我正在使用密码进行用户身份验证,并且在每次身份验证后,我都会分配一个存储护照令牌的安全cookie。 A能够使用Auth::attempt()
方法成功进行身份验证,但Auth::user()
为空。即使在同一控制器中,在logout()方法上,用户也是未定义的,我什至无法Auth::logout()
。
登录方法:
public function login(Request $request)
{
$request->validate([
'email' => 'required|string|email',
'password' => 'required|string',
]);
$credentials = \request(['email', 'password']);
if (Auth::attempt($credentials)) {
$user = Auth::user();
$token = $user->createToken('Personal Access Token')->accessToken;
$cookie = $this->getSessionCookie($token);
return response()
->json([
'user' => $user,
'token' => $token,
], 200)
->cookie(
$cookie['name'],
$cookie['value'],
$cookie['minutes'],
$cookie['path'],
$cookie['domain'],
$cookie['secure'],
$cookie['httponly'],
$cookie['samesite']
);
} else {
return response()->json([
'error' => 'Invalid Credentials',
], 422);
}
}
注销方法:
public function logout(Request $request)
{
$request->user()->token()->each(function ($token, $key) {
$token->delete();
});
$cookie = \Cookie::forget('auth_token');
Auth::logout();
return response()->json([
'message' => 'Logged out successfully.'
], 200)->withCookie($cookie);
}
这里Auth::logout()
产生Method Illuminate\Auth\RequestGuard::logout does not exist.
,否则注销成功。
我的API路线:
Route::group(['prefix' => 'v1'], function() {
// Authentication
Route::post('/login', 'AuthController@login');
Route::post('/register', 'AuthController@register');
Route::post('/password/reset', 'AuthController@sendPasswordResetLink');
Route::post('/password/update', 'AuthController@callResetPassword');
// Articles
Route::get('/articles', 'ArticleController@index');
Route::middleware(['auth.header', 'auth:api'])->group(function () {
// Get Logged in User
Route::get('/user', function (Request $request) {
return $request->user(); // returns the actual logged in user
});
// Articles
Route::post('/articles', 'ArticleController@store');
Route::get('/articles/{id}', 'ArticleController@show');
Route::put('/articles/{id}', 'ArticleController@update');
Route::delete('/articles/{id}', 'ArticleController@destroy');
// Log Out
Route::post('/logout', 'AuthController@logout');
});
});
Auth::user()
为空的示例控制器:
class ArticleController extends Controller
{
public function index(Request $request)
{
$user = \auth()->user(); // null
$user = Auth::user(); // null
$user = $request->user(); // null
}
}
在索引方法中,我知道为什么用户为null,因为路由没有包装在auth:api
中间件中,但是即使不需要它,我也将如何在此方法中获得auth用户。
我确定我缺少什么,但我不知道。我很乐意提供更多代码。
编辑:我的auth.api
中间件:
class AuthenticationHeader
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->bearerToken()) {
if ($request->hasCookie('auth_token')) {
$token = $request->cookie('auth_token');
$request->headers->add(['Authorization' => 'Bearer ' . $token]);
}
}
return $next($request);
}
}