Comments (7)
Hey @driesvints, i've noticed a strange bug when writing unit tests for logout. My logout() method is the same as described above.
Test code => https://pastebin.com/LZ7wMgeg
Response i get:
{"message":"Call to undefined method Laravel\\Sanctum\\TransientToken::delete()","errors":null}
Weird thing here is that route actually works when you call it from Postman/Application, but test fails. Maybe i am doing something wrong ?
I am also facing the same issue.
from sanctum.
In my case
{"message":"Call to undefined method Laravel\Sanctum\TransientToken::delete()","errors":null}
error was because of EnsureFrontendRequestsAreStateful::class in app/Http/Kernel.php 'api' section.
As i found out (hope Im not wrong) when you include EnsureFrontendRequestsAreStateful middware Laravel try to authenticate you using CSRF token not bearerToken. And because in
vendor/laravel/sanctum/src/Guard.php
this guard check is prior you create new TransientToken.
When you try to user()->currentAccessToken()->delete()
it fails by trying to call delete() from TransientToken.
But if you want to delete bearer Token its in PersonalAccessToken
so you can PersonalAccessToken::findToken($request->bearerToken())->delete();
but this looks wrong:)
If you use Mobile Application Authentication you can simply remove EnsureFrontendRequestsAreStateful and this will fix problem.
If you want to use that middelware:
This issue can be fixed just moving this lines https://github.com/laravel/sanctum/blob/2.x/src/Guard.php#L54-L58
below this https://github.com/laravel/sanctum/blob/2.x/src/Guard.php#L60-L75
If this structure not critical that helps with this problem (or we need something to chose what token we want to use)
Also to revoke CSRF token use $request->session()->invalidate();
from sanctum.
Hey @driesvints, i've noticed a strange bug when writing unit tests for logout. My logout() method is the same as described above.
Test code => https://pastebin.com/LZ7wMgeg
Response i get:
{"message":"Call to undefined method Laravel\\Sanctum\\TransientToken::delete()","errors":null}
Weird thing here is that route actually works when you call it from Postman/Application, but test fails. Maybe i am doing something wrong ?
from sanctum.
The Bearer prefix must be added to the Header Authorization
axios.defaults.headers.Authorization = "Bearer " + token;
from sanctum.
Heya, feel free to send in a PR if you want.
from sanctum.
I'm getting the same
from sanctum.
do you find any valid solution to this issue? i want use spa and http authentication with the same code but i got error in user()->currentAccessToken()->delete(),also i use EnsureFrontendRequestsAreStateful middleware
from sanctum.
Related Issues (20)
- Sanctum middleware stops running Laravel application HOT 1
- expires_at dont set a default value from config.sanctum.expiration HOT 1
- sanctum sets as default guard here \Illuminate\Auth\AuthManager::shouldUse and not resolved HOT 1
- Reason for sanctum X-XSRF-TOKEN mismatch code 419
- Custom bearer token format returns 404 after PR #417 HOT 1
- Optional Force JSON errors HOT 1
- Expiration is not working in HOT 5
- Token Expiration issue HOT 1
- Expiration config not working HOT 4
- Data truncated for column 'tokenable_id' HOT 5
- The AuthenticateSession middleware assumes that the user has a password HOT 2
- Support expiration by seconds HOT 1
- Guest middleware not working properly with Sanctum + Inertia (+ Vue) HOT 1
- Auth guard [sanctum] is not defined. HOT 1
- Direct links to API routes HOT 1
- Migration file conflicts HOT 1
- Standalone tokens (without user model / tokenable_type relationship) HOT 1
- Update from 2.x to 3.x - isValidBearerToken() - ctype_digit() HOT 1
- SPA authentication leads to '400: bad request error' HOT 1
- Update to Laravel 11 causes 401 issues when using stateful domains HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sanctum.