Support the ongoing development of Laravel.io →
joaosauer
posted 7 years ago
Authentication Requests Security
Last updated 1 year ago.
0
joaosauer
replied 7 years ago

Right,

answering my own question: First for the part 2:

  • I create a new route outside middleware "auth:api': Route::post('/login', 'Auth\LoginController@apiLogin');

  • Then, in my apiLogin I modified the request and made the changes that I would like:

     function apiLogin(Request $request) {
     $tokenRequest = $request->create('/oauth/token', 'POST', $request->all());
     $request->request->add([
        "client_id"     => 'your_client_id',
        "client_secret" => 'your_client_secret',
        "grant_type"    => 'password',
        "code"          => '*',
     ]);

     $response = Route::dispatch($tokenRequest);
     $json = (array) json_decode($response->getContent());
     $json['new_value'] = '123456';
     $response->setContent(json_encode($json));
     return $response
 }

and then, I'm able to send more contents with the original json

For part 3:

  • I create a new route, INSIDE of the middleware "auth:api' (Please, not that even the controller is different, once that teh LoginController don't have constructor and the API controller does have the constructor with the mddleware: 'Route::post('login/pwdchange', 'ApiController@changePassword');'

  • Now, the client will need to send the original access_token with the old password and the new password. After I validate then, I change the password and also create a new token (I'm revoking any possible token after I change the password which will then force everybody to do a new login).

     function changePassword(Request $request) {
     $data = $request->all();
     $user = Auth::guard('api')->user();

     //Changing the password only if is different of null
     if( isset($data['oldPassword']) && !empty($data['oldPassword']) && $data['oldPassword'] !== "" && $data['oldPassword'] !=='undefined') {
         //checking the old password first
         $check  = Auth::guard('web')->attempt([
             'username' => $user->username,
             'password' => $data['oldPassword']
         ]);
         if($check && isset($data['newPassword']) && !empty($data['newPassword']) && $data['newPassword'] !== "" && $data['newPassword'] !=='undefined') {
             $user->password = bcrypt($data['newPassword']);
             $user->isFirstTime = false; //variable created by me to know if is the dummy password or generated by user.
             $user->token()->revoke();
             $token = $user->createToken('newToken')->accessToken;

             //Changing the type
             $user->save();

             return json_encode(array('token' => $token)); //sending the new token
         }
         else {
             return "Wrong password information";
         }
     }
     return "Wrong password information";
 }

Aparently is working fine. I hope that it helps someone.

Last updated 7 years ago.
0
syothalassery
replied 6 years ago

That's helps me a lot, thanks

0

Sign in to participate in this thread!

Eventy

Your banner here too?

joaosauer joaosauer Joined 15 Mar 2017

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
Steadfast Collective
BairesDev
Remotely Works

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise