In my laravel app i have installed jwt packages and set the middleware but the the token is invalid or expired or not sent it shows an error not in JSON format bellow are the details of my problems. Every things is working correctly but exception not throw in json format.Exception thrown as error like this (Could not decode token: Error while decoding to JSON: Malformed UTF-8 characters, possibly incorrectly encoded) that is the issue.
this is my jwtMiddleware
public function handle($request, Closure $next)
{
try
{
$user = JWTAuth::parseToken()->authenticate();
}
catch (\JWTException $e)
{
if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenInvalidException)
{
return response()->json(['status' => 'Token is Invalid']);
}
else if ($e instanceof \Tymon\JWTAuth\Exceptions\TokenExpiredException)
{
return response()->json(['status' => 'Token is Expired']);
}
else
{
return response()->json(['status' => 'Authorization Token not found']);
}
return response()->json(['status' => $e]);
}
return $next($request);
}
this is the error shows as shown in image
shown exception as error
and expected error like this
required exception
sending postman request
sending to postman
Check that the request that you're sending has this header
{ Authorization: 'Bearer TOKEN' }
How to add this header in Axios:
axios.interceptors.request.use(request => {
if (store.getters.authToken) {
request.headers.common['Authorization'] = `Bearer ${store.getters.authToken}`
}
return request
})
Check that your .htaccess has the rule
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
I show my exception in json formate below way, you can try with this. to show exception in jwt you give this in catch JWTException
$credentials = $request->only('user_name', 'password');
try {
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json([
'code' => 404,
'response' => 'error',
'errors' => ['massage' => 'invalid email/ or password.']
]);
}
} catch (JWTException $e) {
return response()->json([
'code' => 500,
'response' => 'error',
'errors' => ['massage' => 'failed to create token.']
]);
}
Related
I want delete a post with authorization but failed with error "message": false,
"errors": "This action is unauthorized."
destroy controller
public function destroy($id, Post $post)
{
try {
$this->authorize('delete', $post);
$posts = Post::find($id);
$posts->delete();
return response()->json([
'success' => true,
'message' => 'Success'
]);
} catch (\Exception $e) {
return response()->json([
'message' => false,
'errors' => $e->getMessage()
]);
}
}
policy
public function delete(User $user, Post $post)
{
return $user->id == $post->user_id;
}
Postman
Ensure that the user is good connected. Which api do you used.? If sanctum or passport, you need to specified in your Header Request on Postman, attribute Authorization with the value Bearer your_token
That will create a request like you where connected as the user who owns the token.
You can also check the value by debbuging like this, and look at the response.
var_dump($post->user_id);
var_dump($user);
die();
I'm using V1 of https://github.com/tymondesigns/jwt-auth
I need to create an expired token, to test the TokenExpiredException in my code:
public function handle($request, Closure $next)
{
try {
JWTAuth::parseToken()->authenticate();
} catch (Exception $e) {
if ($e instanceof TokenInvalidException) {
return response()->json(['status' => 'Token is Invalid'], 401);
} elseif ($e instanceof TokenExpiredException) {
return response()->json(['status' => 'Token is Expired'], 401);
} else {
return response()->json(['status' => 'Authorization Token not found'], 401);
}
}
return $next($request);
}
I cannot do it:
public function setUp(): void
{
parent::setUp();
$password = '123456';
$user = new User([
'email' => 'info#example.com',
'password' => Hash::make($password),
]);
$user->save();
}
public function testExpiredToken()
{
$user = User::first();
$token = JWTAuth::fromUser($user, ['exp'=> 123456]);
$response = $this->withHeaders([
'Authorization' => 'Bearer '.$token,
])->get(Route('test_data_read_closed'));
$response->assertStatus(401);
}
But I get 200 from my test (token accepted, I got answer from my route) and not 401.
How can I create an expired token? Thank you
I spent hours trying to figure out why it was still responding with a 200 success code when an expired JWT is sent (for testing purposes). It turns out that the JWT package caches the claims in the \Tymon\JWTAuth\Factory instance. To fix it, you just have to clear the claims after the JWT is generated and before it's sent to a controller:
\Tymon\JWTAuth\Facades\JWTAuth::getPayloadFactory()->emptyClaims();
Otherwise, it thinks it's the same request and will re-use already built \Tymon\JWTAuth\Claims\Claim instances to decode another JWT. I will see about creating an issue on GitHub.
Currently I'm developing Laravel 5.8 with using JWT Auth, everything running as well in Postman, but when I tried for testing on Browser, I got a lot of errors and one by one has been fixed. Now I'm get another error when I try to pass JSON Web Token by using Request. The token isn't provided correctly. After I do sign in process in :
public function signin(Request $request)
{
$this->validate($request, [
'username' => 'required',
'password' => 'required'
]);
// grab credentials from the request
$credentials = $request->only('username', 'password');
try {
// attempt to verify the credentials and create a token for the user
if (! $token = JWTAuth::attempt($credentials)) {
return response()->json([
'error' => 'Invalid Credentials, username and password dismatches. Or username may not registered.',
'status' => '401'
], 401);
}
} catch (JWTException $e) {
// something went wrong whilst attempting to encode the token
return response()->json(['error' => 'could_not_create_token'], 500);
}
return response()->json([
'token' => $token
]);
}
The token generated successfully. But when I need the token to another controller, the token generated unsuccessfully, one of example is in this method :
public function index(Request $request)
{
// this will set the token on the object
JWTAuth::parseToken();
// and you can continue to chain methods
$user = JWTAuth::parseToken()->authenticate();
$token = JWTAuth::getToken();
die($token);
try {
if (! $user = JWTAuth::parseToken()->authenticate()) {
return response()->json(['user_not_found'], 404);
}
} catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) {
return response()->json(['token_expired'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) {
return response()->json(['token_invalid'], $e->getStatusCode());
} catch (Tymon\JWTAuth\Exceptions\JWTException $e) {
return response()->json(['token_absent'], $e->getStatusCode());
}
Everytime I'd like to JWTAuth::parseToken(); I got this error :
The token could not be parsed from the request
So why this happen? And what should I do? Because In signin method, the token successfully generated, but in index I can't access the token. Thanks for your attention.
Token needs to be passed via Headers in each api request
Header Name: Authorization
Expected Value: Bearer --token--
(without the -- ofcourse)
I developed an API and I have a problem with the expiration of the token, and I try to find ways to refresh the tokens sent by API ,I use custom middleware,When the token is expired, the refreshed token is added to the response headers. The app just needs to search if the response has this, if so, update the saved token.I get
{"code":103,"response":null}
my middleware
<?php
namespace App\Http\Middleware;
use Carbon\Carbon;
use Closure;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Cache;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenBlacklistedException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Tymon\JWTAuth\Facades\JWTAuth;
use Tymon\JWTAuth\Http\Middleware\BaseMiddleware;
class JwtRefresh extends BaseMiddleware {
public function handle($request, Closure $next)
{
try
{
if (! $user = JWTAuth::parseToken()->authenticate() )
{
return response()->json([
'code' => 101, // means auth error in the api,
'response' => null // nothing to show
]);
}
}
catch (TokenExpiredException $e)
{
// If the token is expired, then it will be refreshed and added to the headers
try
{
$refreshed = JWTAuth::refresh(JWTAuth::getToken());
$user = JWTAuth::setToken($refreshed)->toUser();
header('Authorization: Bearer ' . $refreshed);
}
catch (JWTException $e)
{
return response()->json([
'code' => 103, // means not refreshable
'response' => null // nothing to show
]);
}
}
catch (JWTException $e)
{
return response()->json([
'code' => 101, // means auth error in the api,
'response' => null // nothing to show
]);
}
// Login the user instance for global usage
Auth::login($user, false);
return $next($request);
}
}
I think you just need to do this,
if ($expired) {
try {
$newToken = $this->auth->setRequest($request)
->parseToken()
->refresh();
$user = $this->auth->authenticate($newToken);
} catch (TokenExpiredException $e) {
return $this->respond('tymon.jwt.expired', 'token_expired', $e->getStatusCode(), [$e]);
} catch (JWTException $e) {
return $this->respond('tymon.jwt.invalid', 'token_invalid', $e->getStatusCode(), [$e]);
}
// send the refreshed token back to the client
$request->headers->set('Authorization', 'Bearer ' . $newToken);
}
Hope this will helps you.
i am sending otp using twilio,laravel, message is working now, but i want to set exception for if message is not delivered etc i have tried like
public function send_otp()
{
try {
$account_sid = env('TWILIO_ACCOUNT_SID');
$auth_token = env('TWILIO_AUTH_TOKEN');
$number=Auth::user()->user_phone;
$client = new Client($account_sid, $auth_token);
$messages = $client->messages->create($number, array(
'From' => '+12533368077',
'Body' => Auth::user()->user_otp,
));
dd($messages);
//return $messages;
//throw new Exception();
} catch (Exception $e) {
return response()->json(['error' => true,'message'=>'Something went wrong'],200);
}
}
can you please help me with this
After setting env data did you clear cache?
php artisan config:cache
If you want to handle error - laravel has special logic for that. You need to just to catch that error and then make action, it is simple:
https://laravel.com/docs/5.6/errors
public function render($request, Exception $exception)
{
if ($exception instanceof CustomException) {
return response()->view('errors.custom', [], 500);
}
return parent::render($request, $exception);
}