Use sessions in laravel APIs

送分小仙女□ 提交于 2020-02-03 09:19:10

问题


To create a Two-factor SMS verification in larvel 5.5 and via dingo package, I follow this Simplified workflow:

First check isTwoFactorActive is true or false in your login function if its true send SMS and give the response to get SMS code which is received. If its false directly return token.

Route::post('auth/login', function () {

    $credentials = Input::only('email', 'password');

    if ( ! $token = JWTAuth::attempt($credentials) )
    {
        // return the 401 response
        return Response::json(['error' => 'invalid_credentials'], 401);
    } 

    if(Auth::user()->isTwoFactorActive) {

    $code = rand(1000,9999);  //generate sms code

    $send_sms = SendSMS($code,Auth::user()->phone);  //write your own code here to send SMS to user mobile

    $data= collect(array('sms_code'=>$code,'token'=>$token));  // save sms_code and token in an array 

    Session::push(Auth::user()->id, $data); // save array into session.

    return Response::json(array('login_status'=>'success','user_id'=>Auth::user()->id,'sms_required'=>'yes'));

    } else {

    return Response::json(array('login_status'=>'success','token'=>$token));

    }
});

Now on front end check the response if the token present, then go ahead and show homepage or show enter SMS code screen and capture the SMS code in a form and then post the details to this API again.

Route::post('sms/verification', function () {

    $user_id = Request::input('user_id');
    $code= Request::input('code');

    $data = Session::get($user_id);

    if($data->sms_code == $code) {

    return Response::json(array('status'=>'success','token'=>$data->token));

    } else {

   return Response::json(array('status'=>'failed','msg'=>'Invalid sms code!'));

   }
});

As you can see I used session to store created token to send it after successful two-factor authorization. But seem we can not use session in laravel and APIs.

what can I do in this case?


回答1:


The Laravel API default setup doesn't include session. But I believe you can add them manually. Here is a link I quickly found. Laravel 5.3 - How to add Sessions to `API` without CSRF?

But the Laravel documentation for Sessions and Middleware may also be useful.



来源:https://stackoverflow.com/questions/47482482/use-sessions-in-laravel-apis

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!