/** * Check user credentials and generate a token. * * @param Request $request The request. * * @return \Laravel\Lumen\Http\ResponseFactory|\Symfony\Component\HttpFoundation\Response */ public function authorizeUser(Request $request) { if (!isset($request->server->all()['HTTP_AUTHORIZATION'])) { return response('Unauthorized: You must send authorization', 401); } $authorizationHash = explode(' ', $request->server->all()['HTTP_AUTHORIZATION']); if ($authorizationHash[0] != 'Basic') { return response('Unauthorized: You must send authorization correctly', 401); } $authorization = base64_decode($authorizationHash[1]); $authorization = explode(':', $authorization); if (count($authorization) != 2) { return response('Unauthorized: You must send authorization correctly', 401); } $user = $authorization[0]; $psswd = $authorization[1]; if ($user == null || $psswd == null) { return response('Unauthorized: You must send authorization', 401); } $dbUser = User::where('username', '=', $user)->where('password', '=', base64_encode($psswd))->first(); if (!isset($dbUser)) { return response('Unauthorized: User not exist', 401); } if ($dbUser->enabled != true) { return response('Unauthorized: User inactive', 401); } $token = Token::createToken($dbUser); if ($token) { return response()->json(['api_token' => $token]); } return response('Unauthorized: User or password are wrong', 401); }
public function setUp() { parent::setUp(); static::$userData = ['username' => 'test', 'password' => base64_encode('123'), 'language_id' => 1, 'country_id' => 1]; $user = \App\User::withTrashed()->where('username', '=', 'test')->first(); if (!$user) { $user = factory(\App\User::class)->create(static::$userData); } if ($user->trashed()) { $user->restore(); } static::$idUser = $user->id; static::$headers = array('Content-Type' => 'application/json', 'Authorization' => 'Bearer ' . Token::createToken($user)); $this->taskData['user_id'] = $user->id; }
/** * This method checks if the logged user has a role that allows to get the request. * * @param Request $request The request. * * @return bool True if the user is allowed. False otherwise. */ public function isUserAllowed(Request $request) { // Get token $token = Token::getTokenFromRequest($request); if (!$token) { return false; } // Get user in cache $serializeUser = Cache::get($token); $user = unserialize($serializeUser); // Get rol name $role = Role::find($user->role_id); $rolename = $role->name; // Get allowed roles for the request $actions = $request->route(); $allowedRoles = $actions[1]; // check if (in_array($rolename, $allowedRoles['roles'])) { return true; } return false; }