[英]Laravel and Dropbox WebAuth: “Missing CSRF token in session”
I'm using Laravel 5.0 and trying to Authorize with Dropbox. 我正在使用Laravel 5.0并尝试使用Dropbox进行授权。 I'm loosely following this example: http://dropbox.github.io/dropbox-sdk-php/api-docs/v1.1.x/class-Dropbox.WebAuth.html 我松散地遵循这个例子: http : //dropbox.github.io/dropbox-sdk-php/api-docs/v1.1.x/class-Dropbox.WebAuth.html
When I go to /start. 当我去/开始。 I get redirected to Dropbox and click "Allow", but when I get redirected back to /finish, I keep getting Missing CSRF token in session. 我被重定向到Dropbox并单击“允许”,但是当我被重定向回到/完成时,我在会话中不断收到缺少的CSRF令牌。 Does anyone have any ideas? 有没有人有任何想法? I have read that $_SESSION
doesn't work in Laravel but I'm not sure how else to go about it. 我已经读过$_SESSION
在Laravel中不起作用,但我不知道怎么回事。
Here is the code I am working with: 这是我正在使用的代码:
public function start()
{
$authorizeUrl = $this->getWebAuth()->start();
return redirect()->away($authorizeUrl);
}
public function finish()
{
$test = $this->getWebAuth()->finish($_GET);
dd($test);
}
private function getWebAuth()
{
$appKey = 'key';
$appSecret = 'secret';
$appName = 'name';
$appRedirect = 'http://example.com/finish';
$appInfo = new Dropbox\AppInfo($appKey, $appSecret);
$csrfTokenStore = new Dropbox\ArrayEntryStore($_SESSION, 'dropbox-auth-csrf-token');
$webAuth = new Dropbox\WebAuth($appInfo, $appName, $appRedirect, $csrfTokenStore);
return $webAuth;
}
Update 1: 更新1:
Okay so I tried getting it working with Laravel Socialite and the Dropbox Socialite provider . 好的,所以我尝试让它与Laravel Socialite和Dropbox Socialite提供商合作 。 I changed my code to what is below, but I get an error when I hit /start. 我将我的代码更改为以下内容,但是当我点击/启动时出现错误。 Driver [dropbox] not supported
. Driver [dropbox] not supported
。 I got really confused on step 3 of the instructions, so maybe I did something wrong there. 我对指令的第3步感到困惑,所以也许我在那里做错了。
composer.json composer.json
"require": {
"laravel/framework": "5.0.*",
"dropbox/dropbox-sdk": "1.1.*",
"laravel/socialite": "~2.0",
"socialiteproviders/dropbox": "~1.0"
},
Controller 调节器
use Socialite;
class ExampleController extends Controller {
public function start()
{
return Socialite::with('dropbox')->redirect();
}
public function finish()
{
$user = Socialite::with('dropbox')->user();
dd($user->token);
}
}
config/app.php 配置/ app.php
'providers' => [
//'Laravel\Socialite\SocialiteServiceProvider',
'SocialiteProviders\Manager\ServiceProvider',
],
'aliases' => [
'Socialite' => 'Laravel\Socialite\Facades\Socialite',
],
app/Providers/EventServiceProvider.php 应用程序/提供者/ EventServiceProvider.php
protected $listen = [
'SocialiteProviders\Manager\SocialiteWasCalled' => [],
];
Update 2: 更新2:
I figured it out, I added this and it worked. 我想通了,我添加了这个并且它有效。
app/Providers/EventServiceProvider.php 应用程序/提供者/ EventServiceProvider.php
protected $listen = [
'SocialiteProviders\Manager\SocialiteWasCalled' => [
'SocialiteProviders\Dropbox\DropboxExtendSocialite@handle',
],
];
Why reinvent the wheel, if you have a wrapper that can do this for you: 为什么要重新发明轮子,如果你有一个可以为你做到这一点的包装:
https://github.com/GrahamCampbell/Laravel-Dropbox https://github.com/GrahamCampbell/Laravel-Dropbox
The reason is that the POST routes are protected with CSRF
. 原因是POST路由受CSRF
保护。 If you do not want to use a wrapper, you need to disable this security layer, but nobody would recommend that. 如果您不想使用包装器,则需要禁用此安全层,但没有人会建议这样做。
Even better is using Laravel Socialite . 更好的是使用Laravel Socialite 。 Only the fact is here that Dropbox is not natively supported in it, but this package will solve that. 只有这样的事实是Dropbox本身不支持它,但是这个包将解决这个问题。
Note: Using a Dropbox package as in @Blaatpraat's answer is generally a better idea than this. 注意:在@ Blaatpraat的答案中使用Dropbox包通常比这更好。 If you're dead-set on using your own logic, though: 但是,如果您使用自己的逻辑,那么:
Laravel 5 POST
routes (Dropbox is posting back to you at the end of the process) are protected by default by the CSRF protection middleware . Laravel 5 POST
路由(Dropbox在流程结束时回复给您)默认受CSRF保护中间件保护 。 Because Dropbox doesn't know your Laravel app's CSRF token (nor does it know to send one), the _token
parameter is missing and fails the middleware. 由于Dropbox不知道您的Laravel应用程序的CSRF令牌(也不知道发送一个),因此缺少_token
参数并使中间件失败。
You'll need to modify app/Http/Middleware/VerifyCsrfToken.php
to exempt this route. 您需要修改app/Http/Middleware/VerifyCsrfToken.php
路由。 Where it says: 在哪里说:
return parent::handle($request, $next);
You'll want something like this to bypass the CSRF check on certain routes: 你会想要这样的东西绕过某些路线上的CSRF检查:
if(\Request::is('finish') { return $next($request); }
return parent::handle($request, $next);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.