基于 API 调用的 Laravel 5.4 自定义用户身份验证

【问题标题】:Laravel 5.4 custom user authentication base on an API call基于 API 调用的 Laravel 5.4 自定义用户身份验证
【发布时间】:2023-04-07 18:05:02
【问题描述】:

一直在尝试将外部身份验证与 Laravel 的身份验证相结合,但我似乎没有成功

阅读并尝试了我在 stackoverflow 中找到的这篇文章,Custom user authentication base on the response of an API call,根据这篇文章,我已经成功地将外部身份验证的用户信息放入 Laravel 的身份验证系统。

我的问题是当我登录并使用该凭据登录到外部 API(假设我们从 API 成功获取用户信息)并重定向到另一个页面时,Auth::user() 似乎不起作用并总是返回null 值,看来会话没有持久化...

我也尝试过创建自定义会话,将来自 API 的返回数据放入 ApiUserProvider 中,以便稍后在其他路由中访问它,但是会话丢失了......

希望有人能帮到我,谢谢

PS:我使用的是 Laravel 5.4

config/auth.php

'providers' => [
        'users' => [
            'driver' => 'api',
        ],
    ],

app/Providers/AuthServiceProvider

namespace App\Providers;

use Illuminate\Support\Facades\Auth;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;

class AuthServiceProvider extends ServiceProvider
{
    protected $policies = [
        'App\Model' => 'App\Policies\ModelPolicy',
    ];

    public function boot()
    {
        $this->registerPolicies();

        Auth::provider('api', function ($app, array $config) {
            return new \App\Providers\ApiUserProvider($this->app['hash']);
        });
    }
}

app/Providers/ApiUserProvider.php

namespace App\Providers;

use Illuminate\Support\Facades\Auth;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Hashing\Hasher as HasherContract;
use Illuminate\Contracts\Auth\Authenticatable as UserContract;

class ApiUserProvider implements UserProvider
{
    protected $hasher;

    public function __construct(HasherContract $hasher)
    {
        $this->hasher = $hasher;
    }

    public function retrieveByCredentials(array $credentials)
    {

        $user = [];

        $post = [
            'username' => $credentials['username'],
            'password' => $credentials['password']
        ];

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_URL, 'https://sample.com/dev/admin/login'); 
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($post));
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type:application/json'));

        $response = curl_exec($ch);
        $response = json_decode($response, true);

        curl_close($ch);

        if(isset($response['successful']) && $response['successful']) {
            $response['claims'] =  json_decode(base64_decode(explode('.', $response['token'])[1]));
            $response['password'] =  bcrypt($credentials['password']);
            $response['username'] =  $credentials['username'];
            $response['id'] =  $response['claims']->client_id;
            $response['remember_token'] =  null;

            $user = $response;
            session()->put($response['claims']->client_id, $response); //<--- I attempt to put it in session
        }

        $user = $user ? : null;

        return $this->getApiUser($user);
    }

    public function retrieveById($identifier)
    {
        //$user = $this->getUserById($identifier);
        $user = session()->get($identifier);  //<---- attempted to retrieve the user, but session don't exists if I go in other route 
        return $this->getApiUser($user);
    }

    public function validateCredentials(UserContract $user, array $credentials)
    {
         return $this->hasher->check(
            $credentials['password'], $user->getAuthPassword()
        );
    }

    protected function getApiUser($user)
    {
        if ($user !== null) {
            return new \App\ApiUser((array) $user);
        }
    }

    protected function getUserById($id)
    {
        $user = session()->get($id);
        return $user ?: null;
    }

    public function retrieveByToken($identifier, $token) { }
    public function updateRememberToken(UserContract $user, $token) { }
}

UserController.php

namespace App\Http\Controllers;

use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Request;
use Illuminate\Contracts\Auth\SessionGuard;

class UserController extends Controller
{ 
     protected function attemptLogin(Request $request)
    {
        return $this->guard()->attempt($this->credentials($request));
    }

    protected function guard()
    {
        return Auth::guard();
    }

    protected function credentials(Request $request)
    {
        return $request->only('username', 'password');
    }

    public function login(Request $request)
    {
         if ($this->attemptLogin($request)) {
             dd(auth());
             return "T";
         }

         return "F";
    }

    public function getCurrentUserInfo(Request $request)
    {
        dd(auth()); //<------------- user info no longer exist here
    }
}

【问题讨论】:

  • 你是如何登录用户的?
  • 嗨 Maxwelln,我仍然使用 Auth::attempt 登录并将其传递给自定义服务提供者(扩展 UserProvider 类)和 retrieveByCredentials 方法内部,我执行 cURL 传递用户名和密码,如果cURL的结果是成功的,它就会被认证你可以参考我上面提到的链接......我和那个很相似。我只是在从 API 检索到的数据的持久性方面遇到了麻烦谢谢
  • @EnriqhoJuan 对此有何更新?我认为您必须将数据存储到某个存储(数据库、缓存等)中并从那里检索以供后续请求。

标签: php laravel-5.4


【解决方案1】:

我认为这是因为我在登录时使用了 api 路由,这就是为什么它没有存储在身份验证会话中的信息中,

我尝试在 api 路由中添加 startsession 中间件,它可以工作,但我认为这是不对的,因为 api 路由必须是无状态的。

【讨论】:

    猜你喜欢
    • 2016-01-24
    • 2021-05-30
    • 2014-02-04
    • 1970-01-01
    • 2023-04-10
    • 1970-01-01
    • 2018-02-01
    • 2020-11-20
    • 2020-11-10
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode