在JWT注销没办法正常工作
问题说明
我是Laravel的新手,我安装了JWT并登录,因此它可以工作并生成令牌,当我在邮递员中注销时,它返回true,但一次又一次返回true,并且
I am new in Laravel, I installed JWT and logged In , so It worked and generated a token, When I Logout in postman It returns true but again and again it returns true and
auth()-> user()
auth()->user()
总是在注销后返回用户
这是我的代码:
public function login(Request $request)
{
$this->validateLogin($request);
if (!$jwt_token = JWTAuth::attempt($request->toArray())) {
return response()->json([
'success' => false,
'message' => 'Invalid national_id or Password',
], 401);
}
return response()->json(['success' => true, 'token' => $jwt_token,], 200);
}
并注销:
public function logout(Request $request)
{
auth()->logout();
return response()->json(['data' => 'you logged out successfully'],200)
}
在路线上:
Route::group(['prefix' => 'v1', 'namespace' => 'Api\v1'], function() {
Route::post('login', 'Auth\LoginController@login');
});
Route::group(['middleware' => ['auth:api', 'api'], 'prefix' => 'v1', 'namespace' => 'Api\v1'], function() {
// Authentication Routes...
Route::post('logout', 'Auth\LoginController@logout')->name('logout');
.
.
.
.
.
我也再次使用了JWTAuth::invalidate($request->token);,它不起作用.
I also used JWTAuth::invalidate($request->token); again it did not work.
正确答案
JWT是无状态的,因此令牌将一直有效直到它到期(您设置了到期时间). 从前端删除令牌,或在黑名单中始终检查所请求的令牌是否为valid和not black listed.
JWT is stateless, so token will be valid until it expires(You set the expiration). Either remove the token from your front end, or make a black list where you always check if the requested token is valid and not black listed.
I found a method to do this in github
public function testUserLogoutBlacklistsToken()
{
// Arrange
$user = factory('App\Models\User')->create();
$token = \Tymon\JWTAuth\Facades\JWTAuth::fromUser($user);
$payload = \Tymon\JWTAuth\Facades\JWTAuth::getPayload($token);
$headers = ['AUTHORIZATION' => 'Bearer ' . $token];
// Assert
$this->get('api/auth/logout', $headers)
->seeStatusCode(202)
->seeHeader('Authorization', '');
// Verify on the back-end that the token is blacklisted
$this->assertTrue(\Tymon\JWTAuth\Facades\JWTAuth::getBlacklist()->has($payload));
}
public function testAccessDeniedWithBlacklistedToken()
{
// Arrange
$user = factory('App\Models\User')->create();
$token = \Tymon\JWTAuth\Facades\JWTAuth::fromUser($user);
\Tymon\JWTAuth\Facades\JWTAuth::invalidate($token);
// Sanity check that JWTAuth::invalidate worked
$this->assertTrue(\Tymon\JWTAuth\Facades\JWTAuth::getBlacklist()->has($payload));
// User data should not be returned and response should have HTTP 500
$this->get('api/me', $headers)
->seeStatusCode(500);
}
这篇好文章是转载于:学新通技术网
