search

laravel / sanctum

Laravel Sanctum provides a featherweight authentication system for SPAs and simple APIs.
https://laravel.com/docs/sanctum
MIT License
2.75k stars 294 forks source link

Expiration is not working in #464

Closed hpt123456 closed 1 year ago

hpt123456 commented 1 year ago

Sanctum Version

3.2

Laravel Version

10.10

PHP Version

8.2.8

Database Driver & Version

mariadb:10

Description

What I understand from documentation if I set expiration' => 50000, in cofig/sanctum.php file and I create below code in one of the controller method.

$token = $request->user()->createToken('personal-token')->plainTextToken;

I should see expires_at with some datetime value at personal_access_tokens table, Am I right? But I got null. I could add that datetime value in expires_at column at **personal_access_tokens*** table by some ways. But, I would like to use from package if it already has that feature.

Steps To Reproduce

$ laravel new example-app
$ composer require laravel/sanctum
$ php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
$ php artisan migrate

config/auth.php

    'stateful' => true,
    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'sanctum' => [
            'driver' => 'sanctum',
            'provider' => 'users',
            'hash' => false,
        ],
    ],

config/sanctum.php

'expiration' => 50000,

One of the controller method

    function login(EmailLoginRequest $request) : JsonResponse {

        $credentials = $request->only(['email', 'password']);

        if (Auth::attempt($credentials)) {

            $token = $request->user()->createToken('personal-token')->plainTextToken;

            return jsonSuccess([
                'user' => array_merge($request->user()->only('id', 'name', 'email'),[
                    'token' => $token
                ])

            ], __('auth.Successfully logged in'));
        }

        return jsonError(__('auth.wrong_credentials'), 401);
    }
crynobone commented 1 year ago

Hey there, thanks for reporting this issue.

We'll need more info and/or code to debug this further. Can you please create a repository with the command below, commit the code that reproduces the issue as one separate commit on the main/master branch and share the repository here?

Please make sure that you have the latest version of the Laravel installer in order to run this command. Please also make sure you have both Git & the GitHub CLI tool properly set up.

laravel new bug-report --github="--public"

Do not amend and create a separate commit with your custom changes. After you've posted the repository, we'll try to reproduce the issue.

Thanks!

hpt123456 commented 1 year ago

Hi @crynobone ,

Thanks for your help. I setup the project using docker. And I also included everything ready. You only need to run docker-compose up and then you could call http://localhost/test in browser . Please let me know if you need another more.

driesvints commented 1 year ago

@hpt123456 can you provide a link to a public repo?

hpt123456 commented 1 year ago

@crynobone @driesvints

Sorry I thought link was included. Here is the link https://github.com/hpt123456/bug-report

crynobone commented 1 year ago

I should see expires_at with some datetime value at personal_access_tokens table, Am I right?

No, the expiration is only used in below:

https://github.com/laravel/sanctum/blob/6bd2cc33a7951cf09be4fc394a5cb5fd9581804e/src/SanctumServiceProvider.php#L120

And validated against created_at:

https://github.com/laravel/sanctum/blob/6bd2cc33a7951cf09be4fc394a5cb5fd9581804e/src/Guard.php#L159

You should be able to do it by using the following:

$token = $request->user()->createToken(
    name: 'personal-token', 
    expiresAt: now()->addMinutes(30)
)->plainTextToken;