search

tappleby / laravel-auth-token

Hooks into the laravel auth module and provides an auth token upon success. This token is really only secure in https environment. This main purpose for this module was to provide an auth token to javascript web app which could be used to identify users on api calls.
MIT License
255 stars 64 forks source link

How to manually validate an auth token? #39

Open PadreMontoya opened 10 years ago

PadreMontoya commented 10 years ago

Hi Terry,

Thanks for your great work on this! I have it installed correctly and everything is working fine. I'm trying to make a tweak, however - when a user authenicates, I want to give them an "auth_token" cookie, and likewise, check that cookie during routing.

I'm able to give a cookie with this code:

Route::filter('give_auth_cookie', function($route, $request, $response)
{
    $data = $response->getData(true);
    $response->withCookie(Cookie::forever('auth_token', $data['token']));
});

Route::post('auth', array('uses' => 'Tappleby\AuthToken\AuthTokenController@store', 'after' => 'give_auth_cookie'));

Now my problem is trying to validate it. All my attempts to get access to a working AuthTokenDriver object have failed. My closest guess is:

$token = Cookie::get('auth_token');
$manager = new Tappleby\AuthToken\AuthTokenManager();
$driver = $manager->driver();
$success = $driver->validate($token);

This doesn't work because AuthTokenManager expects a working $app.

Can you suggest how to check if an auth token string is valid?

Thanks for any help you can give.

tappleby commented 10 years ago

If you setup the optional aliases, you can use the facade: AuthToken::validate($token)

tappleby commented 10 years ago

@PadreMontoya any luck with using the facade? let me know if your still running into issues.

PadreMontoya commented 10 years ago

Hi Terry,

Thanks for the reply! I actually think the alias suggestion will work, but I've hit a new problem.

We've recently switched our platform from Postgres to Neo4j, using https://github.com/Vinelab/NeoEloquent.

I haven't had a chance to see how your project works under Neo4j, but I'm a little nervous about compatibility since your code uses $this->db->table('ta_auth_token'). I'm not sure whether this will throw an exception, or whether Neo4j will know to treat that as a 'ta_auth_token' node.

I'll let you know what I find. I've already got laravel-auth-token installed, I just disabled it while we converted to Neo4j.

PadreMontoya commented 10 years ago

BTW, if you have any tips, I'm all ears. I'd love to keep using laravel-auth-token. Can I perhaps swap out the database component with my own implementation? (I'm a bit new to interfaces and facades)

tappleby commented 10 years ago

Yeah im not sure what the compatibility would be like, its possible it could just work (I dont know enough about Neo4J).

You could supply your own Neo4J provider based on the DatabaseAuthTokenProvider. using the following:

AuthToken::extend('neo4j', function ($app) {
    return new Neo4jAuthTokenProvider;
});

Note: I havent tested this lib with another provider, for the above to work it would require a code modification to read the driver from config.