From 5f426f9be94f24e6358762b0b4ef1a93cb0f02f8 Mon Sep 17 00:00:00 2001
From: Sven Speckmaier <sps@ipunkt.biz>
Date: Thu, 27 Feb 2020 10:36:38 +0100
Subject: [PATCH] moved RemoteUserAuthenticate before Authenticate

Having RemoteUserAuthenticate after Authenticate does nothing - a request requiring a login was already redirected away before reaching the logic to load the user from the REMOTE_USER server setting.

Moving RemoteUserAuthenticate before Authenticate fixes this.
---
 app/Foundation/Providers/RouteServiceProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Foundation/Providers/RouteServiceProvider.php b/app/Foundation/Providers/RouteServiceProvider.php
index cadbe50b8..d83e8b704 100644
--- a/app/Foundation/Providers/RouteServiceProvider.php
+++ b/app/Foundation/Providers/RouteServiceProvider.php
@@ -151,8 +151,8 @@ class RouteServiceProvider extends ServiceProvider
         ];
 
         if ($applyAlwaysAuthenticate && !$this->isWhiteListedAuthRoute($routes)) {
-            $middleware[] = Authenticate::class;
             $middleware[] = RemoteUserAuthenticate::class;
+            $middleware[] = Authenticate::class;
         }
 
         $router->group(['middleware' => $middleware], function (Router $router) use ($routes) {