app: Can't access authorized user after login
I’ve set
// Session
Framework\Auth\TokenStorage\SessionTokensBootloader::class,
// Database Session Storage
Framework\Auth\TokenStorage\CycleTokensBootloader::class,
And I could login with following code LoginController.php:
public function loginPost(LoginRequest $login)
{
if (!$login->isValid()) {
return [
'status' => 400,
'errors' => $login->getErrors()
];
}
// application specific login logic
$user = $this->users->findOne(['username' => $login->getField('username')]);
if (
$user === null
|| !password_verify($login->getField('password'), $user->password)
) {
return [
'status' => 400,
'error' => 'No such user'
];
}
// create token
$token = $this->authTokens->create(['userID' => $user->id]);
$this->auth->start(
$token
);
return [
'status' => 200,
'message' => 'Authenticated!',
'token' => $token
];
}
But When I tried to access protected route, home HomeController.php, I’m not getting the details of authorized user
public function index(): string
{
if ($this->auth->getActor() === null) {
throw new ForbiddenException();
}
dump($this->auth->getActor());
}
Here, I’m getting Forbidden. I’m following as per this documentation: https://spiral.dev/docs/security-authentication#actor-provider-and-token-payload
Here the browser testin : https://storyxpress.co/video/k8wzh5q7nz2rsgwv3
home/index: https://github.com/itsursujit/go-php/blob/master/app/src/Controller/HomeController.php#L43
Am I doing something wrong?
[UPDATED: $this->auth on Controller returning null]
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 19 (7 by maintainers)
Also Please check this video: https://storyxpress.co/video/k8x5q34nms4w3a0ke