Ahm*_*had 9 laravel laravel-5 laravel-passport laravel-5.6 laravel-5.7
我们可以使用带有不同守卫的 laravel 护照来验证两种不同类型用户的 API。例如,我们为驱动程序用户提供驱动程序应用程序,为供应商用户提供供应商应用程序。两者都有不同的模型驱动程序和供应商。我们如何使用不同的守卫来验证使用 Laravel Passport 的两种类型的用户?
我设法使用一个简单的中间件创建了多个身份验证(使用 laravel/passport)。
第 1 步:配置/auth.php
将您的用户类添加到提供者
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'basic_users', // default
],
],
...
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'admin_users' => [
'driver' => 'eloquent',
'model' => App\AdminUser::class,
],
'basic_users' => [
'driver' => 'eloquent',
'model' => App\BasicUser::class,
],
],
通过 CLI 清理缓存
php artisan config:cache
第二步:创建中间件
php artisan make:middleware AdminUserProvider
在 app/Http/Middleware 中打开新创建的中间件并更新hand方法如下
public function handle($request, Closure $next)
{
config(['auth.guards.api.provider' => 'admin_users']);
return $next($request);
}
第 3 步:注册您的中间件
将新创建的中间件添加到 $routeMiddleware
protected $routeMiddleware = [
...
'auth.admin' => \App\Http\Middleware\AdminUserProvider::class,
];
并确保它位于 $middlewarePriority 的顶部
protected $middlewarePriority = [
\App\Http\Middleware\AdminUserProvider::class,
...
];
第 4 步:将中间件添加到路由
Route::group(['middleware' => ['auth.admin','auth:api']], function() {
第 5 步:登录控制器(AdminUserController 和 BasicUserController)
public function login()
{
$validatedData = request()->validate([
'email' => 'required',
'password' => 'required|min:6'
]);
// get user object
$user = AdminUser::where('email', request()->email)->first();
// do the passwords match?
if (!Hash::check(request()->password, $user->password)) {
// no they don't
return response()->json(['error' => 'Unauthorized'], 401);
}
// log the user in (needed for future requests)
Auth::login($user);
// get new token
$tokenResult = $user->createToken($this->tokenName);
// return token in json response
return response()->json(['success' => ['token' => $tokenResult->accessToken]], 200);
}
总之:
登录控制器使用 Eloquent 模型获取用户对象,然后通过 Auth::login($user) 登录用户
然后对于需要身份验证的未来请求,新的中间件会将 api auth 防护提供程序更改为正确的类。
编辑:护照现在支持多个警卫用户提供商。请参考以下链接了解更多信息:
这是 auth.php 和 api.php 的示例
配置/auth.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'driver-api' => [
'driver' => 'passport',
'provider' => 'drivers',
],
'vendor-api' => [
'driver' => 'passport',
'provider' => 'vendors',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'drivers' => [
'driver' => 'eloquent',
'model' => App\Driver::class,
],
'vendors' => [
'driver' => 'eloquent',
'model' => App\Vendor::class,
],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
'drivers' => [
'provider' => 'drivers',
'table' => 'password_resets',
'expire' => 60,
],
'vendors' => [
'provider' => 'vendors',
'table' => 'password_resets',
'expire' => 60,
],
],
];
路线/api.php
<?php
use Illuminate\Http\Request;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
*/
Route::group(['namespace' => 'Driver', 'prefix' => 'driver/v1', 'middleware' => 'auth:driver-api'], function() {
// define your routes here for the "drivers"
});
Route::group(['namespace' => 'Vendor', 'prefix' => 'vendor/v1', 'middleware' => 'auth:vendor-api'], function() {
// define your routes here for the "vendors"
});
您必须修改此文件:
文件:vendor\laravel\passport\src\Bridge\UserRepository.php
复制/粘贴getUserEntityByUserCredentials以复制它并将其命名为getEntityByUserCredentials
然后,在新的重复函数中,找到以下内容:
$provider = config('auth.guards.api.provider');
并将其替换为:
$provider = config('auth.guards.'.$provider.'.provider');
文件:vendor\league\oauth2-server\src\Grant\PasswordGrant.php
在:validateUser方法中添加 $username 和 $password 之后:
$customProvider = $this->getRequestParameter('customProvider', $request);
if (is_null($customProvider)) {
throw OAuthServerException::invalidRequest('customProvider');
}
这代替了原来的行
$user = $this->userRepository->getEntityByUserCredentials(
$username,
$password,
$this->getIdentifier(),
$client,
$customProvider
);
执行此操作后,您将能够将额外的键/值对传递给您的访问令牌请求,例如:
grant_type => password,
client_id => someclientid
client_secret => somesecret,
username => someuser,
password => somepass,
client_scope => *,
provider => driver-api // Or vendor-api
我希望这对你有帮助
| 归档时间: |
|
| 查看次数: |
11563 次 |
| 最近记录: |