Lumen Passport 返回 500 错误而不是 401 错误答案

【问题标题】：Lumen Passport return 500 error instead 401 errorLumen Passport 返回 500 错误而不是 401 错误
【发布时间】：2021-02-17 21:55:39
【问题描述】：

我正在尝试为我们的项目使用流明护照。我已经按照这个lumen-passport 安装了。我通过邮递员请求成功收到了 access_token，这是我的代码。

{
 "grant_type": "client_credentials",
 "client_id": "2",
 "client_secret": "1QaxEr6P3K6kKsqa63nA2SMLsczuJJRvufXEDrzY",
 "scope": "*"
}

我收到访问令牌

{
"token_type": "Bearer",
"expires_in": 120,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImJmY2YyYjZlM2I4MTlkMzI3OTE5ODgyMjM0M2NlNjcxM2MyYjFkMjJjZDFiNTQ5ODQ5MjkxMzllMDc2NWJmM2UyZGMyMTMxYTRmYzk1MzNkIn0.eyJhdWQiOiIyIiwianRpIjoiYmZjZjJiNmUzYjgxOWQzMjc5MTk4ODIyMzQzY2U2NzEzYzJiMWQyMmNkMWI1NDk4NDkyOTEzOWUwNzY1YmYzZTJkYzIxMzFhNGZjOTUzM2QiLCJpYXQiOjE1Njg2MTg4ODksIm5iZiI6MTU2ODYxODg4OSwiZXhwIjoxNTY4NjE5MDA5LCJzdWIiOiIiLCJzY29wZXMiOlsiKiJdfQ.hIXxn1MJMSS6m2XXrt-EJatMp7KoomzKYnk_McpeeBo9VMYUtKU7tPWCmtw7XpFZFJWvGhIY8cx_A6kTaizFjqEkKmlj3jpjs9X9QUZNQ4J5CwjIcXUAJLRqw6WYvvW94GdPAgUBFz6eIbg_Tzt-149dIwPzlVpd8Ln3Bu84Htj9tiWalkdu5EL6lO_Mc8mFJpAh63fJs84_ES02ex_MACsO52pwfXQLPdrjyWSHPdqDj0hRPVMVMLtPdNtYS12MVf8xg_C6KdcB19viRhmlnQwjl98AXGYt_YeeJozKQax2bSSTqTHfNrBZpka7FZFMznkS3gQ8-9d9FYNSNu3Hiia2ZN44JkolBXB4bNpaa82cj_2yrQ-w8oFivOQqX-dQU7RDD5womVbCd8VmxmtUoTTXdWjridl0F5XasWJfc1N2vTGleY_AGi1qC5_39QXTXsEeesgsiGvq4OJCeIRSLvuuwpFUbV7LVfUvJVL3HSM9-PUBDw0Q2q7mCVLMf_ZLf5s_rNP7uTZOIpZUvUKYXCk4rCB6dE7YIGQZkBr2sOQADd8foMvnxEatwIiJoQCxAEHRgeybmBk4gDUhr-9IoroHxnXrcg2LPulfwe5-hS8cAkjh7OvUuld8W17_TzWOUJq1XPpgWCRomSAB_KeXdyFzrGyVXJTD2r_DU1HbJGE"}

在我的路线中，我有这些代码。

$router->group(['prefix' => 'api/v1', 'middleware' => 'client'], function() use (&$router){
$router->get('example/{id}', 'ExampleController@getData');});

为什么每次令牌过期我都会收到 500 错误而不是 401 错误？

我检查了存储日志中的日志，这是错误。我不知道这是否真的是一个错误。

[2019-09-17 02:39:59] local.ERROR: Illuminate\Auth\AuthenticationException: Unauthenticated. in /var/www/scheduler-app/vendor/laravel/passport/src/Http/Middleware/CheckClientCredentials.php:48
Stack trace:
#0 /var/www/scheduler-app/vendor/illuminate/pipeline/Pipeline.php(163): Laravel\Passport\Http\Middleware\CheckClientCredentials->handle(Object(Laravel\Lumen\Http\Request), Object(Closure))
#1 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Laravel\Lumen\Http\Request))
#2 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Laravel\Lumen\Http\Request))
#3 /var/www/scheduler-app/vendor/illuminate/pipeline/Pipeline.php(104): Laravel\Lumen\Routing\Pipeline->Laravel\Lumen\Routing\{closure}(Object(Laravel\Lumen\Http\Request))
#4 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(413): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#5 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(259): Laravel\Lumen\Application->sendThroughPipeline(Array, Object(Closure))
#6 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(233): Laravel\Lumen\Application->handleFoundRoute(Array)
#7 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(169): Laravel\Lumen\Application->handleDispatcherResponse(Array)
#8 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(416): Laravel\Lumen\Application->Laravel\Lumen\Concerns\{closure}(Object(Laravel\Lumen\Http\Request))
#9 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(171): Laravel\Lumen\Application->sendThroughPipeline(Array, Object(Closure))
#10 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(108): Laravel\Lumen\Application->dispatch(NULL)
#11 /var/www/scheduler-app/public/index.php(28): Laravel\Lumen\Application->run()
#12 {main} {"exception":"[object] (Illuminate\\Auth\\AuthenticationException(code: 0): Unauthenticated. at /var/www/scheduler-app/vendor/laravel/passport/src/Http/Middleware/CheckClientCredentials.php:48)
[stacktrace]
#0 /var/www/scheduler-app/vendor/illuminate/pipeline/Pipeline.php(163): Laravel\\Passport\\Http\\Middleware\\CheckClientCredentials->handle(Object(Laravel\\Lumen\\Http\\Request), Object(Closure))
#1 [internal function]: Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Laravel\\Lumen\\Http\\Request))
#2 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Laravel\\Lumen\\Http\\Request))
#3 /var/www/scheduler-app/vendor/illuminate/pipeline/Pipeline.php(104): Laravel\\Lumen\\Routing\\Pipeline->Laravel\\Lumen\\Routing\\{closure}(Object(Laravel\\Lumen\\Http\\Request))
#4 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(413): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#5 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(259): Laravel\\Lumen\\Application->sendThroughPipeline(Array, Object(Closure))
#6 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(233): Laravel\\Lumen\\Application->handleFoundRoute(Array)
#7 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(169): Laravel\\Lumen\\Application->handleDispatcherResponse(Array)
#8 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(416): Laravel\\Lumen\\Application->Laravel\\Lumen\\Concerns\\{closure}(Object(Laravel\\Lumen\\Http\\Request))
#9 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(171): Laravel\\Lumen\\Application->sendThroughPipeline(Array, Object(Closure))
#10 /var/www/scheduler-app/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(108): Laravel\\Lumen\\Application->dispatch(NULL)
#11 /var/www/scheduler-app/public/index.php(28): Laravel\\Lumen\\Application->run()
#12 {main}

【问题讨论】：

你检查你的日志了吗？看起来还有其他错误被抛出，这意味着该服务器返回 500 错误
您的路由不需要经过身份验证的用户，您可以添加 auth:api 中间件laravel.com/docs/5.8/passport#via-middleware（我猜错误类似于尝试访问用户的 null 属性）
@RolandStarke 抱歉回复晚了。我正在为我的项目使用流明护照。我认为 lumen 护照和 laravel 护照是有区别的。正如我现在所读的。流明护照访问受限
@mukeshkumar 抱歉稍后回复。我在这里检查了日志/storage/logs/lumen.log。有关日志错误，请参阅我的更新帖子

标签： laravel lumen

【解决方案1】：

我知道对于那些了解 lumen passport 的开发人员来说，这不是最佳答案，但我想出了另一种解决方法。我只是从CheckClientCredentials 复制代码，正如我所检查的那样，代码验证了请求。这里是

public function handle($request, Closure $next, ...$scopes)
    {
        $psr = (new DiactorosFactory)->createRequest($request);

        try {
            $psr = $this->server->validateAuthenticatedRequest($psr);
        } catch (OAuthServerException $e) {
            throw new AuthenticationException;
        }

        $this->validateScopes($psr, $scopes);

        return $next($request);
    }

在我的身份验证中间件中添加此代码。

public function handle($request, Closure $next, $guard = null)
    {
        $psr = (new DiactorosFactory)->createRequest($request);

        try {
            $psr = $this->server->validateAuthenticatedRequest($psr);
        } catch (OAuthServerException $e) {
            return response('Unauthorized.', 401);
        }

        // if ($this->auth->guard($guard)->guest()) {
        //     return response('Unauthorized.', 401);
        // }

        return $next($request);
    }

我有这条路线

$router->group(['prefix' => 'api/v1', 'middleware' => ['auth', 'client']], function() use (&$router){
    $router->get('example/{id}', 'ExampleController@getData');
});

它现在正在工作。我收到 401 错误，如果令牌未过期，它会验证令牌。

【讨论】：

【解决方案2】：

感谢您的解决方案。我添加了一个检查是否真的是 401 错误。

public function handle($request, Closure $next, ...$scopes)
{
    $psr = (new PsrHttpFactory(
        new Psr17Factory,
        new Psr17Factory,
        new Psr17Factory,
        new Psr17Factory
    ))->createRequest($request);

    try {
        $psr = $this->server->validateAuthenticatedRequest($psr);
    } catch (OAuthServerException $e) {

        if($e->getHttpStatusCode() === 401) {
            return response('Unauthorized.', 401);
        }

        throw new AuthenticationException;

    }

    $this->validate($psr, $scopes);

    return $next($request);
}

【讨论】：