Comments (10)
dillingham
commented on May 11, 2024
7
@narwy had this issue too.. easy fix is to update app/Http/Middlewares/Authenticate.php
protected function redirectTo($request)
{
if($request->is('api/*')) {
abort(401, 'Access denied');
}
if (! $request->expectsJson()) {
return route('login');
}
}from sanctum.
n10000k
commented on May 11, 2024
3
@driesvints That's correct but if you do a clean install of laravel + require this package then visit the example route without the header you get a 500 error.
from sanctum.
n10000k
commented on May 11, 2024
2
@lloy0076 thats correct but if you don’t have a login page and use laravel as a api only solution for your spa and someone accessed that route from their browsers it defaults to a 500 error. Sentry and other tools love this.
@koenhoeijmakers it’s because the Authenticate class has the expectsJson statement, if not being the redirect to Login. But that shouldn’t be a default option. Passport has this same issue also. But I’m questioning it within Airlock now to see if it’s something we can fix going forward.
There’s obviously a way around it with a big of tweaking and adding a middleware etc but I’m just thinking of those already using it for SPA and could effect those error reporting tools if someone decides they want to access direct.
from sanctum.
lloy0076
commented on May 11, 2024
I used a Laravel 6 installation, and setup Airlock.
I go to:
curl --location --request GET 'http://laravel-playground.test/api/user'
--header 'Authorization: Bearer hFiORTL2G9LAFQjn3b4rKadJZ1tFuJPUlkjIAr29rhngJqUbbImmN2FYTDcJrNjdpffpdXKWY1IEnDig '
And get:
{
"id": 1,
"name": "David Lloyd",
"email": "[email protected]",
"email_verified_at": null,
"created_at": "2019-08-24 00:28:59",
"updated_at": "2019-12-28 11:58:54"
}
Which is precisely what I expect...
from sanctum.
lloy0076
commented on May 11, 2024
If I remove the authorisation header I get a dump of the Login page (as HTML) which is also what I'd expect.
from sanctum.
koenhoeijmakers
commented on May 11, 2024
This is not an Airlock issue, this has something to do with the Authenticate middleware which defaults to a redirect to the login route, you're free to change the default to your needs.
from sanctum.
driesvints
commented on May 11, 2024
Passing the accept header is required to let the logincontroller return a json response.
from sanctum.
dillingham
commented on May 11, 2024
Wondering if having a middleware add it for api routes makes sense @driesvints 🤔
public function handle($request, Closure $next)
{
$request->headers->set('accept', 'application/json', true);
return $next($request);
}from sanctum.
driesvints
commented on May 11, 2024
@dillingham I don't think it's wise to solve this with a middleware. API consumers should pass the correct headers.
from sanctum.
dillingham
commented on May 11, 2024
@driesvints yeah you're right :) probably best to just add withHeaders in setUp
from sanctum.
Related Issues (20)
- Optional Force JSON errors HOT 1
- Expiration is not working in HOT 5
- Token Expiration issue HOT 1
- Expiration config not working HOT 4
- Data truncated for column 'tokenable_id' HOT 5
- The AuthenticateSession middleware assumes that the user has a password HOT 2
- Support expiration by seconds HOT 1
- Guest middleware not working properly with Sanctum + Inertia (+ Vue) HOT 1
- Auth guard [sanctum] is not defined. HOT 1
- Direct links to API routes HOT 1
- Migration file conflicts HOT 1
- Standalone tokens (without user model / tokenable_type relationship) HOT 1
- Update from 2.x to 3.x - isValidBearerToken() - ctype_digit() HOT 1
- SPA authentication leads to '400: bad request error' HOT 1
- Update to Laravel 11 causes 401 issues when using stateful domains HOT 1
- Issue with overriding default model HOT 1
- Could we have a more descriptive method on the request to access the model? HOT 2
- supportsToken is tied to a specific implementation detail HOT 4
- Unable to validate password using validation rules HOT 3
- Only in Sanctum 3 - Fix/unable to logout HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sanctum.