Sentry 2 + Laravel 4过滤器重定向不起作用

时间:2014-05-27 18:31:50

标签: php rest laravel cartalyst-sentry

我使用Laravel 4和Sentry 2,一切似乎都运转良好,除此之外:

当用户没有登录时,不是将他重定向到带有flash消息的登录页面,而是404.我尝试了很多东西,从不同的项目中获得了不同的过滤器,尝试了不同的重定向,但没有好像在起作用。这是我现在的过滤器

<?php

/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/

/*App::before(function ($request) {
    //
});

App::after(function ($request, $response) {
    //
});*/


App::before(function ($request) {
    //
});


App::after(function ($request, $response) {
    //
});

/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/

/*Route::filter('auth', function () {
    if (Auth::guest()) return Redirect::guest('login');
});

Route::filter('auth.basic', function () {
    return Auth::basic();
});
*/

Route::filter('auth', function () {
    if (!Sentry::check()) return Redirect::route('login');
});

Route::filter('inGroup', function ($route, $request, $value) {
    if (!Sentry::check()) return Redirect::route('login');

    // we need to determine if a non admin user
    // is trying to access their own account.
    $userId = Route::input('users');

    try {
        $user = Sentry::getUser();

        $group = Sentry::findGroupByName($value);

        if ($userId != Session::get('userId') && (!$user->inGroup($group))) {
            Session::flash('error', trans('users.noaccess'));

            return Redirect::route('home');
        }
    } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
        Session::flash('error', trans('users.notfound'));

        return Redirect::route('login');
    } catch (Cartalyst\Sentry\Groups\GroupNotFoundException $e) {
        Session::flash('error', trans('groups.notfound'));

        return Redirect::route('login');
    }
});

/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/

/*Route::filter('guest', function () {
    if (Auth::check()) return Redirect::to('/');
});*/

Route::filter('guest', function () {
    if (Auth::check()) return Redirect::to('/');
});

/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/

/*Route::filter('csrf', function () {
    if (Session::token() != Input::get('_token')) {
        throw new Illuminate\Session\TokenMismatchException;
    }
});*/

Route::filter('csrf', function () {
    // var_dump($_SESSION);
    //            var_dump($_POST);
    //            die();

    // TODO: Rewrite this tree of conditionals
    if (Session::token() !== Input::get('_token') || Session::token() === NULL || Input::get('_token') === NULL) {
        // Session token and form tokens do not match or one is empty
        if (App::environment() === 'testing') {
            // We only want to allow CSRF override if we're running tests
            if (Input::get('IgnoreCSRFTokenError') === TRUE) {
                // Allow CSRF override in testing environment
                return;
            } else {
                // Handle CSRF normally
                throw new Illuminate\Session\TokenMismatchException;
            }
        } else {
            // @codeCoverageIgnoreStart

            // Handle CSRF normally
            throw new Illuminate\Session\TokenMismatchException;

            // @codeCoverageIgnoreEnd
        }
    }
});

/*----------------------------------------------------------------------------------------------*/

// ############# Sentry group permissions #############

Route::filter('sentryAuth', function () {
    if (!Sentry::check()) {
        return Redirect::guest('login')->with('flashMessage', Lang::get('flashMessages.login_required'));
    }
});

ROUTE:

<?php


Route::group(array('before' => "sentryAuth"), function () {

    Route::controller('products', 'ProductsController');
});

很抱歉,如果我不够清楚的话。让我知道,我会澄清。我非常感谢能帮助我解决这个问题的任何帮助。同样,过滤器确实阻止用户访问该页面,但它不是重定向到登录页面而是404。

谢谢。

0 个答案:

没有答案