无法使用自定义防护在Laravel 7中调用受身份验证保护的端点

时间:2020-06-23 09:43:37

标签: laravel authentication axios laravel-passport axios-laravel

我正在将Laravel 7用于一个新项目,该项目中我拥有不同类型的用户,例如customers

我允许客户通过UI登录,然后有特定的端点,我希望这个customers防护人员可以呼叫该端点,但是似乎无法正常工作。任何帮助将不胜感激。

我的监护人和提供者的定义如下:

'customers' => [
    'driver' => 'session',
    'provider' => 'customers',
],

'api-customers' => [
    'driver' => 'passport',
    'provider' => 'customers',
    'hash' => false,
],

我尝试使用Axios到达的路由在routes/api.php中进行了定义,并且我尝试了几种不同的中间件,但都行不通:

auth:api
auth.customers

auth:api是我尝试的默认防护,然后我创建了一个AuthedCustomers.php中间件(下面的代码),该中间件检查Auth::guard('customers')->check()是否返回true,并使用键将其定义为路由中间件auth.customers,如上所示。

AuthedCustomers.php 

<?php

namespace App\Http\Middleware;

use Closure;
use Auth;
use Illuminate\Http\JsonResponse;
use Symfony\Component\HttpFoundation\Response;

class AuthCustomers
{
    public function handle($request, Closure $next)
    {
        if (Auth::guard('customers')->check() === false) {
            return new JsonResponse([
                'success' => false,
                'message' => 'Unauthenticated',
            ], Response::HTTP_FORBIDDEN);
        }

        return $next($request);
    }
}

我的请求似乎已应用了XSRF令牌,这是完整的请求:

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate
Accept-Language: en,en-GB;q=0.9,en-US;q=0.8,pt;q=0.7,es;q=0.6,fr;q=0.5,de;q=0.4
Connection: keep-alive
Content-Length: 2
Content-Type: application/json;charset=UTF-8
Cookie: XSRF-TOKEN=eyJpdiI6IkY4ZDZCeGd6cUZHcHF3TEpuY0U0M0E9PSIsInZhbHVlIjoiT0xZeFpxQUZmTlNPWEZ6bUF2SUtNdkEyN2pwejZLenNmdEZCVzdvYytndlVteGs3T3FSc00wMTRXRHB4bGhNWCIsIm1hYyI6ImE2NmM4MWQ1NDEyYjNiMjYxYjM1YTBlMWY5OWQ4M2ZhZTQ5MmRjYzA2ODA0YWYyNTc5N2YwNTE3NDE1ZTU2ZDYifQ%3D%3D; cradlemoney_session=eyJpdiI6ImcraW5QdGplL1p0dGhnK2Q0THBZYkE9PSIsInZhbHVlIjoibGZ2UDNkZytoS2NBdEhsbGVKbnh0b0ZWTm9UTjNLVUdwSFZtazBidEgvSXdKNEhqQzBjV3FpaXdqdEp2amZFZSIsIm1hYyI6Ijk2NDY4YTdlOWYzOTJlODI0M2RjMGI2ZThjNDI5ZDBjMzk5ZGZjYjc1ODk4ZGYxMGQ2OTQzYmYxZDEyNWRmZjIifQ%3D%3D
DNT: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
X-Requested-With: XMLHttpRequest
X-XSRF-TOKEN: eyJpdiI6IkY4ZDZCeGd6cUZHcHF3TEpuY0U0M0E9PSIsInZhbHVlIjoiT0xZeFpxQUZmTlNPWEZ6bUF2SUtNdkEyN2pwejZLenNmdEZCVzdvYytndlVteGs3T3FSc00wMTRXRHB4bGhNWCIsIm1hYyI6ImE2NmM4MWQ1NDEyYjNiMjYxYjM1YTBlMWY5OWQ4M2ZhZTQ5MmRjYzA2ODA0YWYyNTc5N2YwNTE3NDE1ZTU2ZDYifQ==

请求

Request URL: /api/customer/6
Request Method: PATCH
Status Code: 403 Forbidden
Remote Address: 127.0.0.1:80
Referrer Policy: no-referrer-when-downgrade

响应:

{"success":false,"message":"Unauthenticated"}

使用默认保护程序通过auth:api保护api路由时,我没有问题,但是我无法终生获得axios身份验证来为我的customers保护程序工作,尝试和诊断的任何帮助我的问题将不胜感激。

0 个答案:

没有答案
相关问题
最新问题