# Authentication Guard Fix Report ## Issue Summary **Error:** `Method Illuminate\Auth\RequestGuard::attempt does not exist` **Root Cause:** The admin login was trying to use the `api` guard (Sanctum) which doesn't support the `attempt()` method. Sanctum is designed for token-based authentication, not session-based login. ## Solution Implemented ### 1. Updated Admin AuthController **File:** `app/Http/Controllers/Admin/AuthController.php` **Changes:** - Changed `Auth::attempt()` to `Auth::guard('web')->attempt()` in `storeLogin()` method - Changed `Auth::logout()` to `Auth::guard('web')->logout()` in `logout()` method - Updated error logging from `Log::debug()` to `Log::error()` for better error tracking **Why:** Explicitly specifying the `web` guard ensures that admin authentication uses session-based authentication instead of token-based Sanctum authentication. ### 2. Updated Web Routes **File:** `routes/web.php` **Changes:** - Changed `middleware(['auth'])` to `middleware(['auth:web'])` for all admin routes **Why:** This ensures that all protected admin routes explicitly use the `web` guard for authentication checks. ## Authentication Architecture ### Web Guard (Session-based) - **Used for:** Admin panel authentication - **Driver:** `session` - **Methods:** `attempt()`, `login()`, `logout()` - **Storage:** Session cookies - **Routes:** All routes in `routes/web.php` ### API Guard (Token-based) - **Used for:** API authentication - **Driver:** `sanctum` - **Methods:** `createToken()`, token validation - **Storage:** `personal_access_tokens` table - **Routes:** All routes in `routes/api.php` ## Files Modified 1. ✅ `app/Http/Controllers/Admin/AuthController.php` - Added explicit `web` guard to login/logout methods - Improved error logging 2. ✅ `routes/web.php` - Added explicit `web` guard to auth middleware 3. ✅ `config/auth.php` (from previous fix) - Added `api` guard configuration with Sanctum driver ## Testing Checklist - [ ] Admin login works correctly - [ ] Admin logout works correctly - [ ] Protected admin routes require authentication - [ ] API endpoints can use Sanctum tokens (after migration) - [ ] No authentication errors in logs ## Next Steps 1. **Test Admin Login:** - Navigate to `/login` - Enter valid credentials - Verify successful login and redirect to dashboard 2. **Run Sanctum Migration (when ready):** ```bash php artisan migrate ``` This will create the `personal_access_tokens` table needed for API authentication. 3. **Clear Caches (if needed):** ```bash php artisan config:clear php artisan route:clear php artisan cache:clear ``` ## Status ✅ **COMPLETED** - Admin authentication now explicitly uses the `web` guard and should work correctly. --- **Date:** 2026-05-06 **Issue:** Method Illuminate\Auth\RequestGuard::attempt does not exist **Resolution:** Explicitly specify `web` guard for admin authentication