我使用Laravel 4和Sentry 2,一切似乎都运转良好,除此之外:
当用户没有登录时,不是将他重定向到带有flash消息的登录页面,而是404.我尝试了很多东西,从不同的项目中获得了不同的过滤器,尝试了不同的重定向,但没有好像在起作用。这是我现在的过滤器
<?php
/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
/*App::before(function ($request) {
//
});
App::after(function ($request, $response) {
//
});*/
App::before(function ($request) {
//
});
App::after(function ($request, $response) {
//
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/
/*Route::filter('auth', function () {
if (Auth::guest()) return Redirect::guest('login');
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
*/
Route::filter('auth', function () {
if (!Sentry::check()) return Redirect::route('login');
});
Route::filter('inGroup', function ($route, $request, $value) {
if (!Sentry::check()) return Redirect::route('login');
// we need to determine if a non admin user
// is trying to access their own account.
$userId = Route::input('users');
try {
$user = Sentry::getUser();
$group = Sentry::findGroupByName($value);
if ($userId != Session::get('userId') && (!$user->inGroup($group))) {
Session::flash('error', trans('users.noaccess'));
return Redirect::route('home');
}
} catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
Session::flash('error', trans('users.notfound'));
return Redirect::route('login');
} catch (Cartalyst\Sentry\Groups\GroupNotFoundException $e) {
Session::flash('error', trans('groups.notfound'));
return Redirect::route('login');
}
});
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
/*Route::filter('guest', function () {
if (Auth::check()) return Redirect::to('/');
});*/
Route::filter('guest', function () {
if (Auth::check()) return Redirect::to('/');
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
/*Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException;
}
});*/
Route::filter('csrf', function () {
// var_dump($_SESSION);
// var_dump($_POST);
// die();
// TODO: Rewrite this tree of conditionals
if (Session::token() !== Input::get('_token') || Session::token() === NULL || Input::get('_token') === NULL) {
// Session token and form tokens do not match or one is empty
if (App::environment() === 'testing') {
// We only want to allow CSRF override if we're running tests
if (Input::get('IgnoreCSRFTokenError') === TRUE) {
// Allow CSRF override in testing environment
return;
} else {
// Handle CSRF normally
throw new Illuminate\Session\TokenMismatchException;
}
} else {
// @codeCoverageIgnoreStart
// Handle CSRF normally
throw new Illuminate\Session\TokenMismatchException;
// @codeCoverageIgnoreEnd
}
}
});
/*----------------------------------------------------------------------------------------------*/
// ############# Sentry group permissions #############
Route::filter('sentryAuth', function () {
if (!Sentry::check()) {
return Redirect::guest('login')->with('flashMessage', Lang::get('flashMessages.login_required'));
}
});
ROUTE:
<?php
Route::group(array('before' => "sentryAuth"), function () {
Route::controller('products', 'ProductsController');
});
很抱歉,如果我不够清楚的话。让我知道,我会澄清。我非常感谢能帮助我解决这个问题的任何帮助。同样,过滤器确实阻止用户访问该页面,但它不是重定向到登录页面而是404。
谢谢。