要在larvel 5.5中并通过dingo包创建双因素短信验证,我遵循以下简化的工作流程:
首先检查登录函数中的 isTwoFactorActive 是 true 还是 false,如果为 true,则发送短信并给出响应以获取收到的短信代码。如果为 false 则直接返回 token。
Route::post('auth/login', function () {
$credentials = Input::only('email', 'password');
if ( ! $token = JWTAuth::attempt($credentials) )
{
// return the 401 response
return Response::json(['error' => 'invalid_credentials'], 401);
}
if(Auth::user()->isTwoFactorActive) {
$code = rand(1000,9999); //generate sms code
$send_sms = SendSMS($code,Auth::user()->phone); //write your own code here to send SMS to user mobile
$data= collect(array('sms_code'=>$code,'token'=>$token)); // save sms_code and token in an array
Session::push(Auth::user()->id, $data); // save array into session.
return Response::json(array('login_status'=>'success','user_id'=>Auth::user()->id,'sms_required'=>'yes'));
} else {
return Response::json(array('login_status'=>'success','token'=>$token));
}
});
现在在前端检查响应是否存在令牌,然后继续显示主页或显示输入短信代码屏幕并以表单捕获短信代码,然后再次将详细信息发布到此 API。
Route::post('sms/verification', function () {
$user_id = Request::input('user_id');
$code= Request::input('code');
$data = Session::get($user_id);
if($data->sms_code == $code) {
return Response::json(array('status'=>'success','token'=>$data->token));
} else {
return Response::json(array('status'=>'failed','msg'=>'Invalid sms code!'));
}
});
如您所见,我使用会话来存储创建的令牌,以便在成功的两因素授权后发送它。但似乎我们不能在 Laravel 和 API 中使用 session。
这种情况我能做什么?
我正在使用 Laravel 8,这些更改对我来说非常有效:
找到您的 App\Http\Kernel.php 并对 'api' $middlewareGroups的保护值进行以下更改:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
Laravel API 默认设置不包括会话。但我相信你可以手动添加它们。这是我很快找到的链接。 Laravel 5.3 - 如何在没有 CSRF 的情况下将会话添加到“API”?
但是 Sessions 和 Middleware 的 Laravel 文档也可能有用。
请注意,在 Laravel 11 中,您需要转到
bootstrap/app.php
并在 withMiddleware
回调中注册 Session 中间件。
->withMiddleware(function (Middleware $middleware) {
$middleware->api(prepend: [
\Illuminate\Cookie\Middleware\EncryptCookies::class,
\Illuminate\Session\Middleware\StartSession::class,
]);
})