search

laravel / framework

The Laravel Framework.
https://laravel.com
MIT License
32.29k stars 10.94k forks source link

Sanctum does not seem to revoke tokens #52156

Closed blablabla1234678 closed 2 months ago

blablabla1234678 commented 2 months ago

Laravel Version

11.15.0

PHP Version

8.2.0

Database Driver & Version

sqlite

Description

I have an example API where I tested authentication and token revoking and tokens do not appear to be deleted. As far as I can tell I did everything according to the documentation.

Steps To Reproduce

  1. I uploaded the repository to github: https://github.com/blablabla1234678/proba
  2. Just set the location of the sqlite file in the .env, otherwise the settings are the defaults. https://github.com/blablabla1234678/proba/blob/main/.env.example#L25
  3. After that remove the comments by this part of the tests: https://github.com/blablabla1234678/proba/blob/main/tests/Feature/TokenTest.php#L37
  4. The test fails because the token is not revoked by the first DELETE request.
  5. As far as I can tell the relevant part of the code is the same the documentation recommends for revoking tokens: https://github.com/blablabla1234678/proba/blob/main/app/Http/Controllers/TokenController.php#L27 Here I can even dump that the request user id and the token is the same for the two calls, so the user is authenticated with the revoked token. Another sign of the authentication with the revoked token that I use the auth:sanctum middleware for the route. https://github.com/blablabla1234678/proba/blob/main/routes/api.php#L15
blablabla1234678 commented 2 months ago

Can somebody confirm that the problem is that Laravel supports only a single request per test?

blablabla1234678 commented 2 months ago

I just confirmed it. When I test the database content I don't have the issue.