jeudi 14 février 2019

can my web service return to the same time token and refresh token : Laravel /jwt

I am in the course of developing an API, I have a refreshing token problem, at this moment I do a controller that receives the refreshing request with the valid token and the controller will create a new token and puts the last one to the blacklist, the Problem here is the mobile developer how will know the expiration time of the token I see that it is not practical to send at any time to test the validity of the token because the controller I use it can not refreshire an expired token for example: the validity of my token 60 min if the mobile developer does not make a request before this 60 min it will disconnect from the application because the token will expire and it cannot refresh, but if he sends a requests to refresh token before this 60 min everything will go well. my question is can I generate two tokens the first normal token and the second when the developer sends a requette and he receives a 401 request he uses the refresh token to generate another two tokens and so he stays connected until he makes a manual disconnection

Translated with http://bit.ly/2Bmjolq

my controller AUthcontroller :

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\User;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Tymon\JWTAuth\Contracts\Providers\Auth;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenInvalidException;
use Tymon\JWTAuth\Facades\JWTAuth;
use Validator, Hash;
use Illuminate\Support\Facades\Password;
use Carbon\Carbon;
use Config;
use Artisan;
class AuthController extends Controller
{
    /**
     * API Register
     *
     * @param Request $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function register( Request $request){
        $validator = Validator::make($request -> all(),[
            'email' => 'required|string|email|max:255|unique:users',
            'username' =>'required',
            'tel' => 'required',
            'name' => 'required',
            'lastname' => 'required',
            'adress' => 'required',
            'password'=> 'required'
        ]);

        if ($validator -> fails()) {
            # code...
            return response()->json($validator->errors());

        }

        $user_data = User::create([
            'name' => $request->get('name'),
            'email' => $request->get('email'),
            'tel' => $request->get('tel'),
            'username' => $request->get('username'),
            'lastname' => $request->get('lastname'),
            'adress' => $request->get('adress'),
            'password'=> bcrypt($request->get('password'))
        ]);
        $user = User::first();
        $token = JWTAuth::fromUser($user);



        return response()->json(['success'=> true,'token'=>compact('token'),'Data'=>$user_data, 'message'=> 'Thanks for signing up']);


    }

    /**
     * API Login, on success return JWT Auth token
     *
     * @param Request $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function login(Request $request)
    {
        $credentials = $request->only('email', 'password');
        $rules = [
            'email' => 'required|email',
            'password' => 'required',
        ];
        $validator = Validator::make($credentials, $rules);
        if($validator->fails()) {
            return response()->json(['success'=> false, 'error'=> $validator->messages()], 401);
        }
        try {
            // attempt to verify the credentials and create a token for the user
            $time = isset($request->time) ? $request->time : Config::get('jwt.ttl');
            // print_r(Carbon::now()->addSeconds($time)->timestamp);
            Config::set('jwt.ttl', $time);
            Artisan::call('config:clear');
            if (! $token = JWTAuth::attempt($credentials)) {
                return response()->json(['success' => false, 'error' => 'We cant find an account with this credentials. Please make sure you entered the right information and you have verified your email address.'], 404);
            }
        } catch (JWTException $e) {
            // something went wrong whilst attempting to encode the token
            return response()->json(['success' => false, 'error' => 'Failed to login, please try again.'], 500);
        }
        // all good so return the token
       // $refresh_token = auth('api')->refresh($token)
     //  $token = Auth::refresh($token);
      //  $token = JWTAuth::refresh($token);

        return response()->json(['success' => true, 'data'=> [ 'token' => $token ]], 200);
    }
    /**
     * Log out
     * Invalidate the token, so user cannot use it anymore
     * They have to relogin to get a new token
     *
     * @param Request $request
     */
    public function logout(Request $request) {
        try {
            JWTAuth::invalidate($request->header('Authorization'));
            return response()->json(['success' => true, 'message'=> "You have successfully logged out."]);
        } catch (JWTException $e) {
            // something went wrong whilst attempting to encode the token
            return response()->json(['success' => false, 'error' => 'Failed to logout, please try again.'], 500);
        }
    }
    public function token($token = null){
        $token = $token ? $token : JWTAuth::getToken();
        if(!$token){
            throw new BadRequestHtttpException('Token not provided');
        }
        try{
            $token = JWTAuth::refresh($token);
        }catch(TokenInvalidException $e){
            throw new AccessDeniedHttpException('The token is invalid');
        }
        return response()->json(['success' => true, 'data' => $token], 200);
    }
    public function recover(Request $request)
    {
        $user = User::where('email', $request->email)->first();
        if (!$user) {
            $error_message = "Your email address was not found.";
            return response()->json(['success' => false, 'error' => ['email'=> $error_message]], 401);
        }
        try {
            Password::sendResetLink($request->only('email'), function (Message $message) {
                $message->subject('Your Password Reset Link');
            });
        } catch (\Exception $e) {
            //Return with error
            $error_message = $e->getMessage();
            return response()->json(['success' => false, 'error' => $error_message], 401);
        }
        return response()->json([
            'success' => true, 'data'=> ['message'=> 'A reset email has been sent! Please check your email.']
        ]);
    }
    public function changePassword(Request $request)
    {
        $inputs = $request->only('oldpassword','newpassword');
        $rules = [
            'oldpassword' => 'required',
            'newpassword' => 'required',
        ];
        $validator = Validator::make($inputs, $rules);
        if($validator->fails()) {
            return response()->json(['success'=> false, 'error'=> $validator->messages()], 401);
        }
        try {
            $authuser = auth()->user();
            if (! Hash::check($request->oldpassword, $authuser->password) ){
                return response()->json(['success' => false, 'error' => 'You enter wrong old password'], 404);
            }
            $updated = User::where('email', $authuser->email)->update(['password' =>  Hash::make($request->newpassword)]);
            if($updated){
                $gettoken = $this->token($request->header('Authorization'));
                $token = $gettoken->original['data'];
            }
        } catch (JWTException $e) {
            // something went wrong whilst attempting to encode the token
            return response()->json(['success' => false, 'error' => 'Failed to change password, please try again.'], 500);
        }
        return response()->json(['success' => true, 'data'=> [ 'message' =>'Password successfully changed',"token"=>$token]], 200);
    }
}


via Chebli Mohamed
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)