令牌不匹配执行 - laravel auth

Question

我有以下路线

Route::controller('users', 'UsersController');

控制器

class UsersController extends BaseController {
    protected $layout = "layouts.login";

    public function __construct() {
        $this->beforeFilter('csrf', array('on'=>'post'));
        $this->beforeFilter('auth', array('only'=>array('getDashboard')));
    }


    public function getRegister() {
    $this->layout->content = View::make('users.register');
    }


    public function logout() {
        Auth::logout();
        return Redirect::to('users/login')
        ->with('message', 'Good Bye')
        ->withInput();
    }

    public function getLogin() {
        $this->layout->content = View::make('users.login');
    }

    public function postSignin() {
        if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password'),'role'=>'admin'))) {
    return Redirect::to('mix/dashboard')->with('message', 'You are now logged in!');
    } 
    else {
    return Redirect::to('users/login')
        ->with('message', 'Your username/password combination was incorrect')
        ->withInput();
}         
    }

    public function postCreate() {
        $validator = Validator::make(Input::all(), User::$rules);

        if ($validator->passes()) {
            // validation has passed, save user in DB
            $user = new User;
            $user->firstname = Input::get('firstname');
            $user->lastname = Input::get('lastname');
            $user->email = Input::get('email');
            $user->password = Hash::make(Input::get('password'));
            $user->save();

            return Redirect::to('users/login')->with('message', 'Thanks for registering!');

        } else {
            // validation has failed, display error messages    
            return Redirect::to('users/register')->with('message', 'The following errors occurred')->withErrors($validator)->withInput();

        }
    }


}

查看

<div class="login-body">
<h2>SIGN IN</h2>
<form method="post" action="{{Request::root()}}/users/Signin">


    <div class="control-group">
        <div class="email controls">
        {{ Form::text('email', null, array('class'=>'input-block-level', 'placeholder'=>'Email Address', 'data-rule-required'=>'true' ,'data-rule-email'=>'true')) }}
        </div>
    </div>  
    <div class="control-group">
        <div class="pw controls">
            {{ Form::password('password', array('class'=>'input-block-level', 'placeholder'=>'Password','data-rule-required'=>'true')) }}
            <input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
        </div>
    </div>
   <div class="submit">
    <div class="remember">
        <input type="checkbox" name="remember" class='icheck-me' data-skin="square" data-color="blue" id="remember"> <label for="remember">Remember me</label>
    </div>
    {{ Form::submit('Login', array('class'=>'btn btn-primary'))}}

{{ Form::close() }}

<div class="forget">
                <a href="#"><span>Forgot password?</span></a>
            </div>
        </div>

每当我尝试登录时，它都会显示 tokenmismatch 异常错误，并显示以下 filter.php 行

Route::filter('csrf', function()
{
    if (Session::token() != Input::get('_token'))
    {
        throw new Illuminate\Session\TokenMismatchException;
    }
});

这三天我一无所知...

最糟糕的是这个错误是自动出现的，之前它工作正常..我根本没有做任何改变！

Answer 1

这是客户端问题

我刚刚删除了 cookie，然后它就开始工作了。

Answer 2

您可能在/users/Signin 路由中添加了crsf 过滤器。您有多种选择：

首先，您可以从路由中删除crsf 过滤器。

其次，您应该将csrf 标记添加到您的表单输入中（在<form ...> 行之后）

{{ Form::token(); }} 

或者您可以使用 Form 宏更改您的 Form 声明，同时包含 csrf 令牌。

{{ Form::open(array('url' => 'users/Signin' ) ); }}

希望对你有帮助。

Answer 3

避免在您的GET 路由上使用csrf，因为它们没有令牌并且会抛出TokenMismatchException。话虽如此，您可以查看可以在控制器中添加的代码 sn-p 以避免这些异常： `class UserController 扩展 BaseController {

/**
 * Instantiate a new UserController instance.
 */
public function __construct()
{
    $this->beforeFilter('auth', array('except' => 'getLogin'));

    $this->beforeFilter('csrf', array('on' => 'post'));

    $this->afterFilter('log', array('only' =>
                        array('fooAction', 'barAction')));
}

} `

如您所见，CSRF 过滤器仅应用于POST 方法，而身份验证仅应用于 getLogin 控制器方法。