search

CallMeNP / lara-auth-bridge

[Unmaintained] Offers a simple API for the included custom phpBB authentication module. for phpBB(3.0,3.1) and laravel5
MIT License
16 stars 8 forks source link

Does not work with Laravel 5.2? #13

Open carpusmedia opened 7 years ago

carpusmedia commented 7 years ago

Hello,

We are not able to get lara-auth-bridge to work properly. We are using Laravel 5.2.

When we try to log in to the forum, we get this error message:

You have specified an incorrect username. Please check your username and try again. If you continue to have problems please contact the Board Administrator.

No errors are created in the Laravel logs.

We've followed the instructions in the Readme, this is the setup:

laravel/config/app.php

<?php

return [
    ...
    'providers' => [
        ...
        'CallMeNP\LaraAuthBridge\LaraAuthBridgeServiceProvider'
        ...
     ]
]

laravel/config/lara-auth-bridge.php

<?php 

return [

    'appkey' => 'testkey',

    'user_model' => [
        'username_column' => 'email',
        'password_column' => 'password',
    ],

    'client_auth' => false,

];

laravel/app/Http/Middleware/VerifyCsfrToken.php 

<?php

namespace App\Http\Middleware;
...
class VerifyCsrfToken extends BaseVerifier {
    ...
    protected $except = [
        'auth-bridge/*',
    ]
];

phpbb/ext/laravel/bridgebb/auth/provider/bridgebb.php

<?php

namespace {
   ...
    define('LARAVEL_URL', 'http://app.domain.com');
    define('BRIDGEBB_API_KEY', 'testkey');

    define ('LARAVEL_CUSTOM_USER_DATA', serialize ([
        'email' => 'user_email',
    ]));
...

The forum is hosted on a subdomain as well (http://forum.domain.com)

PHPBB: 3.1.10 Laravel: 5.2 lara-auth-bridge: 2.1.0 laravel/bridgebb: 2.0.0

carpusmedia commented 7 years ago

It seems like we found the problem.

As discovered in https://github.com/CallMeNP/lara-auth-bridge/issues/11, the problem is that ApiController::getSession is not able to validate the session.

The reason for this is that since Laravel 5.2, you need to wrap the routes in a web middleware to access the session state across the board (like the global in 5.1).

Simply change the routes declaration in laravel/vendor/callmenp/lara-auth-bridge/src/CallMeNP/LaraAuthBridgeServiceProvider.php from this: 

Route::get('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@getSession'); 
Route::post('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@doLogin');
Route::delete('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@doLogout');

to this:

Route::group(['middleware' => ['web']], function () {
    Route::get('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@getSession');
    Route::post('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@doLogin');
    Route::delete('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@doLogout');
});

This solved the problem for us.