search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.3k stars 1.54k forks source link

Lumen handling jwt exception #1003

Open hsklia opened 7 years ago

hsklia commented 7 years ago

I've setup JWT in lumen framework based to this article www.akaita.com/post/json-web-token-authentication-for-lumen-5-tymon-jwt-auth/

But i cannot handle JWTExceptions, when my token is invalid, application throws AuthorizationException exception and it is not throw JWTException s.

jampack commented 7 years ago

I think Lumen support is not of much priority on the package

jgrossi commented 6 years ago

@alihasanzaade I'm using Lumen 5.5 and everything is working as expected. Check this issue #1353 😉

victorrss commented 6 years ago

I am using

"php": ">=7.0.0",
"fideloper/proxy": "~3.3",
"laravel/framework": "5.5.*",
"laravel/tinker": "~1.0",
"tymon/jwt-auth": "1.0.0-rc.1"

it worked here Add the following code to the render method within app/Exceptions/Handler.php

public function render($request, Exception $e)
    {
        if($e instanceof \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException){
            return response()->json([$e->getMessage()], $e->getStatusCode());
        }
        return parent::render($request, $e);
    }
bernard-murunga commented 5 years ago

Has anyone been able to find a solution to issue #1003 ?

jgrossi commented 5 years ago

@bernard-murunga check my comment here. it's what you're looking for https://github.com/tymondesigns/jwt-auth/issues/1353#issuecomment-345805157

bernard-murunga commented 5 years ago

@jgrossi Sorry but your solution doesn't work for me. The only response i still get is status code 401 from the Authenticate middleware

jgrossi commented 5 years ago

@bernard-murunga you must change how you handle exceptions. did you update your Handler.php class? that's the file you're gonna change to handle the AuthorizationException. what's happening on the Authenticate middleware is correct, it's throwing the exception, just that. now you have to deal with it in your Handler.php file.

here you find an example of the render() method. attention to the $this->isJwtException() method:

public function render($request, Exception $exception)
{
    if ($response = $this->isJwtException($exception)) {
        return $response;
    } elseif ($exception instanceof ModelNotFoundException) {
        return response()->json([
            'message' => sprintf(
                "Resource not found: [%s]",
                $this->retrieveResource($exception)
            ),
        ], 404);
    }

    return parent::render($request, $exception);
}

and finally the isJwtException() method:

private function isJwtException(Exception $e)
{
    if ($e instanceof UnauthorizedHttpException) {
        if ($e->getPrevious() instanceof TokenExpiredException) {
            return response()->json(['token_expired'], $e->getStatusCode());
        } elseif ($e->getPrevious() instanceof TokenInvalidException) {
            return response()->json(['token_invalid'], $e->getStatusCode());
        }
    }

    return null;
}
MizterFrek commented 1 year ago

I know it has been a long time since this error was shown, I am currently learning to use laravel lumen in version 10:

{
        "php":"^8.1",
        "guzzlehttp/guzzle":"^7.7",
        "laravel/lumen-framework": "^10.0",
        "tymon/jwt-auth": "^2.0"
},

I am developing Lumen as an API so it is important that the response is in json format. When trying to enter an auth middleware path with jwt, I noticed that it does not run the ExceptionHandler and that the response is only:

'Unauthorized' 
401

We know that the Middleware is the one who intercepts the requests, in this case it would be the App\Http\Middleware\ Authenticate, in the handle method we find the following:

public function handle($request, Closure $next, $guard = null)
    {
        if ($this->auth->guard($guard)->guest()) {
            return response('Unauthorized.', 401);
        }

        return $next($request);
    }

In this case to give a simple example I would repackage it by a Json response in the conditional of the guard:

public function handle($request, Closure $next, $guard = null)
    {
        if ($this->auth->guard($guard)->guest()) {
            return new Illuminate\Http\JsonResponse([[
                'error' => 'Unauthorized', 
                'code' => 401
            ], 401);

        }

        return $next($request);
    }

And so basically modifying the middleware is that now I have the following response in json format:

{
  "error": "Unauthorized",
  "code": 401
}