如标题所示,CreateFreshApiToken不会创建任何cookie。因此,我无法使用它来验证登录用户的其他与该用户相关的请求。
我试图在响应上设置一个cookie,它工作得很好。因此,这必须与CreateFreshApiToken无法正常工作有关。
AuthController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\User;
class AuthController extends Controller
{
public function signup(Request $request)
{
$request->validate([
'name' => 'required|string',
'email' => 'required|string|email|unique:users',
'password' => 'required|string'
]);
$user = new User([
'name' => $request->name,
'email' => $request->email,
'password' => bcrypt($request->password)
]);
$user->save();
return response()->json([
'message' => 'Successfully created user!'
], 201);
}
public function signin(Request $request)
{
$request->validate([
'email' => 'required|string|email',
'password' => 'required|string'
]);
$credentials = request(['email', 'password']);
if(!Auth::attempt($credentials))
return response()->json([
'message' => 'Unauthorized'
], 401);
$user = $request->user();
$tokenResult = $user->createToken('Personal Access Token');
$token = $tokenResult->token;
$token->save();
return response()->json([
'message' => 'Successfully signed in!'
]);
}
public function signout(Request $request)
{
$request->user()->token()->revoke();
return response()->json([
'message' => 'Successfully signed out!'
]);
}
public function user(Request $request)
{
return response()->json($request->user());
}
public function test()
{
return response()->json([
'message' => 'test'
]);
}
public function test2(Request $request)
{
return response()->json([
'laravel_token' => $request->cookie('laravel_token')
]);
}
}
Kernel.php
protected $middlewareGroups = [
'web' => [
//...
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
'api' => [
'throttle:60,1',
'bindings',
\Barryvdh\Cors\HandleCors::class,
],
];
api.php
Route::group([
'prefix' => 'auth'
], function () {
Route::post('signin', 'AuthController@signin');
Route::post('signup', 'AuthController@signup');
Route::get('test', 'AuthController@test');
Route::get('test2', 'AuthController@test2');
Route::group([
'middleware' => ['auth:api']
], function() {
Route::get('signout', 'AuthController@signout');
Route::get('user', 'AuthController@user');
});
});
这是我的角度代码:
test() {
return this.http.get('http://homestead.test/api/auth/test', {withCredentials: true})
.subscribe(response => {
console.log(response);
});
}
test2() {
return this.http.get('http://homestead.test/api/auth/test2', {withCredentials: true})
.subscribe(response => {
console.log(response);
});
}
在启用“ supportsCredentials”的情况下,我还成功地用https://github.com/barryvdh/laravel-cors设置了cors。我还发送了一个无用的GET请求,以查看cookie中是否设置了任何laravel_token,但均未成功。
答案 0 :(得分:0)
CreateFreshApiToken是web中间件组的一部分,因此要设置Cookie,您需要将登录页面设置为web路由(而不是{{1} }路线。
答案 1 :(得分:0)
我通过在登录控制器中复制CreateFreshApiToken::handler解决了这一部分问题:
$response = response()->json([], 200);
// ADD THIS LINE:
$response->cookie(\Laravel\Passport\Passport::cookie(),$request->session()->token();
return $response;