Level 2
I can't get the user from token
{"error":"token_not_provided"}
Jan 27, 2016
1
Level 2
Make my middleware roles to get the user and roles by using JWT-Auth APIs
I am working on tymon/jwt-auth. I am facing a problem when I integrate api and roles in my system. I can successfully get the token when I login the system. I don’t know how to get my token when I access admin.index view and how to make my middleware roles to get the user and roles when that user is login.
In my system, I have three roles. Members only can access some frontend pages but site owner and admin can access backend pages.
Here is my route.php
Route::group(['prefix' => 'api'], function()
{
Route::post('authenticate', 'AuthenticateController@authenticate');
Route::post('register', 'AuthenticateController@register');
Route::get('authenticate/user', 'AuthenticateController@getAuthenticatedUser');
Route::get('logout', 'AuthenticateController@logout');
});
Route::group(array('prefix' => 'admin', 'namespace' => 'Admin',
'middleware' => ['before' => 'jwt.auth', 'after' => 'role:siteowner|admin']
), function () {
Route::get('/', function()
{
return view('admin.index');
});
Route::get('roles', 'RolesController@index');
Route::get('roles/create', 'RolesController@create');
Route::post('roles/store', 'RolesController@store');
Route::get('roles/{id?}', 'RolesController@edit');
Route::post('roles/{id?}','RolesController@update');
Route::get('users', 'UsersController@index');
Route::get('users/{id?}', 'UsersController@edit');
Route::post('users/{id?}','UsersController@update');
Route::get('homebanner', 'HomeBannerController@listView');
Route::get('homebanner/recover', 'HomeBannerController@recoverView');
Route::get('homebanner/create', 'HomeBannerController@create');
Route::post('homebanner/store', 'HomeBannerController@store');
});
Here is my AuthenticateController
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Validator;
use App\User;
use App\Role;
use DB;
use Response;
class AuthenticateController extends Controller
{
public function __construct()
{
// Apply the jwt.auth middleware to all methods in this controller
// except for the authenticate method. We don't want to prevent
// the user from retrieving their token if they don't already have it
$this->middleware('jwt.auth', ['except' => ['authenticate', 'register']]);
}
public function authenticate(Request $request)
{
$credentials = $this->getCredentials($request);
try {
// verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return Response::json(['success' => false, 'message'=> '電子郵件或密碼不正確!']);
}
} catch (JWTException $e) {
// something went wrong
return response()->json(['error' => 'could_not_create_token']);
}
// if no errors are encountered we can return a JWT
return response([
'status' => 'success',
'message' => '成功登入會員',
'token' => $token
]);
}
public function getAuthenticatedUser()
{
try {
if (! $user = JWTAuth::parseToken()->authenticate()) {
return response()->json(['user_not_found'], 404);
}
} catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
return response()->json(['token_expired'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
return response()->json(['token_invalid'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\JWTException $e) {
return response()->json(['token_absent'], $e->getStatusCode());
}
$user = User::findOrFail($user->id);
$roles = array();
foreach($user->roles as $role) {
$roleArr = [
'id' => $role->id,
'name' => $role->name,
'display_name' =>$role->display_name,
'description' => $role->description,
'created_at' => $role->created_at->toDateTimeString(),
'updated_at' => $role->updated_at->toDateTimeString()
];
$roles[] = $roleArr;
}
return Response::json(array_merge($user->toArray(),['roles'=>$roles]));
}
public function register(Request $request){
$input = $request->all();
$rules = array(
'email' => 'required|email|max:255|unique:users',
'password' => 'required|min:6|confirmed',
'password_confirmation' => 'required|min:6'
);
$validator = Validator::make($input, $rules);
if ( $validator->fails() ){
return Response::json(['success' => false, 'errors' => $validator->getMessageBag()->toArray()]);
}else {
$create = User::create([
'email' => $request->input('email'),
'password' => bcrypt($request->input('password')),
]);
//when create a user, it will attach a member role
$user = User::find($create->id);
$role = Role::where('name', '=', 'member')->firstOrFail();
$user->roles()->attach($role->id);
$this->getCredentials($request);
$token = JWTAuth::fromUser($user);
return Response::json(['token' => $token, 'success' => true, 'message'=> 'success register']);
}
}
public function logout()
{
$token = JWTAuth::getToken();
if ($token) {
JWTAuth::setToken($token)->invalidate();
return Response::json(['success' => true, 'message'=> 'success logout']);
}else{
return Response::json(['success' => true, 'message'=> 'You have logout']);
}
}
protected function getCredentials(Request $request)
{
return $request->only('email', 'password');
}
}
here is my admin.php in middleware
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class Admin
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user->hasRole('admin'))
{
return $next($request);
} else {
return response('Unauthorized.', 401);
}
}
}
Please or to participate in this conversation.