dtstnjl898781429 2019-05-12 19:11
浏览 233

在Laravel中处理未经授权的用户

I'm trying to create REST API using Laravel. I'm using JWT (Tymon\JWTAuth) to authenticate users.

Here is part of my api.php file with /api routes:

Route::middleware('auth:api')->get("match/{id}", "ApiMatchController@getMatch");
Route::middleware('auth:api')->put("match/{id}", "ApiMatchController@editMatch");

Now, I'm sending GET request to /api/match/7. Authorized user gets match details as expected. Unauthorized user is redirected to root url / but I want user to stay on the url, I just want to return HTTP code 401 - Unauthorized. Where can I change this? I can do that inside of ApiMatchController@getMatch method but I would like middleware auth:api to do that for me. Is there any way how to do this?

Then, I'm sending PUT request to /api/match/7 with some data. Request from authorized user works just fine but unauthorized user now gets HTTP code 405 - Method Not Allowed (with debug info: Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException: The PUT method is not supported for this route. Supported methods: GET, HEAD.). Why? I cleared the route cache and as you can see, there IS a defined route in api.php. This behaviour really happens just with unauthorized user.

  • 写回答

1条回答 默认 最新

  • doushi2902 2019-05-12 20:42
    关注

    About the first part:

    Authorized user gets match details as expected. Unauthorized user is redirected to root url / but I want user to stay on the url, I just want to return HTTP code 401 - Unauthorized. Where can I change this?

    This is because your default guard is web, so in that case when a user tries to access a protected route it will be redirected to the home page (by default, this can also customized of course).

    To change the default guard to api go to config/auth.php and change it like this:

    'defaults' => [
    'guard' => 'api',
    'passwords' => 'users',
],

    Note: When making HTTP Requests, add this headers:

    /** The following tells Laravel that you want a response in json format. */
Accept: application/json
/** The following is for POST/PUT/PATCH requests, it tells the request payload format. */
Content-type: application/json

    About the second part:

    Request from authorized user works just fine but unauthorized user now gets HTTP code 405 - Method Not Allowed

    PHP doesn't handle well the PUT/PATCH/DELETE methods, in order to bypass this inconvinience do a POST request and then add a hidden _method field to the form. The value sent with the _method field will be used as the HTTP request method:

    Request body (the method is case sentitive):

    Endpoint:
    /api/match/7

Headers:
    Accept: application/json
    Content-type: application/json

Payload or Body:
    _method: PUT
    ...
    评论

报告相同问题?

悬赏问题

  • ¥15 Mac系统vs code使用phpstudy如何配置debug来调试php
  • ¥15 目前主流的音乐软件,像网易云音乐,QQ音乐他们的前端和后台部分是用的什么技术实现的?求解!
  • ¥60 pb数据库修改与连接
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错
  • ¥15 单片机学习顺序问题!!
  • ¥15 ikuai客户端多拨vpn,重启总是有个别重拨不上
  • ¥20 关于#anlogic#sdram#的问题,如何解决?(关键词-performance)