Passport: Passport 4 TokenGuard and Laravel 5.5.42 don't work together
Hi,
I noticed that my auth was broken in passport after upgrading to 5.5.42, it seems that passport uses the decrypt method without checking the $serialize property in the encryptcookie middleware and that causes passport to try and unserialize the cookie even if it is not serialized. Causing an exception and ultimately the auth to fail.
I added a check to my middleware to still serialize the passport cookie to work around this for now.
Zae
All 15 comments
This is the function in the middleware to make it work btw, it serializes only the passport cookie and uses the $serialize property for the rest.
~~~php
/**
* Determine if the cookie contents should be serialized.
*
* @param string $name
* @return bool
*/
public static function serialized($name)
{
// Work around the fact that passport:4 can't handle
// the cookie serialization fix of laravel 5.5.42
if (class_exists(Passport::class) && $name === Passport::$cookie) {
return true;
}
return static::$serialize;
}
~~~
Zae
on 23 Aug 2018
Hi. I have the same issue. I tried your solution @Zae but now I'm getting this error:
unserialize(): Error at offset 0 of 187 bytes
I cleared all the cache and sessions just in case. I'm using Laravel 5.5.42 and Passport 4.0.3.
Do you have any idea what to do?
EDITED:
OK it's working. I just had to clear my cookies for the application. Thanks for the solution @Zae !
zsoltgyure
on 1 Sep 2018
@Zae your solution worked for me as well. Is this something fixed in a later release of passport? If we are sticking with 5.5.x laravel, should we be using only passport 4.x or can we upgrade passport?
walliby
on 4 Sep 2018
@walliby This is fixed in the latest version, but you need laravel 5.6 for that, the passport version for laravel 5.5 doesn't have this fix (yet). Because i'm still stuck on laravel 5.5 I couldn't use the newer version of passport.
Zae
on 4 Sep 2018
I modified my app/Htp/Middleware/EncryptCookies.php
<?php
namespace App\Http\Middleware;
use Illuminate\Cookie\Middleware\EncryptCookies as Middleware;
use Symfony\Component\HttpFoundation\Request;
class EncryptCookies extends Middleware
{
/**
* Indicates if the cookies should be serialized.
*
* @var bool
*/
protected static $serialize = true;
/**
* The names of the cookies that should not be encrypted.
*
* @var array
*/
protected $except = [
//
];
/**
* Decrypt the cookies on the request.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* @return \Symfony\Component\HttpFoundation\Request
*/
protected function decrypt(Request $request)
{
foreach ($request->cookies as $key => $c) {
if ($this->isDisabled($key)) {
continue;
}
try {
$request->cookies->set($key, $this->decryptCookie($key, $c));
} catch (\Exception $e) {
$request->cookies->set($key, null);
}
}
return $request;
}
}
frdteknikelektro
on 12 Sep 2018
Heya, unfortunately we don't support such an old Passport version anymore. Please upgrade to the latest version to see if the problem persists.
driesvints
on 15 Oct 2018
But Laravel 5.5 is the LTS release and Passport v4 has a bug that means it won't work since version Laravel 5.5.42. Isn't Passport an official Laravel package?
archy-bold
on 16 Oct 2018
Laravel 5.5 is indeed LTS but Passport 4.0 isn't.
driesvints
on 16 Oct 2018
Then shouldn't this be documented somewhere?
archy-bold
on 16 Oct 2018
I don't know what you mean? It's never been said that Laravel's other libraries had any LTS releases?
driesvints
on 16 Oct 2018
This is an issue for anyone using Passport with Laravel 5.5. Laravel 5.5 is an LTS release, whether Passport 4 is or not. People are going to encounter this problem, so shouldn't it be documented somewhere about how to deal with the issue?
Your suggestion to upgrade Passport isn't possible for some as they're on the LTS version of Laravel, which is only compatible with an outdated version of Passport. I'm just suggesting the fix from @Zae maybe should be documented.
archy-bold
on 16 Oct 2018
I agree this is a problem. This means anybody using the latest version of Laravel 5.5 which is LTS cannot configure Passport out of the box. At the very least, the laravel documentation located here should be updated: https://laravel.com/docs/5.5/passport#installation
walliby
on 16 Oct 2018
You're free to send in a PR. Make sure you link back to this issue so Taylor knows why you're sending it in.
driesvints
on 16 Oct 2018
it works
carsonlius
on 29 Oct 2018
This is the function in the middleware to make it work btw, it serializes only the passport cookie and uses the $serialize property for the rest.
/** * Determine if the cookie contents should be serialized. * * @param string $name * @return bool */ public static function serialized($name) { // Work around the fact that passport:4 can't handle // the cookie serialization fix of laravel 5.5.42 if (class_exists(Passport::class) && $name === Passport::$cookie) { return true; } return static::$serialize; }
@Zae,
When I try to access an API from Postman with Bearer with token,
XSRF-TOKEN, _ga and <my_project>_session are coming as $name not laravel_token (Passport::$cookie).
So, it is not passing the condition in serialized().
Laravel : 5.5.44
Passport: 4.0.3
What should I do?
Saneesh
on 21 Dec 2018
Related issues
ghost
·
3Comments
andcl
·
3Comments
SwiTool
·
3Comments
brryfrmnn
·
3Comments
aluferraz
·
3Comments
Most helpful comment
This is the function in the middleware to make it work btw, it serializes only the passport cookie and uses the $serialize property for the rest.
~~~php
/**
* Determine if the cookie contents should be serialized.
*
* @param string $name
* @return bool
*/
public static function serialized($name)
{
// Work around the fact that passport:4 can't handle
// the cookie serialization fix of laravel 5.5.42
if (class_exists(Passport::class) && $name === Passport::$cookie) {
return true;
}
~~~