在JWT注销没办法正常工作
问题说明
我是Laravel的新手,我安装了JWT并登录,因此它可以工作并生成令牌,当我在邮递员中注销时,它返回true,但一次又一次返回true,并且
I am new in Laravel, I installed JWT and logged In , so It worked and generated a token, When I Logout in postman It returns true but again and again it returns true and
auth()-> user()
auth()->user()
总是在注销后返回用户
这是我的代码:
public function login(Request $request)
{
$this->validateLogin($request);
if (!$jwt_token = JWTAuth::attempt($request->toArray())) {
return response()->json([
'success' => false,
'message' => 'Invalid national_id or Password',
], 401);
}
return response()->json(['success' => true, 'token' => $jwt_token,], 200);
}
并注销:
public function logout(Request $request)
{
auth()->logout();
return response()->json(['data' => 'you logged out successfully'],200)
}
在路线上:
Route::group(['prefix' => 'v1', 'namespace' => 'Api\v1'], function() {
Route::post('login', 'Auth\LoginController@login');
});
Route::group(['middleware' => ['auth:api', 'api'], 'prefix' => 'v1', 'namespace' => 'Api\v1'], function() {
// Authentication Routes...
Route::post('logout', 'Auth\LoginController@logout')->name('logout');
.
.
.
.
.
我也再次使用了JWTAuth::invalidate($request->token);
,它不起作用.
I also used JWTAuth::invalidate($request->token);
again it did not work.
正确答案
JWT是无状态的,因此令牌将一直有效直到它到期(您设置了到期时间). 从前端删除令牌,或在黑名单中始终检查所请求的令牌是否为valid
和not black listed
.
JWT is stateless, so token will be valid until it expires(You set the expiration). Either remove the token from your front end, or make a black list where you always check if the requested token is valid
and not black listed
.
I found a method to do this in github
public function testUserLogoutBlacklistsToken()
{
// Arrange
$user = factory('App\Models\User')->create();
$token = \Tymon\JWTAuth\Facades\JWTAuth::fromUser($user);
$payload = \Tymon\JWTAuth\Facades\JWTAuth::getPayload($token);
$headers = ['AUTHORIZATION' => 'Bearer ' . $token];
// Assert
$this->get('api/auth/logout', $headers)
->seeStatusCode(202)
->seeHeader('Authorization', '');
// Verify on the back-end that the token is blacklisted
$this->assertTrue(\Tymon\JWTAuth\Facades\JWTAuth::getBlacklist()->has($payload));
}
public function testAccessDeniedWithBlacklistedToken()
{
// Arrange
$user = factory('App\Models\User')->create();
$token = \Tymon\JWTAuth\Facades\JWTAuth::fromUser($user);
\Tymon\JWTAuth\Facades\JWTAuth::invalidate($token);
// Sanity check that JWTAuth::invalidate worked
$this->assertTrue(\Tymon\JWTAuth\Facades\JWTAuth::getBlacklist()->has($payload));
// User data should not be returned and response should have HTTP 500
$this->get('api/me', $headers)
->seeStatusCode(500);
}
这篇好文章是转载于:学新通技术网
- 版权申明: 本站部分内容来自互联网,仅供学习及演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,请提供相关证据及您的身份证明,我们将在收到邮件后48小时内删除。
- 本站站名: 学新通技术网
- 本文地址: /reply/detail/tanhcfhkkg
-
YouTube API 不能在 iOS (iPhone/iPad) 工作,但在桌面浏览器工作正常?
it1352 07-30 -
iPhone,一张图像叠加到另一张图像上以创建要保存的新图像?(水印)
it1352 07-17 -
保持在后台运行的 iPhone 应用程序完全可操作
it1352 07-25 -
使用 iPhone 进行移动设备管理
it1352 07-23 -
在android同时打开手电筒和前置摄像头
it1352 09-28 -
扫描 NFC 标签时是否可以启动应用程序?
it1352 08-02 -
检查邮件是否发送成功
it1352 07-25 -
Android微调工具-删除当前选择
it1352 06-20 -
希伯来语的空格句子标记化错误
it1352 06-22 -
Android App 和三星 Galaxy S4 不兼容
it1352 07-20