Laravel Passport 没有身份验证
Posted
技术标签:
【中文标题】Laravel Passport 没有身份验证【英文标题】:Laravel Passport no authentication 【发布时间】:2020-11-25 10:13:06 【问题描述】:我的 laravel 应用有一些奇怪的问题。 我已经使用 Passport 创建了一个身份验证系统,我已经根据需要安装了所有内容,但我无法对用户进行身份验证。当我登录时,它会正确创建一个令牌并且一切似乎都工作正常,但是当我想在邮递员中添加身份验证时,它总是“未经过身份验证”。这发生在 Laravel 8 中,我已经从我的 Laravel 7 应用程序中复制了所有内容,并且运行良好。我会给你一些代码。
这是我为检查身份验证而创建的中间件:
public function handle(Request $request, Closure $next)
if(!Auth::id())
return response()->json(['response' => false, 'status' => 403, 'message' => 'Not Authenticated'], 403);
else
return $next($request);
这是内核
class Kernel extends HttpKernel
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\UserSecurity::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'check.auth' => \App\Http\Middleware\UserAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
这里是 application.blade.php
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<meta name="csrf-token" content=" csrf_token() ">
<!-- <link rel="icon" href="<%= BASE_URL %>favicon.ico"> -->
<title>Vuexy - Vuejs, HTML & Laravel Admin Dashboard Template</title>
<!-- Styles -->
<link rel="stylesheet" href=" asset(mix('css/main.css')) ">
<link rel="stylesheet" href=" asset(mix('css/iconfont.css')) ">
<link rel="stylesheet" href=" asset(mix('css/material-icons/material-icons.css')) ">
<link rel="stylesheet" href=" asset(mix('css/vuesax.css')) ">
<link rel="stylesheet" href=" asset(mix('css/prism-tomorrow.css')) ">
<link rel="stylesheet" href=" asset(mix('css/app.css')) ">
<link
rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css"
/>
<!-- Favicon -->
<link rel="shortcut icon" href=" asset('images/logo/favicon.png') ">
</head>
<body>
<noscript>
<strong>We're sorry but Vuexy - Vuejs, HTML & Laravel Admin Dashboard Template doesn't work properly without javascript enabled. Please enable it to continue.</strong>
</noscript>
<div id="app">
</div>
<!-- <script src="js/app.js"></script> -->
<script src=" asset(mix('js/app.js')) "></script>
</body>
</html>
这是路由器:
Route::group(['middleware' => 'auth:api', 'middleware' => 'auth:api'], function()
Route::get('profile', [UserController::class, 'getUserDetails'])->name('profile');
Route::post('logout', [UserController::class, 'destroySession'])->name('logout');
);
现在我注意到的是,当我使用 auth:API 而不是我的中间件时,我收到如下错误:
RuntimeException: Session store not set on request. in file C:\xampp\htdocs\sss\vendor\laravel\framework\src\Illuminate\Http\Request.php on line 483
有什么想法吗?
【问题讨论】:
【参考方案1】:经过研究,我找到了解决方案,但它不适合我:
我将路由中的中间件更改为auth:api,之前是check.auth,然后我删除了\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,现在它可以工作了。
真正的问题是,为什么我的中间件不起作用?
【讨论】:
如果您不想关闭此问题,请编辑您的问题以添加此问题【参考方案2】:您的中间件不起作用,因为您没有检查正确的guard。
由于您没有在检查中提供任何保护,Laravel 将回退到默认保护,因此 web 保护(在您的 config/auth.php 中定义)。
要使您的中间件正常工作,请使用以下内容编辑该行:
if(!Auth::guard('api')->check())
真诚的
【讨论】:
在这种情况下我有 404 错误,如果我删除!在 Auth 之前不正确,但它正在“工作” 404 错误是您 Route 的另一个问题。但身份验证有效【参考方案3】:你的条件不对;你应该改写:
public function handle(Request $request, Closure $next)
if(auth()->check())
return $next($request);
return response()->json(['response' => false,'status' => 403,'message' => 'Not Authenticated'], 403);
【讨论】:
以上是关于Laravel Passport 没有身份验证的主要内容,如果未能解决你的问题,请参考以下文章
Laravel Passport身份验证问题:始终返回未经身份验证的身份
Laravel 5.3 + Passport:总是未经身份验证的错误
身份验证用户提供程序 [passport] 未使用 laravel 护照定义
如何使用 Laravel Passport (5.3) 记录身份验证尝试