search

knuckleswtf / scribe

Generate API documentation for humans from your Laravel codebase.✍
https://scribe.knuckles.wtf/laravel/
MIT License
1.75k stars 314 forks source link

user auth data keep persisting #339

Closed nwxxb closed 2 years ago

nwxxb commented 3 years ago

What happened? So I use laravel sanctum and everything seems normal except when I use logout endpoints to delete user token in the database (and it works), and I can still use all endpoints that require authentication without fill the Authorization bearer input with the correct token.

Screenshots and stack traces: image log on browser: image

My environment:

My Scribe config (minus the comments):

<?php

use Knuckles\Scribe\Extracting\Strategies;

return [

    'theme' => 'default',

    'title' => 'Symbolic Snippet',

    'description' => '',

    'base_url' => "http://127.0.0.1:8000",

    'routes' => [
        [

            'match' => [

                'prefixes' => ['api/*'],

                'domains' => ['*'],

                'versions' => ['v1'],
            ],

            'include' => [
                // 'users.index', 'healthcheck*'
            ],

            'exclude' => [
                // '/health', 'admin.*'
            ],

            'apply' => [

                'headers' => [
                    'Content-Type' => 'application/json',
                    'Accept' => 'application/json',
                ],

                'response_calls' => [

                    'methods' => ['GET'],

                    'config' => [
                        'app.env' => 'documentation',
                        // 'app.debug' => false,
                    ],

                    'queryParams' => [
                        // 'key' => 'value',
                    ],

                    'bodyParams' => [
                        // 'key' => 'value',
                    ],

                    'fileParams' => [
                        // 'key' => 'storage/app/image.png',
                    ],

                    'cookies' => [
                        // 'name' => 'value'
                    ],
                ],
            ],
        ],
    ],

    'type' => 'static',

    'static' => [
        'output_path' => 'public/docs',
    ],

    'laravel' => [
        'add_routes' => true,

        'docs_url' => '/docs',

        'middleware' => [],
    ],

    'try_it_out' => [
        'enabled' => true,

        'base_url' => "http://127.0.0.1:8000",

        'use_csrf' => true,

        'csrf_url' => '/sanctum/csrf-cookie',
    ],

    'auth' => [
        'enabled' => true,

        'default' => true,

        'in' => 'bearer',

        'name' => 'Authorization',

        'use_value' => env('SCRIBE_AUTH_KEY'),

        'placeholder' => '{YOUR_AUTH_KEY}',

        'extra_info' => 'You can retrieve your token by visiting your dashboard and clicking <b>Generate API token</b>.',
    ],

    'intro_text' => <<<INTRO
This documentation aims to provide all the information you need to work with our API.

<aside>As you scroll, you'll see code examples for working with the API in different programming languages in the dark area to the right (or as part of the content on mobile).
You can switch the language used with the tabs at the top right (or from the nav menu at the top left on mobile).</aside>
INTRO
    ,

    'example_languages' => [
        'bash',
        'javascript',
    ],

    'postman' => [
        'enabled' => true,

        'overrides' => [
            // 'info.version' => '2.0.0',
        ],
    ],

    'openapi' => [
        'enabled' => true,

        'overrides' => [
            // 'info.version' => '2.0.0',
        ],
    ],

    'default_group' => 'Endpoints',

    'logo' => false,

    'faker_seed' => null,

    'strategies' => [
        'metadata' => [
            Strategies\Metadata\GetFromDocBlocks::class,
        ],
        'urlParameters' => [
            Strategies\UrlParameters\GetFromLaravelAPI::class,
            Strategies\UrlParameters\GetFromLumenAPI::class,
            Strategies\UrlParameters\GetFromUrlParamTag::class,
        ],
        'queryParameters' => [
            Strategies\QueryParameters\GetFromFormRequest::class,
            Strategies\QueryParameters\GetFromInlineValidator::class,
            Strategies\QueryParameters\GetFromQueryParamTag::class,
        ],
        'headers' => [
            Strategies\Headers\GetFromRouteRules::class,
            Strategies\Headers\GetFromHeaderTag::class,
        ],
        'bodyParameters' => [
            Strategies\BodyParameters\GetFromFormRequest::class,
            Strategies\BodyParameters\GetFromInlineValidator::class,
            Strategies\BodyParameters\GetFromBodyParamTag::class,
        ],
        'responses' => [
            Strategies\Responses\UseTransformerTags::class,
            Strategies\Responses\UseApiResourceTags::class,
            Strategies\Responses\UseResponseTag::class,
            Strategies\Responses\UseResponseFileTag::class,
            Strategies\Responses\ResponseCalls::class,
        ],
        'responseFields' => [
            Strategies\ResponseFields\GetFromResponseFieldTag::class,
        ],
    ],

    'fractal' => [
        'serializer' => null,
    ],

    'routeMatcher' => \Knuckles\Scribe\Matching\RouteMatcher::class,

    'database_connections_to_transact' => [config('database.default')]
];
shalvah commented 3 years ago

I don't understand. You mean that endpoints that require auth still work without auth? If so, why do you think that's Scribe's fault? The endpoints are handled by your app.

riezq25 commented 2 years ago

hi @nawwab i had the same problem, I couldn't make a request using the sanctum bearer token. How do you display the Authorization header field like yours?

Screenshot 2022-01-10 153953
shalvah commented 2 years ago

Still waiting for someone to explain what exactly the problem is.

nwxxb commented 2 years ago

I don't understand. You mean that endpoints that require auth still work without auth? If so, why do you think that's Scribe's fault? The endpoints are handled by your app.

I am sorry for bothering you, I think the problem is from my controller not giving proper response.

nwxxb commented 2 years ago

you can check on config file, there is Bearer option on auth