Error: Unauthorized - Githubissues

pit07 commented 3 years ago

Hi everybody. I have this error : "Unauthorized", even with corrects email/password. I looked all threads in this GIT, but... :(

My authController.php

public function login(Request $request){
        $validator = Validator::make($request->all(), [
            'email' => 'required|email',
            'password' => 'required|string|min:4',
        ]);
        if ($validator->fails()) {
            return response()->json($validator->errors(), 422);
        }
        if (! $token = auth()->attempt($validator->validated())) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }
        return $this->createNewToken($token);
    }

I'm calling: http://127.0.0.1:8000/api/auth/login email: 'vincent.blondaux@gmail.com' password: 'admin' Headers : Content-Type: application/json

In my BDD: email: 'vincent.blondaux@gmail.com' password: '$2y$10$A2fsk3OfrstMyWaX0k4lkOWLhnFbALC5u0zMxvEEitjCzKQAFeE7m'

I tried

theses function:

    // use JWTAuth;
    //use JWTFactory;
    // if (! $token = auth()->attempt($validator->validated())) {
    // if (! $token = JWTAuth::attempt($validator->validated())) {
    // if (! $token = $this->guard()->attempt($validator->validated())) {
    if (! $token = auth()->attempt($validator->validated())) {

Nothing change.

to add a bcrypt() function:

public function login(Request $request){
        $datas['password'] = bcrypt($request->password);
        $datas['email'] = $request->email;
        $validator = Validator::make($datas, [ 
            'email' => 'required|email',
            'password' => 'required|string|min:4',
        ]);
      ...

But if i display the $data['password'] using:

return response()->json(['error' => $datas], 401);

i have a different hash each time... weird...!

I'm not sure about the bcrypt. With the password : "ADMIN", Laravel return (in my BDD): $2y$10$A2fsk3OfrstMyWaX0k4lkOWLhnFbALC5u0zMxvEEitjCzKQAFeE7m

Bcrypt generator (https://bcrypt-generator.com/ in 10 rounds) return: $2y$10$fCmIGKOvBm2lPds1dUEnHO6RAzuAYYCDwl1Fznl7f3tkuD9PZNnyC And differents hashs when i refresh the page...

And when i display the hash in my return json, i have: $2y$10$lxDDJ05hPtikjhs1UGy4heNJz450wuSIM7VBL266guaMr9xULQpE2 $2y$10$2KNuTpfEV6x3NPErvLd62OEQSvAbL.etQFxaxpnxdVQqaRVEead5O $2y$10$9aF6CbUyHg.IgS1xYaj8teS0Qoq7uF1NiFDvxAaGsAuyyKnQY98Iu etc....

... I'm going crazy... How to compare 2 password if byrpt hash is always different?

Thanks a lot for your help! Vincent

pit07 commented 3 years ago

Hi everybody!

I thing i found my mistake. In my auth.php file, i have:


'defaults' => [
        'guard' => 'web', 
        'passwords' => 'users',
    ],
'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'jwt',
            'provider' => 'clients',
            //'hash' => false,
        ],
    ],

I need to leave the default values to my Laravel Administration authentification. So, i need to indicate my guard in my auth function.

I tried:

         if (! $token = $this->guard('api')->attempt($validator->validated())) {

But: "Method App\Http\Controllers\AuthController::guard does not exist."

        if (! $token = Auth::guard('api')->attempt($validator->validated())) {

But: "Class 'App\Services\Auth\JwtGuard' not found"

        if (! $token = JWTAuth::guard('api')->attempt($validator->validated())) {

But: "Method [guard] does not exist."

I tried to install https://github.com/irazasyed/jwt-auth-guard

But :

Your requirements could not be resolved to an installable set of packages.
  Problem 1
    - irazasyed/jwt-auth-guard[dev-master, v1.0.0, ..., v1.0.4] require illuminate/support ~5.0 -> found illuminate/support[v5.0.0, ..., 5.8.x-dev] but these were not loaded, likely because it conflicts with another require.
    - irazasyed/jwt-auth-guard 1.0.x-dev is an alias of irazasyed/jwt-auth-guard dev-master and thus requires it to be installed too.
    - Root composer.json requires irazasyed/jwt-auth-guard ^1.0 -> satisfiable by irazasyed/jwt-auth-guard[v1.0.0, ..., 1.0.x-dev (alias of dev-master)].

CodeNinja1337 commented 3 years ago

Hi @pit07, Maybe this helps as it is a pretty well described article about how to setup JWT auth with this library. It's a bit older article but still works (used it few days ago). https://medium.com/@ripoche.b/create-a-spa-with-role-based-authentication-with-laravel-and-vue-js-ac4b260b882f

patricktan98 commented 3 years ago

Any update regarding this issue? I also met the same issue but my ! $token = Auth::attempt($validator->validated())always return me "true" value although the auth attempt is successful. The token should return me an access token instead of boolean value.. I have followed the docs that provided by the JWT Auth step-by-step but have no luck to set it up

purplenimbus commented 3 years ago

If your like me , i was attempting to use a hashed password to login which obviously wont work. Under he hood bcrypt is used to compare passwords so while comparing both the already hashed password was hashed again and thus the login failed. After searching high and low it wasent until i ran Hash::check() that i realized i was doing it wrong.

Always pass in the password to the api in plain text (while testing that is).

Also use auth('api') or $this->guard() that way you can be sure your using the jwt method of authentication. auth('api') defaults to laravel's authentication guard

tymondesigns / jwt-auth

Error: Unauthorized #2120