laravel 护照:请求 user() 在 auth:api 中间件外返回 null,在返回用户对象内
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/46110391/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
laravel passport: Request user() returning null outside auth:api middleware, and inside returning user object
提问by NAVEEN KUMAR
When I am tring to get loggedin user details using auth:api middleware, it returns user object with details in my controller function.
当我尝试使用 auth:api 中间件获取登录用户详细信息时,它会在我的控制器函数中返回包含详细信息的用户对象。
api.php (with auth:api middleware returns User object)
Route::group(['middleware' => 'auth:api'], function() {
Route::get('users/mentor_details/{uuid}','UserController@getMentorProfileDetails');
});
But when I am trying to get loggedin user details outside this auth:api middleware, it returns null.
但是,当我尝试在此 auth:api 中间件之外获取登录用户详细信息时,它返回 null。
api.php (without auth:api middleware return null)
Route::get('users/mentor_details/{uuid}','UserController@getMentorProfileDetails');
回答by patricus
When the auth middleware is not provided, or is provided without specifying the guard, the default guard is used to determine the user. Unless you have changed this in your config/auth.phpfile, the default guard is the webguard.
当没有提供auth中间件,或者提供时没有指定guard,则使用默认的guard来确定用户。除非你在你的config/auth.php文件中改变了这个,默认的守卫是web守卫。
So, when you go to a route that is not protected by a specific auth middleware, the user that is loaded is the one provided by the webguard.
因此,当您转到不受特定身份验证中间件保护的路由时,加载的用户是web守卫提供的用户。
Therefore, even though you may be sending the bearer token to use a specific user, the webguard doesn't know anything about that, and since you have no user logged in via the webguard, you are getting a nulluser.
因此,即使您可能正在发送不记名令牌以使用特定用户,web守卫对此一无所知,并且由于您没有通过web守卫登录的null用户,因此您正在获得一个用户。
You've got four options:
你有四个选择:
Make sure the route is protected by the
auth:apimiddleware, which specifies theapiguard. This, however, will not allow guests to access the url.Change your default guard to
apiin yourconfig/auth.phpfile. This is probably not what you want to do, especially if you do have normal web users.Tell the request you want the user from the
apiguard. The$request->user()method takes a guard as an argument, so if you do$request->user('api'), it will retrieve the user using theapiguard.Get the user from the
apiguard directly:auth()->guard('api')->user().
确保路由受到
auth:api指定保护的中间件的api保护。但是,这将不允许访客访问该 url。将您的默认保护更改为
api在您的config/auth.php文件中。这可能不是您想要做的,特别是如果您有普通的网络用户。从
api警卫那里告诉你想要用户的请求。该$request->user()方法将守卫作为参数,因此如果您这样做$request->user('api'),它将使用api守卫检索用户。api直接从守卫那里获取用户:auth()->guard('api')->user().
回答by leyduana
The auth middleware is the one returning the user. auth:api just indicates to use the API guard. In the source code of laravel, the file vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.phpline 62, the function shouldUse is the one setting the Auth::user() object. Check out also vendor/laravel/framework/src/Illuminate/Auth/AuthManager.phpshouldUse function
auth 中间件是返回用户的中间件。auth:api 仅表示使用 API 防护。在 laravel 的源代码中,文件vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php第62行,函数 shouldUse 是设置 Auth::user() 对象的一个。退房也vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php应该使用功能
