Open jinoantony opened 6 years ago
@jinoantony See my middleware in #1355
@jinoantony: thanks for the tip(replacing JWTAuth::parseToken()->authenticate()). To avoid editing the file in vendor I copied it to App\Http\Middleware\CustomGetUserFromToken.php. Finally I added this line in Kernel.php
'jwt.auth' => \App\Http\Middleware\CustomGetUserFromToken::class,
Please can any one help with the method to force blacklist expired toke for my own logic force reset the expired token and it need to be after the user has expired the token i need to force the token to blacklist
here is my code below:
` try { // the code is okay here $payload = $this->guard()->getPayload(); $res = $userAuth->getAdminUserLoginDetails($payload['email']); $token = $this->guard()->claims(["email"=> $res->email, 'api_token'=> $res->api_token ])->login($userAuth); JWTAuth::invalidate(JWTAuth::getToken()); return response()->json([$token]); } catch (TokenExpiredException $e) { // here is where my code needs help if (env('JWT_FORCE_GET_PAYLOAD', false)) { $payload = JWTAuth::manager()->getJWTProvider()->decode(JWTAuth::getToken()->get()); $res = $userAuth->getAdminUserLoginDetails($payload['email']); // JWTAuth::invalidate(JWTAuth::getToken()); // i cannot use this line because the exception will be caught $token = $this->guard()->claims(["email"=> $res->email, 'api_token'=> $res->api_token ])->login($userAuth); // $token = $this->guard()->refresh(true, true); // i cannot use this line because the exception will be caught
// token need to be invalidate or blacklist here after successful reset
return response()->json([$token]);
} else {
throw new TokenExpiredException('Token has expired', 401);
}
}catch(\Exception $e) {
throw new HttpException($e->getMessage(), 401);
}
`
I recently ran into a problem where jwt middleware always return user_not_found exception. I replaced the function call
JWTAuth::parseToken()->authenticate()
withJWTAuth::toUser(JWTAuth::getToken())
in the jwt middleware and its work perfect. But the problem is it is not a good method to edit the vendor files. Is there any solution to this other than editing the middleware ?