我制作了一个UserController,当用户在页面上成功注册时,它会生成accessToken。
class UserController extends Controller
{
/**
* Login Method: in here we call Auth::attempt with the credentials the user supplied.
* If authentication is successful, we create access tokens and return them to the user.
* This access token is what the user would always send along with all API calls to have access to the APIs.
* Register Method: like the login method, we validated the user information,
* created an account for the user and generated an access token for the user.
*/
public function login()
{
$credentials = [
'email' => request('email'),
'password' => request('password')
];
if (Auth::attempt($credentials)) {
$success['token'] = Auth::user()->createToken('MyApp')->accessToken;
return response()->json(['success' => $success]);
}
$status = 401;
$response = ['error' => 'Unauthorized'];
return response()->json($response, $status);
}
public function register(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => 'required',
'email' => 'required|email',
'password' => 'required',
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
}
$input = $request->all();
$input['password'] = bcrypt($input['password']);
$user = User::create($input);
$success['token'] = $user->createToken('MyApp')->accessToken;
$success['name'] = $user->name;
return response()->json(['success' => $success]);
}
public function getDetails()
{
return response()->json(['success' => Auth::user()]);
}
}
我的问题是,我想在用户注销时删除令牌,但我不知道如何从用户中删除访问令牌。
注销我的UserController中的功能
public function logout()
{
Auth::user()->tokens->each(function($token, $key) {
$token->delete();
});
return response()->json([
'message' => 'Logged out successfully!',
'status_code' => 200
], 200);
}
当我用邮递员用GET路线测试它时:http://127.0.0.1:8000/api/logout.我是不是错过了什么?
更新
这是我的api.php文件:
Route::resource('categories', 'AppHttpControllersCategoryController');
Route::post('register', 'AppHttpControllersUserController@register');
Route::post('login', 'AppHttpControllersUserController@login');
/**
* We can group the routes we need auth for
* under common middleware. It secures our routes
*/
Route::group(['middleware' => 'auth:api'], function(){
Route::get('logout', 'AppHttpControllersUserController@logout');
});
我正在邮递员中使用以下路线进行测试:http://127.0.0.1:8000/api/logout并将Bearer令牌作为值传递,该令牌是我从登录请求中获得的。
应该是POST请求而不是GET请求,因为您正在删除/更改数据库。
路线应该是这样的:
Route::POST('logout', 'AppHttpControllersUserController@logout')->middleware('auth:api');
并且UserController中的注销方法应该是.
public function logout()
{
auth()->user()->tokens->each(function ($token, $key) {
$token->delete();
});
return response()->json([
'message' => 'Logged out successfully!',
'status_code' => 200
], 200);
}
在您的注销功能中,它应该使令牌过期,而不是删除它
public function logout(Request $request)
{
$request->user()->token()->revoke();
return response()->json([], Response::HTTP_NO_CONTENT);
}
或者,如果你想让他的所有代币过期:
use IlluminateSupportFacadesAuth;
public function logout(Request $request)
{
$userTokens = Auth::user()->tokens();
foreach($userTokens as $token)
{
$token->revoke();
}
}