While using the auth()->setTTL(1)->attempt($credentials) I realized that if it doesn't match the credentials with a user in DB, it doesn't return an exception like UnauthorizedHttpException. For that reason one has to enclose the above command inside an if clause.
In contrast methods like check() did return one and exception is handled by the global handler.
Your environment
Q
A
Bug?
dunno
New Feature?
no
Framework
Laravel
Framework version
5.7
Package version
1.0.0
PHP version
7.x.y
Steps to reproduce
public function authenticate(Request $request)
{
$credentials = $request->only('email', 'password');
$token = auth()->setTTL(1)->attempt($credentials);
return response()->json(compact('token'));
}
The above code will return a JSON object with token:false which is setted in the local storage or wherever and will not throw an exception
To make it work one could do this or to throw a custom UnauthorizedHttpException
public function authenticate(Request $request)
{
$credentials = $request->only('email', 'password');
if (! $token = auth()->setTTL(1)->attempt($credentials)) {
return response()->json(['error' => 'invalid_credentials'], 400);
}
return response()->json(compact('token'));
}
From the other hand, methods like check() if fail, return an exception and there is no need to wrap it inside an if clause
public function checkIfValid()
{
$isvalid = auth()->parseToken()->check())
return response()->json(compact('isvalid'));
}
Is this behaviour of attempt() expexted or not? Is there any reason that doesn't throw exceptions?
Subject of the issue
While using the
auth()->setTTL(1)->attempt($credentials)
I realized that if it doesn't match the credentials with a user in DB, it doesn't return an exception like UnauthorizedHttpException. For that reason one has to enclose the above command inside an if clause.In contrast methods like
check()
did return one and exception is handled by the global handler.Your environment
Steps to reproduce
The above code will return a JSON object with token:false which is setted in the local storage or wherever and will not throw an exception
To make it work one could do this or to throw a custom
UnauthorizedHttpException
From the other hand, methods like
check()
if fail, return an exception and there is no need to wrap it inside an if clauseIs this behaviour of
attempt()
expexted or not? Is there any reason that doesn't throw exceptions?