:57 least have that URL the next of course
- 00:04:00 is to use that and the place to
- 00:04:02 implement this is the user controller
- 00:04:04 here in the post sign-in method for
- 00:04:08 example I'm handling the case that the
- 00:04:10 user well is successfully logged in and
- 00:04:13 here is the place where I always
- 00:04:15 redirect to the user profile which is OK
- 00:04:19 normal sign-in process but if I wanted
- 00:04:22 to go to the checkout page then I don't
- 00:04:25 want to redirect there instead I want to
- 00:04:27 redirect to the old URL right therefore
- 00:04:29 in this off attempt check here where I
- 00:04:32 will check if the user was successfully
- 00:04:35 logged in I'll add another if block
- 00:04:37 inside of it where I just check if my
- 00:04:40 session has this old URL field because
- 00:04:45 if it doesn't have this field well then
- 00:04:47 I'm coming from somewhere else and well
- 00:04:49 I don't want to redirect there in this
- 00:04:53 case that I do have it I want to return
- 00:04:57 a redirect which then should lead to
- 00:05:00 well to does URL right so get old URL
- 00:05:05 like this I could do it like this but
- 00:05:08 actually all won't make one extra step
- 00:05:11 I'll extract the old URL here and
- 00:05:14 thereafter I'm going to forget this key
- 00:05:19 like so and then of course down here
- 00:05:23 I'll just use the old URL variable with
- 00:05:26 that I'm going to clear that old URL so
- 00:05:28 that upon futures sign-in requests I'm
- 00:05:31 not always getting redirected to
- 00:05:32 checkout page with that I set up the
- 00:05:37 redirection when signing in I'm going to
- 00:05:39 copy this code and of course I want to
- 00:05:42 do the same thing after signing up so
- 00:05:45 here in the post-synaptic out after
- 00:05:49 logging the user in here I'm also
- 00:05:51 checking if I have the over URL if I do
- 00:05:54 so I'll redirect there and if I don't
- 00:05:56 have it well then this KO here is
- 00:05:58 skipped and instead I'm just redirecting
- 00:06:01 to the user profile like that and with
- 00:06:03 that I'm making sure that I got this
- 00:06:05 well more convenient sign-in process
- 00:06:08 when I need to sign in for checking out
- 00:06:11 so with that change in place if I go
- 00:06:13 back to the application go to my
- 00:06:15 shopping cart and click on checkout then
- 00:06:18 I get this error because well first in
- 00:06:22 your controller we need to import these
- 00:06:24 sessions assayed certainly important and
- 00:06:27 I need to do this
- 00:06:28 in the authentic eight classier Soyuz
- 00:06:31 session like this okay with that if I go
- 00:06:35 back click on checkout again I redirect
- 00:06:37 it to the sign-in page and here if I
- 00:06:39 sign in with my dummy account click on
- 00:06:41 sign in now you see I'm getting to the
- 00:06:44 checkout page however one thing you'll
- 00:06:46 notice is if I lock out them I'm going
- 00:06:49 to the sign in page if I log in again
- 00:06:52 well I'm back on a checkout page and
- 00:06:54 that certainly is not to behavior one
- 00:06:57 right I want to go to the user profile
- 00:06:59 page now because checkout no longer is
- 00:07:01 my old old URL so something's going
- 00:07:05 wrong here and actually that's really
- 00:07:08 tricky if we have a look at our code we
- 00:07:11 do forget the old URL here after logging
- 00:07:15 in and that works I can tell you that so
- 00:07:18 somehow it seems to get set again at
- 00:07:22 some other place but the only place
- 00:07:24 where I do set it is here in my
- 00:07:26 authenticate Villa where here right so
- 00:07:29 it looks like we're getting to this
- 00:07:31 middle aware again and we actually do in
- 00:07:35 the user controller if I log out I'm
- 00:07:38 redirecting back now what does back mean
- 00:07:42 well if I log out here whilst only
- 00:07:45 checkout page well then back means back
- 00:07:48 to the checkout and the reason why I see
- 00:07:50 the sign-in page is just because the
- 00:07:52 checkout pages protected so here instead
- 00:07:56 of redirecting back which would lead to
- 00:07:59 old URL being set again I could simply
- 00:08:02 redirect to let's say user dot sign-in
- 00:08:07 directly doing it this way if I sign in
- 00:08:11 again you see that debugger was talking
- 00:08:14 about but if I now hit logout I'm taking
- 00:08:17 to the sign-in form and if I now log in
- 00:08:20 again we're at the user profile so now
- 00:08:22 this bug is fixed so that's definitely
- 00:08:25 an important one to keep in mind since
- 00:08:28 this is really tricky to find and it
- 00:08:31 well kind of destroys our whole work for
- 00:08:34 we set up there with that well out of
- 00:08:36 the way I can go back to
- 00:08:38 let's say logging out here then I can go
- 00:08:41 back to the you shopping cart let's say
- 00:08:44 I want to create a new user or some
- 00:08:46 quickly doing this with some dummy data
- 00:08:47 here and I'm going to be checkout page
- 00:08:50 as well with that I'm then able to
- 00:08:53 actually do the checkout I'll use this
- 00:08:56 dummy credit card number again some date
- 00:09:00 in the future some dummy CBC code here
- 00:09:04 don't save this purchase was successful
- 00:09:07 and if we have a look at the database
- 00:09:09 the orders table we get a new order now
- 00:09:12 related to user free which makes sense
- 00:09:14 because data ste user I just created
- 00:09:17 with this test free email address here