I really don't understand the Laravel HTTP Basic Authentication, nor even the point. Docs say only that and there is no good explanation about how works and how to make it:
Stateless HTTP Basic Authentication
You may also use HTTP Basic Authentication without setting a user identifier cookie in the session, which is particularly useful for API authentication. To do so, define a middleware that calls the onceBasic method. If no response is returned by the onceBasic method, the request may be passed further into the application:
<?php
namespace Illuminate\Auth\Middleware;
use Illuminate\Support\Facades\Auth;
class AuthenticateOnceWithBasicAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, $next)
{
return Auth::onceBasic() ?: $next($request);
}
}
Next, register the route middleware and attach it to a route:
Route::get('api/user', function() {
// Only authenticated users may enter...
})->middleware('auth.basic.once');
Nothing passed as a variable in the route, no cookies. The only thing that occurs to me is that is authenticated once with password and user and then all the requests for that user are accepted, Ins't it really bad in security? I mean anybody could access that user once it has logged in. I really don't understand the Auth::onceBasic() method and there is no information about it.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire