Search code examples
jsonapirestlaravelcartalyst-sentry

REST api authenication with laravel 4 and sentry 2

I am building a RESTful API with laravel 4 and sentry 2,I try to create API with method postSignin but failed.correction to beg in postSignin this is filters and route.

filters

    Route::filter('api', function()
    {
    // Check if the user is logged in
    if ( ! Sentry::check())
    {   
        return Response::json(array('digle'=> array(
            'status' => 1,
            'desc' => 'Unauthorized',
        )));
    }
});

routes

    Route::group(array('prefix' => 'api/v1','before' => 'api'), function()
    {
    //Test
    Route::get('/', array('as'=>'/', 'uses'=>'ApiTestController@getIndex'));

    //Login
    Route::get('signin', array('uses' => 'ApiTestController@getSignin'));
    Route::post('signin', 'ApiTestController@postSignin');

    //Logout
    Route::get('logout', array('uses' => 'ApiTestController@getLogout'));

});

controller

 /**
 * Route /signin 
 *
 * @return Response POST 
 */
public function postSignin()
{
    //Declare the rules for the form validation
    $rules = array(
        'email'    => 'required|email',
        'password' => 'required|between:3,32',
    );

    // Create a new validator instance from our validation rules
    $validator = Validator::make(Input::all(), $rules);

    // If validation fails, we'll exit the operation now.
    if ($validator->fails())
    {
        // Ooops.. something went wrong
        //return Redirect::back()->withInput()->withErrors($validator);
        return Response::json(array('digle' => array(
           'Error' => 'error',
        )));
    }

    try
    {   
        $userdata = array(
            'email' => Input::get('email'),
            'password'=> Input::get('password')
        );
        // Try to log the user in
        Sentry::authenticate($userdata, false);


        return Response::json(array('digle' => array(
            'status' => 0,
            'desc' => 'succes'
        )));
    }
    catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
    {
        return Response::json(array('digle' => array(
            'status' => $this->messageBag->add('email', Lang::get('auth/message.account_not_found'))
        )));

    }
    catch (Cartalyst\Sentry\Users\UserNotActivatedException $e)
    {
        return Response::json(array('digle' => array(
            'status' => $this->messageBag->add('email', Lang::get('auth/message.account_not_activated'))
        )));

    }
    catch (Cartalyst\Sentry\Throttling\UserSuspendedException $e)
    {
        return Response::json(array('digle' => array(
            'status' => $this->messageBag->add('email', Lang::get('auth/message.account_suspended'))
        )));

    }
    catch (Cartalyst\Sentry\Throttling\UserBannedException $e)
    {
        return Response::json(array('digle' => array(
            'status' => $this->messageBag->add('email', Lang::get('auth/message.account_banned'))
        )));

    }

    //something went wrong
    return Response::json(array('digle' => array(
            'status' => 0
    )));
}

and making a get request http://xxx.xx/api/v1/signin with params email and password then i test code use postman or restclient

Solution

  • Your before=>'api' filter is active for the signin route.

    The filter prevents the '@postSignin' action from running so you will always see the 'Unauthorized' response which the filter generates.

    Solution: You have to move the 'signin' route outside of the 'api' group or otherwise exclude the action from the being filtered by the sentry check.