In this route below, what is the user() function?
Route::group(['middleware' => 'auth:api'], function () {
Route::get('user', function (Request $request) {
return $request->user();
});
});
It's an instance of the authenticated user. It's the same as auth()->user()
https://laravel.com/docs/5.4/authentication#retrieving-the-authenticated-user
A global helper returning the user making the request. Identified through auth:api
Related
In my app/Providers/RouteServiceProvider.php I defined a rate limiter:
protected function configureRateLimiting()
{
RateLimiter::for('auth', function (Request $request) {
return Limit::perMinute(10)->by($request->ip());
});
}
I added this as middleware to my route. Now, in my custom controller I would like to read the remaining attempts. How do I get this info? I tried using RateLimiter::limiter but that returns the callback defined in the for method.
web.php routes:
Route::group(['as' => 'auth.',], function () {
Route::get('login', [AuthController::class, 'index'])->name('login');
Route::post('authenticate', [AuthController::class, 'authenticate'])->name('authenticate')->middleware(['throttle:auth']);
});
Function in my AuthController:
public function authenticate(Request $request)
{
dd( RateLimiter::limiter('auth')->remaining() ); // callback error
dd( RateLimiter::remaining('auth') ); // error because I'd have to hardcode the max attempts here
}
I get this error when i am trying to logout the user
public function logout(Request $request)
{
$request->user()->tokens()->delete();
}
You need to include the API route inner the Sanctum Auth middleware like below:
Route::group(['middleware' => ['auth:sanctum']], function() {
Route::post('logout', [AuthController::class, 'logout']);
});
Auth::user()->token() is only valid by passing the Sanctum middleware.
Check this #1
Check this #2
This worked for me, Change this code in your Controller.php to,
public function logout(Request $request){
Auth::user()->tokens()->delete();
return [
'message' => 'logged out'
];
}
And make sure your Route POST request is protected in api.php, change the code to below
Route::post('/logout', [AuthController::class, 'logout'])->middleware('auth:sanctum');
use token() instead of tokens()
$request->user()->token()->delete();
Or you can use it as below.
Auth::user()->tokens->each(function($token, $key) {
$token->delete();
});
by using revoke
$user = $request->user();
foreach ($user->tokens as $token) {
$token->revoke();
}
For Logout function what Request should be Pass ? ( Access Token or any User Details?)
API Route
Route::group([
'middleware' => 'auth:api'
], function() {
Route::post('logout', 'api\LoginController#logout');
});
Controller function
public function logout(Request $request)
{
$request->user()->token()->revoke();
return $this->loggedOut($request);
}
Send just your Access Token to request. As midleware knows that given token belong to which user.
Postman request example:
I have these routes:
Auth::routes();
Route::get('/home', 'LibraryController#home');
Route::get('/', 'LibraryController#index');
Auth::routes() is generated by the command php artisan make::auth. But, i don't want the index page to be under auth middleware group, the third route in the above list.
Here is the controller methods. index() is for everyone and home() for authenticated users.
public function index()
{
return view('index');
}
public function home()
{
return view('home')->with('message','Logged in!');
}
the login users is redirected to home url:
protected $redirectTo = '/home';
But whenever i run the third route the login page appears. so, how can i remove that route from auth middleware group.
In your LibraryController before index where your controllers start you need to write
public function __construct()
{
$this->middleware('auth', ['except' => ['index']]);
}
Now every user will be able to go to index method without authentication
Documentation Reference https://laravel.com/docs/5.0/controllers#controller-middleware
Since Laravel 7.7 you can use excluded_middleware property eg:
Route::group([
'excluded_middleware' => ['auth'],
], function () {
Route::get('/home', 'LibraryController#home');
Route::get('/', 'LibraryController#index');
});
I'm using laravel 5.2 with entrust/zizaco. When the user authenticates, they have the role admin, but when I put dd(1) in my app_user role middleware the request enters it !!
The request also enters admin, and business_owner role middlewares.
And even when the user logs out, after that each of their requests goes through auth middleware !!
Route::group(['middleware' => 'auth'], function () {
Route::group(['middleware' => ['role:admin']], function (){
// Routes go here
});
Route::group(['middleware' => ['role:app_user']], function (){
// Routes go here
});
Route::group(['middleware' => ['role:business_owner']], function (){
// Routes go here
});
});
Yes, request should enter in authenticate middleware and you can write your codes in middleware.
This is laravel built in middleware for authenticate users:
public function handle($request, Closure $next)
{
if ($this->auth->guest()) { // if user isn't authenticated
if ($request->ajax()) { // if request is ajax
return response('Unauthorized.', 401); // return 401 res
} else {
return redirect()->guest('login'); // else redirect login page
}
}
return $next($request); // return next res(e.g dashboard) if user is authenticated
}