在JWT中注销无法正常工作 [英] Logout in JWT does not work
问题描述
我是Laravel的新手,我安装了JWT并登录,因此它可以工作并生成令牌,当我在邮递员中注销时,它返回true,但一次又一次返回true,并且
I am new in Laravel, I installed JWT and logged In , so It worked and generated a token, When I Logout in postman It returns true but again and again it returns true and
auth()-> user()
auth()->user()
总是在注销后返回用户
这是我的代码:
public function login(Request $request)
{
$this->validateLogin($request);
if (!$jwt_token = JWTAuth::attempt($request->toArray())) {
return response()->json([
'success' => false,
'message' => 'Invalid national_id or Password',
], 401);
}
return response()->json(['success' => true, 'token' => $jwt_token,], 200);
}
并注销:
public function logout(Request $request)
{
auth()->logout();
return response()->json(['data' => 'you logged out successfully'],200)
}
在路线上:
Route::group(['prefix' => 'v1', 'namespace' => 'Api\v1'], function() {
Route::post('login', 'Auth\LoginController@login');
});
Route::group(['middleware' => ['auth:api', 'api'], 'prefix' => 'v1', 'namespace' => 'Api\v1'], function() {
// Authentication Routes...
Route::post('logout', 'Auth\LoginController@logout')->name('logout');
.
.
.
.
.
我也再次使用了JWTAuth::invalidate($request->token);
,它不起作用.
I also used JWTAuth::invalidate($request->token);
again it did not work.
推荐答案
JWT是无状态的,因此令牌将一直有效直到它到期(您设置了到期时间). 从前端删除令牌,或在黑名单中始终检查所请求的令牌是否为valid
和not black listed
.
JWT is stateless, so token will be valid until it expires(You set the expiration). Either remove the token from your front end, or make a black list where you always check if the requested token is valid
and not black listed
.
I found a method to do this in github
public function testUserLogoutBlacklistsToken()
{
// Arrange
$user = factory('App\Models\User')->create();
$token = \Tymon\JWTAuth\Facades\JWTAuth::fromUser($user);
$payload = \Tymon\JWTAuth\Facades\JWTAuth::getPayload($token);
$headers = ['AUTHORIZATION' => 'Bearer ' . $token];
// Assert
$this->get('api/auth/logout', $headers)
->seeStatusCode(202)
->seeHeader('Authorization', '');
// Verify on the back-end that the token is blacklisted
$this->assertTrue(\Tymon\JWTAuth\Facades\JWTAuth::getBlacklist()->has($payload));
}
public function testAccessDeniedWithBlacklistedToken()
{
// Arrange
$user = factory('App\Models\User')->create();
$token = \Tymon\JWTAuth\Facades\JWTAuth::fromUser($user);
\Tymon\JWTAuth\Facades\JWTAuth::invalidate($token);
// Sanity check that JWTAuth::invalidate worked
$this->assertTrue(\Tymon\JWTAuth\Facades\JWTAuth::getBlacklist()->has($payload));
// User data should not be returned and response should have HTTP 500
$this->get('api/me', $headers)
->seeStatusCode(500);
}
这篇关于在JWT中注销无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!