Search code examples
phplaravelauthenticationtokenlaravel-passport

My login route returns "unauthorised access" Laravel

So I'm trying to make a laravel API for a escorts-like site, anyway, i use Passport for authentification and the register part works but the login one doesnt, and i dont know why, i'll let the passportAuthController down as code and a ss of the database

class passportAuthController extends Controller
{
    /**
     * handle user registration request
     */
    public function registerUserExample(RegisterUserRequest $request){
        ///TODO: TEST THE CRUD FEATURES IMPLEMENTED IN THE USER CONTROLLER AFTER U CHECK LOGIN FEATURE
        $attributes = $request -> validated();
        $user = User::create($attributes);
        
        $access_token_example = $user->createToken('RegisterToken')->accessToken;
        //return the access token we generated in the above step
        return response()->json(['token'=>$access_token_example],200);
    }

    /**
     * login user to our application
     */
    public function loginUserExample(Request $request){
        $login_credentials=[
            'email'=>$request->email,
            'password'=>$request->password,
        ];
        if(auth()->attempt($login_credentials)){
            //generate the token for the user
            $user_login_token= auth()->user()->createToken('LoginToken')->accessToken;
            //now return this token on success login attempt
            return response()->json(['token' => $user_login_token], 200);
        }
        else{
            //wrong login credentials, return, user not authorised to our system, return error code 401
            return response()->json(['error' => 'UnAuthorised Access'], 401);
        }
    }

    /**
     * This method returns authenticated user details
     */
//    index function
    public function authenticatedUserDetails(){
        //returns details
        return response()->json(['authenticated-user' => auth()->user()], 200);
    }


}

The request as well:


<?php

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;

class RegisterUserRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            'name'=>'required|max:255|min:3',
            'email'=>'required|email',
            'password'=>'required|min:7|max:255',
            'gender'=>'required|min:4|max:6',
            'interest'=>'required|min:4|max:6',
            'Country'=>'required|max:255',
            'County'=>'required|max:255',
            'City'=>'required|max:255',
            'birthday'=>'required|date'
        ];
    }
}

and the ss of the database:

the database ss

and the routes (api.php):


<?php

use App\Http\Controllers\passportAuthController;
use App\Http\Controllers\UserController;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});


//routes/api.php

//login & register routes
Route::post('register',[passportAuthController::class,'registerUserExample']);
Route::post('login',[passportAuthController::class,'loginUserExample']);

//CRUD and search routes
Route::post('storeUser',[UserController::class,'store']);
Route::get('showAll',[UserController::class, 'index']);
Route::put('updateUser/{id}',[UserController::class,'update']);
Route::delete('delete/{id}', [UserController::class,'deleteUser']);
Route::get('search/{name}',[UserController::class,'search']);

//add this middleware to ensure that every request is authenticated
Route::middleware('auth:api')->group(function(){
    Route::get('user', [passportAuthController::class,'authenticatedUserDetails']);
});
Solution

  • Your password in users table is not encrypted. The reason is this line

    $attributes = $request->validated();
    $user = User::create($attributes);

    You have not encrypted your password and the method auth()->attempt($login_credentials) uses compares the encrypted password request with stored encrypted password in your db. You can use bcrpyt() to encrypt your password, laravel comes with bcrypt() as a helper function.

    Change to this in your registerUserExample(RegisterUserRequest $request)

    $attributes = $request->validated();
            
foreach($attributes as $key => $attribute){
    if($key == 'password') {
        $attributes[$key] = bcrypt($attribute);
    }
}

$user = User::create($attributes);