Previously we used laravel 5.4 just fine with jwt-auth 0.5.4, we overrode BaseMiddleware.php and we added our own logic to app/Http/Middleware/TokenAuthentication.php (the purpose was to separate authorization from authentication):
// The purpose of this middleware is to check the oauth token send in the autherization header.
// If the user exists, it is attached to the rest of the requests.
// This middleware does not check authorization, that is done in TokenAuthorization.php
// see https://scotch.io/tutorials/role-based-authentication-in-laravel-with-jwt
class TokenAuthentication extends BaseMiddleware
{
public function handle($request, Closure $next)
{
if (! $token = $this->auth->setRequest($request)->getToken()) {
return $next($request);
}
try {
$token = $this->handleToken($token);
$user = $this->auth->authenticate($token);
} catch (TokenExpiredException $e) {
return $next($request);
} catch (JWTException $e) {
return $next($request);
}
$this->events->fire('tymon.jwt.valid', $user);
return $next($request);
}
private function handleToken($token)
{
$token = str_replace(['{', '}'], '', $token);
$token = str_replace(' ', '', $token);
return $token;
}
}
with our (relevant) middlewares listed in app/Http/Kernel.php like so:
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
* @var array
*/
protected $middleware = [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
..
\App\Http\Middleware\TokenAuthentication::class,
..
];
}
/**
* The application's route middleware.
* @var array
*/
protected $routeMiddleware = [
'auth.jwt' => \App\Http\Middleware\TokenAuthorization::class,
];
This all worked perfectly, but when we decided to switch to tymon 1.0.0-rc,
The problem with the new library is that this Auth::Check() keeps on failing in app/Http/Middleware/TokenAuthorization.php:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class TokenAuthorization
{
public function handle($request, Closure $next, $roles = '', $permissions = '', $validateAll = false)
{
if (Auth::check() === false) { <--- always fails here
return response()->error('Failed to authenticate because of bad credentials or an invalid authorization header :)', 401);
}
..
return $next($request);
}
}
One thing we had to change in our app/Http/Middleware/TokenAuthentication.php above is commenting this part out
$this->events->fire('tymon.jwt.valid', $user);
since the new BaseMiddleware of Tymon 1.0 has no concept of events per se.
here is the relevant part of our config/auth.php:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
What went wrong?
from Newest questions tagged laravel-5 - Stack Overflow https://ift.tt/2TP7I1n
via IFTTT
Aucun commentaire:
Enregistrer un commentaire