attempt() never returns null, but returns blank booleans
casey977 opened this issue · comments
Subject of the issue
When I use auth() with attempt(), I'm always getting an HTTP OK (200) as a result with the following code. In spite of invalid credentials, and even a truncated table, attempt() never returns null, but a blank boolean, that is, blank/nothing when I do Log::debug($token), and "boolean" when I do Log::debug(gettype($token)). I use PostgreSQL.
Your environment
Q | A |
---|---|
Bug? | yes |
New Feature? | no |
Framework | Laravel |
Framework version | 10 |
Package version | 10.44.0 |
PHP version | 8.2.7 |
Steps to reproduce
I'm just making a basic system, with the given code. I'm still new to Laravel, but I think this is a bug.
Expected behaviour
I'm expecting attempt() to return null when checking credentials fail.
Actual behaviour
I get a blank boolean which in the provided code leads to HTTP 200.
controller:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Hash;
use Tymon\JWTAuth\Facades\JWTAuth;
use App\Models\Member;
class Login extends Controller {
public function login() {
try {
$creds = request(['email', 'password']);
$token = auth()->guard('member')->attempt($creds);
if (is_null($token)) {
return response()->json(['error' => 'Invalid credentials'], 401);
} else {
return response()->json(['token' => $token], 200);
}
} catch (Exception $error) {
Log::error('Error logging in!');
return response()->json(['error' => 'Error logging in!'], 500);
}
}
}
auth.php
<?php
return [
'defaults' => [
'guard' => 'web',
'passwords' => 'members',
],
'guards' => [
'web' => [
'driver' => 'jwt',
'provider' => 'members',
],
'api' => [
'driver' => 'jwt',
'provider' => 'members',
],
'member' => [
'driver' => 'jwt',
'provider' => 'members',
],
],
'providers' => [
'members' => [
'driver' => 'eloquent',
'model' => App\Models\Member::class,
],
],
'passwords' => [
'members' => [
'provider' => 'members',
'table' => 'password_reset_tokens',
'expire' => 60,
'throttle' => 60,
],
],
'password_timeout' => 10800,
];
I think the guard should be 'api'