Authentication finally works.
このコミットが含まれているのは:
コミット
577e7b8d80
|
@ -2,99 +2,132 @@
|
|||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
//use Illuminate\Support\Facades\Auth;
|
||||
|
||||
use App\Transformers\UsersTransformer;
|
||||
use App\Http\Requests;
|
||||
use App\User;
|
||||
use Illuminate\Http\Request;
|
||||
use App\User;
|
||||
use JWTAuth;
|
||||
use Tymon\JWTAuth\Exceptions\JWTException;
|
||||
use Tymon\JWTAuth\Facades\JWTAuth;
|
||||
//use App\Http\Controllers\Controller;
|
||||
use Validator;
|
||||
use DB, Hash, Mail, Illuminate\Support\Facades\Password;
|
||||
|
||||
class AuthController extends BaseController {
|
||||
class AuthController extends Controller {
|
||||
/**
|
||||
* API Register
|
||||
*
|
||||
* @param Request $request
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*/
|
||||
public function register(Request $request) {
|
||||
$credentials = $request->only('username', 'password');
|
||||
|
||||
$rules = [
|
||||
'username' => 'required|max:255|unique:users',
|
||||
'email' => 'required|email|max:255|unique:users',
|
||||
];
|
||||
|
||||
$validator = Validator::make($credentials, $rules);
|
||||
|
||||
if($validator->fails()) {
|
||||
return response()->json(['success'=> false, 'error'=> $validator->messages()]);
|
||||
}
|
||||
|
||||
$username = $request->username;
|
||||
$email = $request->email;
|
||||
$password = $request->password;
|
||||
|
||||
User::create(['username' => $username, 'email' => $email, 'password' => Hash::make($password)]);
|
||||
|
||||
return $this->login($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* API Login, on success return JWT Auth token
|
||||
*
|
||||
* @param Request $request
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*/
|
||||
public function login(Request $request) {
|
||||
$credentials = $request->only('username', 'password');
|
||||
|
||||
/* if (!$token = auth()->attempt($credentials)) {
|
||||
return response()->json(['error' => 'Unauthorised'], 401);
|
||||
}
|
||||
|
||||
return $this->respondWithToken($token); */
|
||||
try {
|
||||
// verify the credentials and create a token for the user
|
||||
if (! $token = JWTAuth::attempt($credentials)) {
|
||||
return response()->json(['error' => 'invalid_credentials', 'message' => 'Wrong credentials. Try again'], 401);
|
||||
}
|
||||
} catch (JWTException $e) {
|
||||
// something went wrong
|
||||
return response()->json(['error' => 'could_not_create_token', 'message' => 'Could not create token. Try again'], 500);
|
||||
}
|
||||
// if no errors are encountered we can return a JWT
|
||||
return response()->json(compact('token'));
|
||||
}
|
||||
|
||||
public function register(Request $request) {
|
||||
$newUser = [
|
||||
'username' => $request->get('username'),
|
||||
'email' => $request->get('email'),
|
||||
'password' => bcrypt($request->get('password')),
|
||||
$rules = [
|
||||
'username' => 'required',
|
||||
'password' => 'required',
|
||||
];
|
||||
|
||||
try {
|
||||
$user = User::create($newUser);
|
||||
} catch (Exception $e) {
|
||||
return response()->json(['error' => 'User already exists.'], 401);
|
||||
$validator = Validator::make($credentials, $rules);
|
||||
|
||||
if($validator->fails()) {
|
||||
return response()->json(['success'=> false, 'error'=> $validator->messages()]);
|
||||
}
|
||||
|
||||
$token = JWTAuth::fromUser($user);
|
||||
|
||||
return response()->json(compact('token'));
|
||||
}
|
||||
|
||||
|
||||
public function me() {
|
||||
//return response()->json(auth()->user());
|
||||
try {
|
||||
if (!$user = JWTAuth::parseToken()->authenticate()) {
|
||||
return response()->json(['user_not_found'], 404);
|
||||
// attempt to verify the credentials and create a token for the user
|
||||
if (!$token = JWTAuth::attempt($credentials)) {
|
||||
return response()->json(['success' => false, 'error' => 'We cant find an account with this credentials.'], 401);
|
||||
}
|
||||
} catch (\Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
|
||||
return response()->json(['token_expired'], $e->getStatusCode());
|
||||
} catch (\Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
|
||||
return response()->json(['token_invalid'], $e->getStatusCode());
|
||||
} catch (\Tymon\JWTAuth\Exceptions\JWTException $e) {
|
||||
return response()->json(['token_absent'], $e->getStatusCode());
|
||||
}
|
||||
// the token is valid and we have found the user via the sub claim
|
||||
return $this->item($user, new UsersTransformer);
|
||||
catch (JWTException $e) {
|
||||
// something went wrong whilst attempting to encode the token
|
||||
return response()->json(['success' => false, 'error' => 'Failed to login, please try again.'], 500);
|
||||
}
|
||||
// all good so return the token
|
||||
return response()->json(['success' => true, 'data'=> [ 'token' => $token ]]);
|
||||
}
|
||||
|
||||
/*public function logout() {
|
||||
auth()->logout();
|
||||
/**
|
||||
* Log out
|
||||
* Invalidate the token, so user cannot use it anymore
|
||||
* They have to relogin to get a new token
|
||||
*
|
||||
* @param Request $request
|
||||
*/
|
||||
public function logout(Request $request) {
|
||||
$this->validate($request, ['token' => 'required']);
|
||||
|
||||
return response()->json(['message' => 'Successfully logged out']);
|
||||
}*/
|
||||
|
||||
public function refresh() {
|
||||
//return $this->respondWithToken(auth()->refresh());
|
||||
$token = JWTAuth::getToken();
|
||||
|
||||
if (!$token) {
|
||||
return $this->error('Token NOT provided!', 401);
|
||||
try {
|
||||
JWTAuth::invalidate($request->input('token'));
|
||||
return response()->json(['success' => true, 'message'=> "You have successfully logged out."]);
|
||||
} catch (JWTException $e) {
|
||||
// something went wrong whilst attempting to encode the token
|
||||
return response()->json(['success' => false, 'error' => 'Failed to logout, please try again.'], 500);
|
||||
}
|
||||
|
||||
$token = JWTAuth::refresh($token);
|
||||
|
||||
return response()->json(compact('token'));
|
||||
}
|
||||
|
||||
/*protected function respondWithToken($token) {
|
||||
/**
|
||||
* API Recover Password
|
||||
*
|
||||
* @param Request $request
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*/
|
||||
public function recover(Request $request) {
|
||||
$user = User::where('email', $request->email)->first();
|
||||
|
||||
if (!$user) {
|
||||
$error_message = "Your email address was not found.";
|
||||
return response()->json(['success' => false, 'error' => ['email'=> $error_message]], 401);
|
||||
}
|
||||
try {
|
||||
Password::sendResetLink($request->only('email'), function (Message $message) {
|
||||
$message->subject('Your Password Reset Link');
|
||||
});
|
||||
} catch (\Exception $e) {
|
||||
$error_message = $e->getMessage();
|
||||
return response()->json(['success' => false, 'error' => $error_message], 401);
|
||||
}
|
||||
|
||||
return response()->json([
|
||||
'access_token' => $token,
|
||||
'token_type' => 'bearer',
|
||||
'expires_in' => 131500
|
||||
'success' => true, 'data'=> ['message'=> 'A reset email has been sent! Please check your email.']
|
||||
]);
|
||||
}*/
|
||||
}
|
||||
|
||||
public function checkAuth(Request $request) {
|
||||
$this->validate($request, ['token' => 'required']);
|
||||
|
||||
try {
|
||||
$res = JWTAuth::parseToken()->authenticate();
|
||||
return response()->json(['success' => true, 'user_id' => $res->id]);
|
||||
} catch (JWTException $e) {
|
||||
return response()->json(['success' => false, 'error' => 'Failed to check, please try again. Token: '.$request->input('token')], 500);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
|
@ -19,7 +19,7 @@ class Kernel extends HttpKernel
|
|||
\App\Http\Middleware\TrimStrings::class,
|
||||
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
|
||||
\App\Http\Middleware\TrustProxies::class,
|
||||
//\Barryvdh\Cors\HandleCors::class,
|
||||
\Barryvdh\Cors\HandleCors::class,
|
||||
];
|
||||
|
||||
/**
|
||||
|
@ -34,7 +34,7 @@ class Kernel extends HttpKernel
|
|||
\Illuminate\Session\Middleware\StartSession::class,
|
||||
// \Illuminate\Session\Middleware\AuthenticateSession::class,
|
||||
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||
// \App\Http\Middleware\VerifyCsrfToken::class,
|
||||
\App\Http\Middleware\VerifyCsrfToken::class,
|
||||
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||
],
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ class VerifyCsrfToken extends Middleware
|
|||
* @var array
|
||||
*/
|
||||
protected $except = [
|
||||
//
|
||||
'api/auth/*',
|
||||
'api/rpc/*'
|
||||
];
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@ return [
|
|||
|
|
||||
*/
|
||||
|
||||
'name' => env('APP_NAME', 'DenkiBoard'),
|
||||
'name' => env('APP_NAME', '076 Server'),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
|
@ -12,12 +12,12 @@ return [
|
|||
|
|
||||
*/
|
||||
|
||||
/* 'supportsCredentials' => false,
|
||||
'supportsCredentials' => false,
|
||||
'allowedOrigins' => ['*'],
|
||||
'allowedOriginsPatterns' => [],
|
||||
'allowedHeaders' => ['*'],
|
||||
'allowedMethods' => ['*'],
|
||||
'exposedHeaders' => [],
|
||||
'maxAge' => 0, */
|
||||
'maxAge' => 0,
|
||||
|
||||
];
|
||||
|
|
|
@ -21,10 +21,11 @@ $api->version('v1', function ($api) {
|
|||
$api->group(['namespace' => 'App\Http\Controllers'], function ($api) {
|
||||
$api->post('/auth/login', 'AuthController@login');
|
||||
$api->post('/auth/register', 'AuthController@register');
|
||||
$api->post('/auth/refresh', 'AuthController@refresh');
|
||||
$api->post('/auth/recover', 'AuthController@recover');
|
||||
|
||||
$api->group( [ 'middleware' => ['jwt.auth'] ], function ($api) {
|
||||
$api->get('/auth/me', 'AuthController@me');
|
||||
$api->group(['middleware' => ['jwt.auth']], function ($api) {
|
||||
$api->get('/auth/logout', 'AuthController@logout');
|
||||
$api->get('/auth/getuser', 'AuthController@checkAuth');
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
@ -11,13 +11,6 @@
|
|||
|
|
||||
*/
|
||||
|
||||
header_remove('Access-Control-Allow-Origin');
|
||||
header_remove('Access-Control-Allow-Headers');
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept"');
|
||||
|
||||
// Auth::routes();
|
||||
|
||||
require(__DIR__.'/class/board.php');
|
||||
// require(__DIR__.'/class/document.php');
|
||||
// require(__DIR__.'/class/image.php');
|
||||
|
|
新しいイシューから参照