Closed mikebronner closed 10 years ago
Temporary work-around in SessionsController is the following:
public function destroy($id = null)
{
Event::listen('validating.*', function($model) {
return false;
});
Auth::logout();
return Redirect::home();
}
Couldn't you hook in to auth.logout
? But I don't think I'm understanding exactly - what is the problem with Auth::logout()
performing a save? A remember_token
isn't going to make your model invalid (assuming you haven't stuffed your rules) so it should always save properly.
save()
or not even realise that a validation trait is being used in the project.Hi Dwight, thanks for the reply.
The reason this is failing for me is because of the password confirmation rule I have set in the 'saving' ruleset:
protected $rulesets = [
'saving' => [
'email' => 'required|unique:users,email',
'password' => 'required|confirmed',
'username' => 'required',
],
'sanityCheck' => [
'email' => 'required',
'password' => 'required',
'username' => 'required',
],
];
And then my UsersController has this to work with it:
if (strlen(Input::get('password')) > 0) {
$user->password = Input::get('password');
$user->password_confirmation = Input::get('password_confirmation');
} else {
$user->password_confirmation = $user->password;
}
$user->isValidOrFail();
if (strlen(Input::get('password')) > 0) {
$user->password = Hash::make( $user->password );
}
unset($user->password_confirmation);
$user->forceSave();
Your isValidOrFail() update is working like a charm, thanks very much for that, by the way. :) I guess maybe this issue is more related to the password confirmation feature, rather than being an issue of its own (issue #19). I'm happy to disable validation in the logout routine until password confirmations get sorted out. :)
Will the following re-enable validations?
Event::listen('validating.*', function($model) {
return true;
});
If so, then I'll add that back in right after the Auth::logout()
to minimize security risks, like so:
public function destroy($id = null)
{
Event::listen('validating.*', function($model) {
return false;
});
Auth::logout();
Event::listen('validating.*', function($model) {
return true;
});
return Redirect::home();
}
Ah, I see what you mean. This is definitely more related to the other issue, so I'll start looking into the next version.
Laravel's built-in logout functionality that is part of the Auth system (Auth::logout()), triggers a save on the user model, which inserts the remember_token.
I don't believe there is any way for me to intercept this save, and have to do forceSave instead, so I would propose one of two:
login
andlogout
that will be used accordingly, and could also handle the password confirmation issue in the future.