API request validation

I have created a form request to make validation logic there instead in controller.

class StoreReviewRequest extends FormRequest{}

This route should be open, available to everyone, I don't have users to authorize them. If I set false in authorize method I can't access the method in controller and I have message "403 Forbidden". If I set it to true it redirects me to the login page.

How should I "disable" authorization in form request?

public function authorize()
    {
        return true;
    }

jlrdw

4 years ago

Level 75

Have the route out of auth guard.

nkusibojoski

4 years ago

Level 1

It is out of the auth guard

<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::post('review', 'App\Http\Controllers\Api\ReviewController@store');

Or something by default is applied ?

frankielee

4 years ago

Level 29

Hi @nkusibojoski, have you set the Header to

Accept: application/json

I noticed that is an API route, normally FormRequest is for the Web route, it will return a redirect response if there is a validation error.

1 like

SilenceBringer

4 years ago

Level 55

@nkusibojoski possible you have some middlewares inside of ReviewController controller in constructor?

nkusibojoski

4 years ago

Best Answer

Level 1

That was a good starting point to fixing this problem. Thank you! Anyway, this is the solution. I have overrided the function failedValidation to return errors in json format. So if anyone needs:

protected function failedValidation(Validator $validator)
    {
        throw new HttpResponseException(response()->json($validator->errors(), 422));
    }

And here is the whole StoreReviewRequest.php

<?php

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Http\Exceptions\HttpResponseException;
use Illuminate\Contracts\Validation\Validator;
use Illuminate\Http\Response;

class StoreReviewRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'full_name' => 'required_if:isAnonymous,true|string',
            'email' => 'required_if:isAnonymous,true|email',
            'job_position' => 'string',
            'review'  => 'string',
            'overall_grade' => 'required|numeric',
            'program_grade' => 'required|numeric',
            'help_grade' => 'required|numeric',
            'instructors_grade'  => 'required|numeric',
            'communication_grade' => 'required|numeric',
            'generation' => 'required|integer'
        ];
    }

    protected function failedValidation(Validator $validator)
    {
        throw new HttpResponseException(response()->json($validator->errors(), 422));
    }
}

Please or to participate in this conversation.