arubacao / http-basic-auth-guard Goto Github PK
View Code? Open in Web Editor NEWHTTP Basic Auth Guard for Lumen 5.x
License: MIT License
HTTP Basic Auth Guard for Lumen 5.x
License: MIT License
Can you add sessions to your project? Is it possible to use illuminate/session or something similar with your basic auth guard?
Maybe something like this? http://qiita.com/mikakane/items/faa8becc85631be13156
Or maybe add support for this? https://packagist.org/packages/cuidong/lumen
Just a heads up. There seems to be an issue with bcrypt in Lumen 5.4. So you have to make sure to use:
app('hash')->make('password');
The test suite still uses the method bcrypt
which isn't available since 5.4
.
Hello! I've found your implementation, and was interested to use it with Lumen, after updating from 5.1 to 5.3 version.
I was scratching my head for a long time, wondering how to use token authorization (I use jwt) for several routes and how to use actually basic authorization for api routes. I was using basic authorization with sessions previously likewise. Everything worked fine, but there were some reasons to update, and get rid off sessions.
When I started to use your guard, everything seemed clear. I added few guards, and used them differently with routes. That was good, except the moment of using several middlewares one by one with this guard.
I believe that's because your guard doesn't have state, and it doesn't remember the user, like it was with sessions.
So I want to ask you - have you try such case? And have you thought about few middlewares with such authorization guard?
Hi,
Thank you for writing this package. I've followed the installation instructions (install package, register BasicGuardServiceProvider
in bootstrap/app.php
), however when I associate the basic
driver to the api
guard and update the routes.php
file to use the auth:api
middleware I receive the following
call_user_func_array() expects parameter 1 to be a valid callback, class
'Arubacao\BasicAuth\BasicGuard' does not have a method 'handle'
I'm using version 1.0.1 of the package, and Lumen 5.2.7. Application otherwise running fine.
Any ideas?
Thank you!
Jason
The basic()
method triggers check()
, which triggers user()
in return, which triggers onceBasic()
(since commit 372eb68). This means if you run Auth::basic()
it will always do Auth::onceBasic()
first (with the default parameters). If this passes, it will never get to logging in. Is this on purpose?
My goal is to make sure the Illuminate\Auth\Events\Login
event gets triggered, so I can check if $user->is_active === true
- and return a 401 Unauthorized
if it's false
.
Is there a better way to this? Shouldn' the login/logout events be triggered, even on onceBasic
? Maybe trigger the Logout
event at the end of the request? To keep the statelessness of the basic authentication.
Thanks for the great package btw!
I setup a fresh 5.4 Lumen application. I then uncommented the following lines in my bootstrap/app.php
:
$app->withFacades();
$app->withEloquent()
[...]
$app->routeMiddleware([
'auth' => App\Http\Middleware\Authenticate::class,
]);
[...]
$app->register(App\Providers\AppServiceProvider::class);
$app->register(App\Providers\AuthServiceProvider::class);
$app->register(Arubacao\BasicAuth\BasicGuardServiceProvider::class);
Next, I added jwt-auth-1.0.0-beta-2
to my application using the composer require. Added the below line to my AppServiceProvider
:
this->app->register(\Tymon\JWTAuth\Providers\LumenServiceProvider::class);
and did the php artisan jwt:secret step
.
The following is my web.php
router:
$app->group(['prefix' => 'api'], function($app){
$app->post('/signup', [
'uses' => 'UserController@Signup'
]);
$app->group(['middleware' => 'auth:jwt-auth'], function($app){
$app->post('/logout',[
'uses' => 'UserController@LogoutUser'
]);
});
});
In my UserContoller.php
, this is what I do:
<?php
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Tymon\JWTAuth\JWTAuth;
use App\User;
use Tymon\JWTAuth\Exceptions\JWTException;
class UserController extends Controller
{
/**
* @var \Tymon\JWTAuth\JWTAuth
*/
protected $jwt;
public function __construct(JWTAuth $jwt)
{
$this->jwt = $jwt;
}
public function Signin(Request $request)
{
try {
if (!$token = $this->jwt->attempt($request->only('email', 'password'))) {
return response()->json(['The credentials provided are invalid.'], 404);
}
} catch (JWTException $e){
return response()->json([
'message' => 'We could not sign you in. Try again later.'
], 500);
}
return response()->json(compact('token'));
}
public function LogoutUser(Request $request){
$token = $this->jwt->getToken();
if($this->jwt->invalidate($token)){
return response()->json([
'message' => 'User logged off successfully!'
], 200);
} else {
return response()->json([
'message' => 'Failed to logout user. Try again.'
], 500);
}
}
}
Now the problem is I can access the signup route and generate the jwt token. But, when I try to do a logout it says unauthorized. I have various other routes under the same middleware and all of them say the same.
There's currently no way to change what fields the basic auth system is checking for username password combinations. Would it be possible to allow this to be configurable?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.