search

tuupola / slim-jwt-auth

PSR-7 and PSR-15 JWT Authentication Middleware
https://appelsiini.net/projects/slim-jwt-auth
MIT License
821 stars 140 forks source link

JWT suddently stopped working #240

Closed rodude123 closed 1 year ago

rodude123 commented 1 year ago

So up till recently, the JWT bit used to work fine now it doesn't work whatever version of my repo I run, it keeps allowing you to post even though it shouldn't. This is what I have as my JWT function inside of my middleware class.

/**
     * JWT Authentication
     * @param App $app - Slim App
     */
    function jwtAuth(App $app): void
    {
        $jwtSecret = getSecretKey();
        $app->add(new JwtAuthentication([
            "rules" => [
                new RequestPathRule([
                    "path" => ["/api/projectData", "/api/timeline/[a-z]*", "/api/logout"],
                    "ignore" => ["/api/contact", "/api/user/login", "/api/user/changePassword"]
                ]),
                new RequestMethodRule([
                    "ignore" => ["OPTIONS", "GET"]
                ])
            ],
            "secret" => $jwtSecret,
            "error" => function ($response)
            {
                session_destroy();
                $response->getBody()->write(json_encode(array("status" => "401", "message" => 
                                                              "Unauthorized, please provide a valid token")));
                return $response->withStatus(401);
            }
        ]));
    }

Then this is what my constructor looks like 

    /**
     * Constructor for middleware
     * @param App $app - Slim App
     */
    function __construct(App $app)
    {
        $this->baseMiddleware($app);
        $this->sameSiteConfig($app);
        $this->jwtAuth($app);
        $this->errorHandling($app);
        $this->returnAsJSON($app);
    }

Then inside my index.php file, I have this new middleware($app) and an import statement at the top require "middleware.php"

rodude123 commented 1 year ago

having done a little research I found out I had a spelling error, I close this issue in shame 😞

tuupola commented 1 year ago

Great! Also I would probably do something like:

new RequestPathRule([
    "path" => ["/api"],
    "ignore" => ["/api/contact", "/api/user/login", "/api/user/changePassword"]
]),

The ignore parameter creates exceptions to what path would otherwise cover.