Laravel auth过滤器在生产服务器上失败

时间:2015-01-03 16:04:40

标签: php authentication laravel laravel-routing laravel-filters

我使用Laravel 4框架和标准的内置Auth支持。在本地环境中,一切都运行良好(MAMP,OSx),但在我的生产服务器(使用Ubuntu,Apache,Php 5.5.9的数字海洋标准映像)上,auth过滤器失败并允许访问而无需身份验证。

routes.php文件:

Route::group(['before'=>'auth'], function(){
    Route::get('admin', array('uses' => 'AdminController@home'));
    Route::get('admin/dashboard', function(){
        return Redirect::to('admin');
    });

    Route::post('payment/ok', array('uses' => 'PaymentController@ok'));
    Route::post('payment/fail', array('uses' => 'PaymentController@fail'));
    Route::get('admin/makeDMS/{id}', array('uses' => 'PaymentController@makeDMStransaction'));
    Route::get('admin/products', array('uses' => 'AdminController@products'));
    Route::get('admin/product/{id}', array('uses' => 'AdminController@product'));
    Route::get('admin/orders', array('uses' => 'AdminController@orders'));
    Route::get('admin/order/{id}', array('uses' => 'AdminController@order'));
    Route::post('admin/setOrderStatus', array('uses' => 'AdminController@setOrderStatus'));
    Route::post('admin/updateProduct', array('uses' => 'AdminController@updateProduct'));
    Route::get('admin/transactions', array('uses' => 'AdminController@transactions'));  
});

filters.php:

Route::filter('auth', function()
{
    if (Auth::guest())
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 401);
        }
        else
        {
            return Redirect::guest('login');
        }
    }
});


Route::filter('auth.basic', function()
{
    return Auth::basic();
});

Route::filter('guest', function()
{
    if (Auth::check()) return Redirect::to('/');
});

我尝试使用Route::group和控制器构造函数来保护所需的路由,但输出是相同的:具有良好凭据的登录工作,具有错误凭据的用户无法登录,但路由组应该受保护的可用于未经身份验证的用户。

我发现快速CGI模式下的php会产生这样的行为,但这是我的sudo apachectl -M输出:

Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php5_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 status_module (shared)

1 个答案:

答案 0 :(得分:1)

好的,我找到了解决方案。一如既往,RTM ......

我的环境设置为"测试"保留给单元测试,manual很好地说:

  

注意:在测试环境中禁用路由过滤器。至   启用它们,将Route :: enableFilters()添加到您的测试中。

我将环境变量更改为" production"现在一切都很好。

相关问题
最新问题