RequestGuard::attempt 不存在

Question

当我以管理员身份登录时，我正在尝试对 api 进行多重保护身份验证 跟随错误

BadMethodCallException 方法 Illuminate\Auth\Req uestGuard::attempt 不存在。

这是我在控制器中的登录方法

 public function login(Request $request){
    if(Auth::guard('admin-api')->attempt(['email' => request('email'), 'password' => request('password')]))
    {

  // if successful, then redirect to their intended location


        $user = Auth::guard('admin-api');
        $success['token'] =  $user->createToken('admin')->accessToken;
        return response()->json(['success' => $success], $this->successStatus);
    }
    else{
        return response()->json(['error'=>'Unauthorised'], 401);
    }
}

我的 api.php

Route::prefix('admin')->group(function () {


Route::post('login', 'API\Admin\AdminController@login')->name('admin.login');
Route::post('register', 'API\Admin\AdminController@register')->name('admin.register');

Route::group(['middleware' => 'auth:admin-api'], function(){
 Route::post('get-details', 'API\Admin\AdminController@getDetails');
});


});

我的管理员模型

<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Passport\HasApiTokens;

class Admin extends Authenticatable
{
 use HasApiTokens, Notifiable;
 protected $table = 'admin';
 protected $guard = 'admin-api';
/**
 * The attributes that are mass assignable.
 *
 * @var array
 */
protected $fillable = [
    'name', 'email', 'password',
];

/**
 * The attributes that should be hidden for arrays.
 *
 * @var array
 */
protected $hidden = [
    'password', 'remember_token',
];

}

请告诉我您想要的任何其他输入

Answer 1

这是一个更好的技巧

   $credentials = ['email' => $request->username, 'password' => $request->password];

   //Since we are not using guard web in API request, we have to add it here ( 
   // guard('web') ) to access the Auth::attempt function,
   // the Auth::attempt needs web guard and crsf token, but using it here bypasses 
   // the post with crsf.
    if (Auth::guard('web')->attempt($credentials, false, false)) {
    dd('user is OK');
    }else{
   dd('user is NOT OK');
    }

Answer 2

不幸的是，Laravel Facade for Auth 不希望你将它用于 api 保护，因为会话和 cookie 将被设置，因此不支持 ->attempt() 功能。但是 API 中间件禁用会话和 cookie，因为它是无状态的。所以这里是黑客。 进入您的 confi\auth 并为您的 api 守卫创建一个类似的 Web 实例

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'drivers-web' => [
        'driver' => 'session',
        'provider' => 'drivers',
    ],

    'api' => [
        'driver' => 'passport',//previously "token"
        'provider' => 'users',//This will be switched regularly from the middleware between drivers and users
    ],

    'drivers-api' => [
        'driver' => 'passport',//previously "token"
        'provider' => 'drivers',
    ],
],

无论如何，您可以使用护照来生成无状态会话的客户端访问令牌。并且还可以很好地用于身份验证。

Answer 3

对我来说，我将网络驱动程序从护照更改为会话。必须清除 Laravel 的缓存才能返回会话驱动程序

php artisan cache:clear