Jwt-auth: JWT Auth is blocking Laravel Form Request
I am new to Laravel 5,
I am building a web app, I have set up the Tymon JWT Auth and its working well when a user logs in, so now am trying to create the registration for the app, i created a new RegisterController to handle the registration process without adding the Tymon JWT Auth anywhere in that controller, if i pass the values without validations the form works well, so for the validation i created a form request (RegisterRequest) to handle the validation, but when i type hint the form request into the postRegister method in the RegisterController e.g public function postRegister(RegisterRequest $request) {}, and i also imported the full path at the top, the error I get is TOKEN HAS EXPIRED, this shows that the JWT Auth is intercepting the form request and i don't know why that is happening, if i remove the form request, everything works fine, but i need the form request for my validation, please help.
kelvinrolex
All 10 comments
I think you must have something in your request lifecycle, that is triggering jwt-auth. Are you sure there is no middleware running?
tymondesigns
on 9 Dec 2015
I have checked and there is no middleware running, I couldn't find any solution online so I used the default laravel validation instead of form request. Thanks
kelvinrolex
on 10 Dec 2015
I ran into the same issue, and it turned out to not have anything to do with JWT Auth. By default, FormRequests return 302 redirects to the application root ("/") on an invalid request unless the request comes in with an accept header asking for JSON Accept: application/json or comes in as an XHR Request. So when I was testing with POSTMAN, it was just making a basic request, so Laravel was returning a 302, which POSTMAN followed, and which dumped me to a page where the JWT.Auth middleware was running and looking for tokens.
I fixed this in my app by overriding the Request abstract class and then extending from that, rather than the FormRequest class.
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Http\JsonResponse;
abstract class Request extends FormRequest
{
public function response(array $errors)
{
return new JsonResponse($errors, 422);
}
public function authorize()
{
return true;
}
}
<?php
namespace App\Http\Requests\Auth;
use App\Http\Requests\Request;
class LoginRequest extends Request
{
public function rules()
{
return [
'username' => ['required'],
'password' => ['required'],
];
}
}
bayssmekanique
on 9 Feb 2016
The same happens to me I cant use validation for example when I use the following:
<?php
protected function store(\Illuminate\Http\Request $request)
{
$this->validate($request, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
]);
$data = $request->all();
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}
This will give me:
{
"error": "token_not_provided"
}
but when I remove the validation it work fine:
<?php
protected function store(\Illuminate\Http\Request $request)
{
$data = $request->all();
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}
I'm using the middleware as following:
function __construct()
{
$this->middleware('jwt.auth', ['except' => ['authenticate', 'store']]);
}
and even when I remove the middleware completely still not working, any idea what could be the problem?
mdwekat
on 1 Mar 2016
Does it only not work when invalid data is provided or for valid requests as well?
bayssmekanique
on 1 Mar 2016
I'm using Angular as my front-end framework so after re investigation I find that it fails when the validation fails because Laravel redirects you rather that return the validation error if its not a valid AJAX request. and that triggered the JWT Auth middleware. I debugged further more I found that both $request->ajax() and $request->wantsJson() both return false.
but when I did set the header x-requested-with to xmlhttprequest everything worked just fine.
So at the end I think that its an Angular issue and not JWT Auth.
mdwekat
on 2 Mar 2016
@mirageisme how did you set the header, please can you paste the code on how you set the header.
Thanks
kelvinrolex
on 2 Mar 2016
@kelvinrolex, if you are using Angular REST libraries (like Resource or Restangular) it will automatically handle applying the appropriate headers. If you are making raw request calls, then you just need to add a header Accept: application/json.
$http({
method: 'GET',
url: '/someUrl',
headers: { Accept: 'application/json' }
})
Sometimes you might need to add it manually when $resource is not sending X-Requested-With correctly
myAppModule.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';
}]);
Thank you so much @mirageisme...
kelvinrolex
on 10 Mar 2016
Related issues
johncloud200
路
32Comments
sulemankhann
路
27Comments
punnawat
路
30Comments
SimonErich
路
23Comments
sanjukaniyamattam
路
23Comments
Most helpful comment
I ran into the same issue, and it turned out to not have anything to do with JWT Auth. By default, FormRequests return 302 redirects to the application root ("/") on an invalid request unless the request comes in with an accept header asking for JSON
Accept: application/jsonor comes in as an XHR Request. So when I was testing with POSTMAN, it was just making a basic request, so Laravel was returning a 302, which POSTMAN followed, and which dumped me to a page where the JWT.Auth middleware was running and looking for tokens.I fixed this in my app by overriding the
Requestabstract class and then extending from that, rather than theFormRequestclass.