Support the ongoing development of Laravel.io →
Authentication Requests Security
Last updated 2 years ago.
0

Right,

answering my own question: First for the part 2:

  • I create a new route outside middleware "auth:api': Route::post('/login', 'Auth\LoginController@apiLogin');

  • Then, in my apiLogin I modified the request and made the changes that I would like:

     function apiLogin(Request $request) {
         $tokenRequest = $request->create('/oauth/token', 'POST', $request->all());
         $request->request->add([
            "client_id"     => 'your_client_id',
            "client_secret" => 'your_client_secret',
            "grant_type"    => 'password',
            "code"          => '*',
         ]);
    
         $response = Route::dispatch($tokenRequest);
         $json = (array) json_decode($response->getContent());
         $json['new_value'] = '123456';
         $response->setContent(json_encode($json));
         return $response
     }
    

and then, I'm able to send more contents with the original json

For part 3:

  • I create a new route, INSIDE of the middleware "auth:api' (Please, not that even the controller is different, once that teh LoginController don't have constructor and the API controller does have the constructor with the mddleware: 'Route::post('login/pwdchange', 'ApiController@changePassword');'

  • Now, the client will need to send the original access_token with the old password and the new password. After I validate then, I change the password and also create a new token (I'm revoking any possible token after I change the password which will then force everybody to do a new login).

     function changePassword(Request $request) {
         $data = $request->all();
         $user = Auth::guard('api')->user();
    
         //Changing the password only if is different of null
         if( isset($data['oldPassword']) && !empty($data['oldPassword']) && $data['oldPassword'] !== "" && $data['oldPassword'] !=='undefined') {
             //checking the old password first
             $check  = Auth::guard('web')->attempt([
                 'username' => $user->username,
                 'password' => $data['oldPassword']
             ]);
             if($check && isset($data['newPassword']) && !empty($data['newPassword']) && $data['newPassword'] !== "" && $data['newPassword'] !=='undefined') {
                 $user->password = bcrypt($data['newPassword']);
                 $user->isFirstTime = false; //variable created by me to know if is the dummy password or generated by user.
                 $user->token()->revoke();
                 $token = $user->createToken('newToken')->accessToken;
    
                 //Changing the type
                 $user->save();
    
                 return json_encode(array('token' => $token)); //sending the new token
             }
             else {
                 return "Wrong password information";
             }
         }
         return "Wrong password information";
     }
    

Aparently is working fine. I hope that it helps someone.

Last updated 7 years ago.
0

That's helps me a lot, thanks

0

Sign in to participate in this thread!

Eventy

Your banner here too?

joaosauer joaosauer Joined 15 Mar 2017

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.