Laravel和Dropbox WebAuth:“会话中缺少CSRF令牌" [英] Laravel and Dropbox WebAuth: "Missing CSRF token in session"
问题描述
我正在使用Laravel 5.0,并尝试使用Dropbox进行授权.我大致遵循以下示例:
I'm using Laravel 5.0 and trying to Authorize with Dropbox. I'm loosely following this example: http://dropbox.github.io/dropbox-sdk-php/api-docs/v1.1.x/class-Dropbox.WebAuth.html
当我转到/start时.我被重定向到Dropbox并单击允许",但是当我被重定向回/finish时,我在会话中不断收到Missing CSRF令牌.有人有什么想法吗?我已经读过$_SESSION在Laravel中不起作用,但是我不确定该怎么做.
When I go to /start. I get redirected to Dropbox and click "Allow", but when I get redirected back to /finish, I keep getting Missing CSRF token in session. Does anyone have any ideas? I have read that $_SESSION doesn't work in Laravel but I'm not sure how else to go about it.
这是我正在使用的代码:
Here is the code I am working with:
public function start()
{
$authorizeUrl = $this->getWebAuth()->start();
return redirect()->away($authorizeUrl);
}
public function finish()
{
$test = $this->getWebAuth()->finish($_GET);
dd($test);
}
private function getWebAuth()
{
$appKey = 'key';
$appSecret = 'secret';
$appName = 'name';
$appRedirect = 'http://example.com/finish';
$appInfo = new Dropbox\AppInfo($appKey, $appSecret);
$csrfTokenStore = new Dropbox\ArrayEntryStore($_SESSION, 'dropbox-auth-csrf-token');
$webAuth = new Dropbox\WebAuth($appInfo, $appName, $appRedirect, $csrfTokenStore);
return $webAuth;
}
更新1:
好的,所以我尝试使其与 Laravel Socialite 和 Dropbox社交名流提供者.我将代码更改为以下代码,但是按/start时出现错误. Driver [dropbox] not supported.我对说明的步骤3 感到非常困惑,所以也许我在那儿做错了.
Okay so I tried getting it working with Laravel Socialite and the Dropbox Socialite provider. I changed my code to what is below, but I get an error when I hit /start. Driver [dropbox] not supported. I got really confused on step 3 of the instructions, so maybe I did something wrong there.
composer.json
"require": {
"laravel/framework": "5.0.*",
"dropbox/dropbox-sdk": "1.1.*",
"laravel/socialite": "~2.0",
"socialiteproviders/dropbox": "~1.0"
},
控制器
use Socialite;
class ExampleController extends Controller {
public function start()
{
return Socialite::with('dropbox')->redirect();
}
public function finish()
{
$user = Socialite::with('dropbox')->user();
dd($user->token);
}
}
config/app.php
'providers' => [
//'Laravel\Socialite\SocialiteServiceProvider',
'SocialiteProviders\Manager\ServiceProvider',
],
'aliases' => [
'Socialite' => 'Laravel\Socialite\Facades\Socialite',
],
app/Providers/EventServiceProvider.php
protected $listen = [
'SocialiteProviders\Manager\SocialiteWasCalled' => [],
];
更新2:
我想通了,我添加了它,并且奏效了.
I figured it out, I added this and it worked.
app/Providers/EventServiceProvider.php
protected $listen = [
'SocialiteProviders\Manager\SocialiteWasCalled' => [
'SocialiteProviders\Dropbox\DropboxExtendSocialite@handle',
],
];
推荐答案
为什么要重新发明轮子,如果有包装可以帮助您做到这一点:
Why reinvent the wheel, if you have a wrapper that can do this for you:
https://github.com/GrahamCampbell/Laravel-Dropbox
原因是POST路由受CSRF保护.如果您不想使用包装器,则需要禁用此安全层,但是没人会建议这样做.
The reason is that the POST routes are protected with CSRF. If you do not want to use a wrapper, you need to disable this security layer, but nobody would recommend that.
更好的方法是使用 Laravel社交名流.唯一的事实是Dropbox本身不支持它,但是此程序包将解决该问题
Even better is using Laravel Socialite. Only the fact is here that Dropbox is not natively supported in it, but this package will solve that.
ceejayoz 的功劳帮助!
这篇关于Laravel和Dropbox WebAuth:“会话中缺少CSRF令牌"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
