laravel-otp icon indicating copy to clipboard operation
laravel-otp copied to clipboard

Published 20 hours ago verified publisher icon mohammad-fouladgar

Add ValidationRule

Open mahdimsr opened this issue 3 years ago • 4 comments

add a validation rule to validate the token in the request

mahdimsr avatar Oct 02 '22 12:10 mahdimsr

@mahdimsr Thanks for your PR. I'd like to know what your idea is about this PR? This validation rule just returns true or false. In case we need the user validated by mobile and token to login user.

For example, you are using sanctum:

   $user  = OTP()->validate('+989389599530', 'token_123');
   $token = $user->createToken('ios')->plainTextToken;

   auth()->login($user);

mohammad-fouladgar avatar Oct 14 '22 12:10 mohammad-fouladgar

@mahdimsr Thanks for your PR. I'd like to know what your idea is about this PR? This validation rule just returns true or false. In case we need the user validated by mobile and token to login user.

For example, you are using sanctum:

   $user  = OTP()->validate('+989389599530', 'token_123');
   $token = $user->createToken('ios')->plainTextToken;

   auth()->login($user);

the validation you used in your example is enough to validate and check. but what if the developer wants to return some error message if the token isn't valid? two options are to choose from:

  • use the validate function like your example and return an error message in this way, you have to return the error badge message manually
  • use request validate rule

mahdimsr avatar Oct 21 '22 14:10 mahdimsr

@mahdimsr I agree with you. But there is a problem. When you call the validate method, this method revokes the token, therefore, we lose the token and we can not find the user, right? IMO, we can have a method something like that in the Fouladgar\OTP\OTPBroker class:

...
public function isValidToken(OTPNotifiable $user, string $token): bool
{
    return $this->tokenExists($user,$token);
}
...

And in our rule, use this method, not the validate method.

mohammad-fouladgar avatar Oct 22 '22 09:10 mohammad-fouladgar

@mahdimsr I agree with you. But there is a problem. When you call the validate method, this method revokes the token, therefore, we lose the token and we can not find the user, right? IMO, we can have a method something like that in the Fouladgar\OTP\OTPBroker class:

...
public function isValidToken(OTPNotifiable $user, string $token): bool
{
    return $this->tokenExists($user,$token);
}
...

And in our rule, use this method, not the validate method.

oh, I didn't recognize that. you're right :). I will fix it. thanks for the comment

mahdimsr avatar Oct 26 '22 05:10 mahdimsr

Dear @mahdimsr Because this issue seems to be inactive for quite some time now. I've closed this PR. Please feel free to reopen it.

mohammad-fouladgar avatar Nov 15 '22 07:11 mohammad-fouladgar