2013-07-30 41 views
0

我正在用laravel 4和sentry 2構建一個RESTful API,我嘗試使用postSignin方法創建API但failed.correction在postSignin中請求 這是過濾器和路由。與laravel 4和sentry 2解決REST api驗證

濾波器

Route::filter('api', function() 
    { 
    // Check if the user is logged in 
    if (! Sentry::check()) 
    { 
     return Response::json(array('digle'=> array(
      'status' => 1, 
      'desc' => 'Unauthorized', 
     ))); 
    } 
}); 

路由

Route::group(array('prefix' => 'api/v1','before' => 'api'), function() 
    { 
    //Test 
    Route::get('/', array('as'=>'/', 'uses'=>'[email protected]')); 

    //Login 
    Route::get('signin', array('uses' => '[email protected]')); 
    Route::post('signin', '[email protected]'); 

    //Logout 
    Route::get('logout', array('uses' => '[email protected]')); 

}); 

控制器

/** 
* Route /signin 
* 
* @return Response POST 
*/ 
public function postSignin() 
{ 
    //Declare the rules for the form validation 
    $rules = array(
     'email' => 'required|email', 
     'password' => 'required|between:3,32', 
    ); 

    // Create a new validator instance from our validation rules 
    $validator = Validator::make(Input::all(), $rules); 

    // If validation fails, we'll exit the operation now. 
    if ($validator->fails()) 
    { 
     // Ooops.. something went wrong 
     //return Redirect::back()->withInput()->withErrors($validator); 
     return Response::json(array('digle' => array(
      'Error' => 'error', 
     ))); 
    } 

    try 
    { 
     $userdata = array(
      'email' => Input::get('email'), 
      'password'=> Input::get('password') 
     ); 
     // Try to log the user in 
     Sentry::authenticate($userdata, false); 


     return Response::json(array('digle' => array(
      'status' => 0, 
      'desc' => 'succes' 
     ))); 
    } 
    catch (Cartalyst\Sentry\Users\UserNotFoundException $e) 
    { 
     return Response::json(array('digle' => array(
      'status' => $this->messageBag->add('email', Lang::get('auth/message.account_not_found')) 
     ))); 

    } 
    catch (Cartalyst\Sentry\Users\UserNotActivatedException $e) 
    { 
     return Response::json(array('digle' => array(
      'status' => $this->messageBag->add('email', Lang::get('auth/message.account_not_activated')) 
     ))); 

    } 
    catch (Cartalyst\Sentry\Throttling\UserSuspendedException $e) 
    { 
     return Response::json(array('digle' => array(
      'status' => $this->messageBag->add('email', Lang::get('auth/message.account_suspended')) 
     ))); 

    } 
    catch (Cartalyst\Sentry\Throttling\UserBannedException $e) 
    { 
     return Response::json(array('digle' => array(
      'status' => $this->messageBag->add('email', Lang::get('auth/message.account_banned')) 
     ))); 

    } 

    //something went wrong 
    return Response::json(array('digle' => array(
      'status' => 0 
    ))); 
} 

,使一個get請求http://xxx.xx/api/v1/signin使用參數電子郵件地址和密碼,然後我測試代碼使用郵遞員或RESTClient實現

+0

而不是GET請求做POST請求。 –

+0

@RubensMariuzzo你能執行 – avew

+0

你能確切地說明Laravel返回的錯誤嗎? – netvision73

回答

0

之前>「API」濾波器是用於登入路線活性。

該過濾器可防止'@postSignin'動作運行,因此您始終會看到過濾器生成的'未經授權'響應。

解決方案:您必須將「登錄」路線移動到「api」組之外,否則不要將此操作排除在由哨兵檢查篩選的位置。