search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.31k stars 1.54k forks source link

JWT remembers only the last token #1283

Open mehrdad-shokri opened 7 years ago

mehrdad-shokri commented 7 years ago

I'm developing some e2e tests, which includes authenticating users via jwt.
In my testcase I authenticate 3 users ( adminUser, consultantUser, studentUser) via jwt, and generate tokens in a variable.
Although the generated tokens are different, When I execute JWTAuth::toUser() on tokens,
all of them point to the last user authenticated.
Is this a bug related to jwt or I'm doing some configuration wrong on my test suit.

I tried to reproduce this email manually, but generating tokens by vising authentication url on postman,
doesn't cause this problem.

My login procedure is: 

 /**
 * @param $user
 * @param $password
 * @return mixed
 */
protected function login($user, $password)
{
    $request = $this->post('api/panel/auth/login', ['email' => $user->email, 'password' => 
$password]);
    return $request->json()['data']['token'];
}

Initialization process is: 

public function setUp(){

    $this->adminToken = $this->login(User::whereEmail('admin@rooyesh.app')->first(), '111111');
    $this->consultantToken = $this->login(User::whereEmail('consultant@rooyesh.app')->first(), 
'111111');
    $this->studentToken = $this->login(User::whereEmail('student@rooyesh.app')->first(), '111111');

again, trying to retrieving user from adminToken points to the student user on the db!

Any sugestions?

mehrdad-shokri commented 7 years ago

@tymondesigns I think this is a bug related to this package. I'm using version dev-develop

mehrdad-shokri commented 7 years ago

Found something interesting, When I visit login url, in the current session, Auth::user(); points to the last authenticated user (Which is student).
So I started generating tokens without authenticating user completely.

Another problem I have right now is that: BaseMiddleware identifies user via token, but another middleware (which comes after jwt.auth in middlewared array) calls Auth::user() which surprisangly returns null.
I thought calling Auth::user() after BaseMiddleware sets authenticated user automatically.
Was this a misunderstanding? @tymondesigns

shamshashmi commented 7 years ago

Hi, Yes i'm having the same issue. @tymondesigns can you please look at it?

kohenkatz commented 7 years ago

Calling Auth::user() only works if your default authentication provider is this package, as set in config/auth.php (defaults.guard setting). Otherwise, you need to call Auth::guard('jwt')->user() to specify that the JWT guard should be used.