lara-auth-bridge icon indicating copy to clipboard operation
lara-auth-bridge copied to clipboard

Published 20 hours ago verified publisher icon CallMeNP

Does not work with Laravel 5.2?

Open carpusmedia opened this issue 8 years ago • 1 comments

Hello,

We are not able to get lara-auth-bridge to work properly. We are using Laravel 5.2.

When we try to log in to the forum, we get this error message:

You have specified an incorrect username. Please check your username and try again. If you continue to have problems please contact the Board Administrator.

No errors are created in the Laravel logs.

We've followed the instructions in the Readme, this is the setup:

laravel/config/app.php

<?php

return [
    ...
    'providers' => [
        ...
        'CallMeNP\LaraAuthBridge\LaraAuthBridgeServiceProvider'
        ...
     ]
]

laravel/config/lara-auth-bridge.php

<?php 

return [

    'appkey' => 'testkey',
 
    'user_model' => [
        'username_column' => 'email',
        'password_column' => 'password',
    ],

    'client_auth' => false,

];

laravel/app/Http/Middleware/VerifyCsfrToken.php

<?php

namespace App\Http\Middleware;
...
class VerifyCsrfToken extends BaseVerifier {
    ...
    protected $except = [
        'auth-bridge/*',
    ]
];

phpbb/ext/laravel/bridgebb/auth/provider/bridgebb.php

<?php

namespace {
   ...
    define('LARAVEL_URL', 'http://app.domain.com');
    define('BRIDGEBB_API_KEY', 'testkey');

    define ('LARAVEL_CUSTOM_USER_DATA', serialize ([
        'email' => 'user_email',
    ]));
...

The forum is hosted on a subdomain as well (http://forum.domain.com)

PHPBB: 3.1.10 Laravel: 5.2 lara-auth-bridge: 2.1.0 laravel/bridgebb: 2.0.0

carpusmedia avatar Jan 05 '17 18:01 carpusmedia

It seems like we found the problem.

As discovered in https://github.com/CallMeNP/lara-auth-bridge/issues/11, the problem is that ApiController::getSession is not able to validate the session.

The reason for this is that since Laravel 5.2, you need to wrap the routes in a web middleware to access the session state across the board (like the global in 5.1).

Simply change the routes declaration in laravel/vendor/callmenp/lara-auth-bridge/src/CallMeNP/LaraAuthBridgeServiceProvider.php from this:

Route::get('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@getSession'); 
Route::post('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@doLogin');
Route::delete('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@doLogout');

to this:

Route::group(['middleware' => ['web']], function () {
    Route::get('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@getSession');
    Route::post('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@doLogin');
    Route::delete('/auth-bridge/login', 'CallMeNP\LaraAuthBridge\Controllers\ApiController@doLogout');
});

This solved the problem for us.

carpusmedia avatar Jan 06 '17 16:01 carpusmedia