[英]laravel passport: Request user() returning null outside auth:api middleware, and inside returning user object
When I am tring to get loggedin user details using auth:api middleware, it returns user object with details in my controller function.当我试图使用 auth:api 中间件获取登录用户详细信息时,它会在我的控制器函数中返回包含详细信息的用户对象。
api.php (with auth:api middleware returns User object)
Route::group(['middleware' => 'auth:api'], function() {
Route::get('users/mentor_details/{uuid}','UserController@getMentorProfileDetails');
});
But when I am trying to get loggedin user details outside this auth:api middleware, it returns null.但是,当我尝试在此 auth:api 中间件之外获取登录用户详细信息时,它返回 null。
api.php (without auth:api middleware return null)
Route::get('users/mentor_details/{uuid}','UserController@getMentorProfileDetails');
When the auth middleware is not provided, or is provided without specifying the guard, the default guard is used to determine the user.当没有提供 auth 中间件,或者提供了没有指定守卫时,使用默认守卫来确定用户。 Unless you have changed this in your
config/auth.php
file, the default guard is the web
guard.除非您在
config/auth.php
文件中更改了此设置,否则默认防护是web
防护。
So, when you go to a route that is not protected by a specific auth middleware, the user that is loaded is the one provided by the web
guard.因此,当您转到不受特定身份验证中间件保护的路由时,加载的用户是
web
警卫提供的用户。
Therefore, even though you may be sending the bearer token to use a specific user, the web
guard doesn't know anything about that, and since you have no user logged in via the web
guard, you are getting a null
user.因此,即使您可能正在发送不记名令牌以使用特定用户,但
web
Guard 对此一无所知,并且由于您没有通过web
Guard 登录的用户,您将获得一个null
用户。
You've got four options:你有四个选择:
Make sure the route is protected by the auth:api
middleware, which specifies the api
guard.确保路由受到
auth:api
中间件的保护,该中间件指定了api
保护。 This, however, will not allow guests to access the url.但是,这将不允许客人访问该网址。
Change your default guard to api
in your config/auth.php
file.在
config/auth.php
文件中将默认保护更改为api
。 This is probably not what you want to do, especially if you do have normal web users.这可能不是您想要做的,尤其是如果您确实有普通的网络用户。
Tell the request you want the user from the api
guard.从
api
守卫告诉你想要用户的请求。 The $request->user()
method takes a guard as an argument, so if you do $request->user('api')
, it will retrieve the user using the api
guard. $request->user()
方法需要一个守卫作为参数,所以如果你执行$request->user('api')
,它将使用api
守卫检索用户。
Get the user from the api
guard directly: auth()->guard('api')->user()
.直接从
api
guard 获取用户: auth()->guard('api')->user()
。
The auth middleware is the one returning the user. auth 中间件是返回用户的中间件。 auth:api just indicates to use the API guard.
auth:api 只是表示使用 API 防护。 In the source code of laravel, the file
vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php
line 62 , the function shouldUse is the one setting the Auth::user() object.在 laravel 的源代码中,文件
vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php
第62行,函数 shouldUse 是设置 Auth::user() 对象的函数。 Check out also vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php
shouldUse function还可以查看
vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php
shouldUse 函数
override createToken() method app\Models\User.php like below.覆盖 createToken() 方法 app\Models\User.php 如下所示。
public function createToken($user_id,$name, array $scopes = [])
{
return Container::getInstance()->make(PersonalAccessTokenFactory::class)
->make(
$user_id, $name, $scopes
);
}
And create token as given below wherever you want and explicitly pass $user_id.并在您想要的任何地方创建如下所示的令牌并显式传递 $user_id。
$user= new user();
$accessToken = $user->createToken($user_id,'authToken')->accessToken;
Now you will get $request->user()现在你会得到 $request->user()
override register() method app\Exceptions\Handler.php like below-覆盖 register() 方法 app\Exceptions\Handler.php 如下 -
public function register() {公共功能寄存器(){
$this->renderable(function (\Illuminate\Auth\AuthenticationException $e, $request) {
if ($request->is('api/*')) {
return response()->json([
'message' => 'Not authenticated'
], 401);
}
});
} }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.