starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-06 09:09:38 +03:00
Code Issues 784 Packages Projects Releases 10 Wiki Activity

Logical Theme System - custom route: auth not working, user is always guest #4446

New Issue
Closed
opened 2026-02-05 08:54:34 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2026-02-05 08:54:34 +03:00
Owner
Copy Link

Originally created by @dreiekk on GitHub (Feb 3, 2024).

Attempted Debugging

  • I have read the debugging page

Searched GitHub Issues

  • I have searched GitHub for the issue.

Describe the Scenario

I'm trying to create a custom page via the logical theme system. (https://bookstack.example.org/test)
But when I load my custom page, the user isn't authenticated anymore.

The output of auth()->guest() is always 1.

Contents of functions.php:

<?php

use BookStack\Facades\Theme;
use BookStack\Theming\ThemeEvents;

Theme::listen(ThemeEvents::APP_BOOT, function($app) {
    \Route::get('test', function () {
        dd(auth()->guest());
    });
});

When I include the middleware auth, I get redirected to /login and then immediatly to the index page where I am still logged in without entering my credentials again.

<?php

use BookStack\Facades\Theme;
use BookStack\Theming\ThemeEvents;

Theme::listen(ThemeEvents::APP_BOOT, function($app) {
    \Route::middleware('auth')->get('test', function () {
        dd(auth()->guest());
    });
});

I am using the oidc as auth_method, but the same problem occurs when using standard as auth_method.

This problem only occurs on the custom route. Everything else in BookStack is working fine.

Exact BookStack Version

v23.12.1

Log Content

no errors in /app/www/storage/logs/laravel.log

Hosting Environment

Docker Image: lscr.io/linuxserver/bookstack:v23.12.1-ls124 on linux/ubuntu host

part of docker-compose.yml

[...]

services:
  bookstack:
    image: lscr.io/linuxserver/bookstack:v23.12.1-ls124
    container_name: bookstack
    environment:
      - PUID=1000
      - PGID=1000
      - APP_URL=https://bookstack.example.org
      - DB_HOST=bookstack_db
      - DB_PORT=3306
      - DB_USER=bookstack
      - DB_PASS=xxxxxxxxxxxxxxxxxxxxxxxxxxx
      - DB_DATABASE=bookstackapp
      - AUTH_METHOD=oidc
      - AUTH_AUTO_INITIATE=true
      - OIDC_NAME=SSO
      - OIDC_DISPLAY_NAME_CLAIMS=name
      - OIDC_CLIENT_ID=bookstackapp
      - OIDC_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxx
      - OIDC_ISSUER=https://auth.example.org/xxx
      - OIDC_END_SESSION_ENDPOINT=true
      - OIDC_ISSUER_DISCOVER=true
      - OIDC_USER_TO_GROUPS=true
      - OIDC_GROUPS_CLAIM=resource_access.bookstackapp.roles
      - OIDC_ADDITIONAL_SCOPES=roles
      - OIDC_REMOVE_FROM_GROUPS=true
      - APP_PROXIES=*
      - APP_LANG=en
      - ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com"
      - APP_THEME=mytheme
    volumes:
      - bookstack_data:/config
    ports:
      - 80:80
    restart: unless-stopped
    depends_on:
      - bookstack_db

[...]
Originally created by @dreiekk on GitHub (Feb 3, 2024). ### Attempted Debugging - [x] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario I'm trying to create a custom page via the logical theme system. (`https://bookstack.example.org/test`) But when I load my custom page, the user isn't authenticated anymore. The output of `auth()->guest()` is always `1`. Contents of `functions.php`: ``` <?php use BookStack\Facades\Theme; use BookStack\Theming\ThemeEvents; Theme::listen(ThemeEvents::APP_BOOT, function($app) { \Route::get('test', function () { dd(auth()->guest()); }); }); ``` When I include the middleware `auth`, I get redirected to `/login` and then immediatly to the index page where I am still logged in without entering my credentials again. ``` <?php use BookStack\Facades\Theme; use BookStack\Theming\ThemeEvents; Theme::listen(ThemeEvents::APP_BOOT, function($app) { \Route::middleware('auth')->get('test', function () { dd(auth()->guest()); }); }); ``` I am using the `oidc` as auth_method, but the same problem occurs when using `standard` as auth_method. This problem only occurs on the custom route. Everything else in BookStack is working fine. ### Exact BookStack Version v23.12.1 ### Log Content no errors in `/app/www/storage/logs/laravel.log` ### Hosting Environment Docker Image: lscr.io/linuxserver/bookstack:v23.12.1-ls124 on linux/ubuntu host ``` part of docker-compose.yml [...] services: bookstack: image: lscr.io/linuxserver/bookstack:v23.12.1-ls124 container_name: bookstack environment: - PUID=1000 - PGID=1000 - APP_URL=https://bookstack.example.org - DB_HOST=bookstack_db - DB_PORT=3306 - DB_USER=bookstack - DB_PASS=xxxxxxxxxxxxxxxxxxxxxxxxxxx - DB_DATABASE=bookstackapp - AUTH_METHOD=oidc - AUTH_AUTO_INITIATE=true - OIDC_NAME=SSO - OIDC_DISPLAY_NAME_CLAIMS=name - OIDC_CLIENT_ID=bookstackapp - OIDC_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxx - OIDC_ISSUER=https://auth.example.org/xxx - OIDC_END_SESSION_ENDPOINT=true - OIDC_ISSUER_DISCOVER=true - OIDC_USER_TO_GROUPS=true - OIDC_GROUPS_CLAIM=resource_access.bookstackapp.roles - OIDC_ADDITIONAL_SCOPES=roles - OIDC_REMOVE_FROM_GROUPS=true - APP_PROXIES=* - APP_LANG=en - ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com" - APP_THEME=mytheme volumes: - bookstack_data:/config ports: - 80:80 restart: unless-stopped depends_on: - bookstack_db [...] ```
OVERLORD added the 🐕 Support label 2026-02-05 08:54:34 +03:00
OVERLORD commented 2026-02-05 08:54:42 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Feb 3, 2024):

Hi @dreiekk, you'd also need the web middleware, and for the middlware to be loaded in the right order.

In the last feature release I made this easier with a new ROUTES_REGISTER_WEB_AUTH event.
See the relevant part of the release blogpost for an example of how this can be used:

https://www.bookstackapp.com/blog/bookstack-release-v23-12/#logical-theme-system-events-to-register-routes

@ssddanbrown commented on GitHub (Feb 3, 2024): Hi @dreiekk, you'd also need the `web` middleware, and for the middlware to be loaded in the right order. In the last feature release I made this easier with a new `ROUTES_REGISTER_WEB_AUTH` event. See the relevant part of the release blogpost for an example of how this can be used: https://www.bookstackapp.com/blog/bookstack-release-v23-12/#logical-theme-system-events-to-register-routes
OVERLORD commented 2026-02-05 08:54:44 +03:00
Author
Owner
Copy Link

@dreiekk commented on GitHub (Feb 4, 2024):

Thanks!
Using ROUTES_REGISTER_WEB_AUTH solved this.

@dreiekk commented on GitHub (Feb 4, 2024): Thanks! Using `ROUTES_REGISTER_WEB_AUTH` solved this.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label 🐕 Support
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#4446
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?