Laravel framework 9.21 breaks authentication flow.

[devravi]

Description:

After running the composer update upgrades laravel/framework to 9.21.0 (released two days ago).
After the upgrade when the user logs in successfully, it redirects the user to the path that requires authentication, however, the user cannot see the page and the unauthenticated method of Illuminate\Auth\Middleware\Authenticate is executed.

The same issue is also present in laravel/framework version 8.83.20.

Steps to reproduce

run composer update in the root of the project,
make sure the composer.json file contains laravel/framework:^9.20.0

Expected behaviour:

After authentication user must be able to see protected pages.

Actual behaviour:

The user is considered unauthenticated and sent back to login page.

The following merge in 9.21.0 and 8.83.20 can be cause for this: laravel/framework#43278

Workaround

Lock laravel/framework in your composer.json to 9.20.0/8.83.19 to make it work.

[shopapps]

you can also add to your user model:

public function qualifyColumn($column)
    {
        if (Str::contains($column, '.')) {
            return $column;
        }

        return $column;
        //return $this->getTable().'.'.$column;
    }

as a temporary fix.

which I appreciate can be shortened to:

public function qualifyColumn($column)
    {
        return $column;
    }

but I left the rest in as this is the original code from src/Illuminate/Database/Eloquent/Model.php

[BenWalters]

Preface - I've not worked with this package/MongoDB.

However...
Judging by this function:
https://github.com/jenssegers/laravel-mongodb/blob/ad4422a98da47c1dad1fc7464e3370269be7a51d/src/Eloquent/Model.php#L77-L80

I'm assuming that this package/MongoDB doesn't support 'tables' in the same way that SQL DBs do. Therefore, 'qualifying' columns (prefixing with table names) doesn't work, thus the following needs to be implemented on the Model class:

    public function qualifyColumn($column)
    {
        return $column;
    }

As similarly suggested by @shopapps.

For future proofing I'd suggest overriding the qualifyColumns function too:

    public function qualifyColumns($columns)
    {
        return $columns;
    }

[devravi]

Thanks, @BenWalters & @shopapps,

Suggestions are working fine.

[shopapps]

Ideally, this would be included in the laravel-mongodb base model for future safety as I'm guessing prefixing the table name via dot notation could cause all kinds of issues when dealing with json docs containing sub-arrays. 🤔

[devravi]

@shopapps Agree. "collection.field" notation won't work in the case of MongoDB. (and not needed because of the way MongoDB handles joins.)

[apeisa]

I think this was reverted in the latest Laravel version 9.22.1: laravel/framework@472466e