Route without token protection asking for token

Asked

Viewed 370 times

-1

I am trying to register a new user who is not on the route protected by middleware token jwt, but am getting the Return.

{
    "error": "The token could not be parsed from the request"
}

Follows Routes/api.php file

Route::group(['middleware' => 'jwt.auth'], function(){
    Route::resource('tipoDespesa', 'TipoDespesaController');
    Route::resource('mudarTexto', 'MudarTextoController');

    // Usuario
    // Route::get('user', 'PessoaController@show');
    // Route::put('user', 'PessoaController@update');
    // Route::delete('user', 'PessoaController@destroy');

    Route::resource('conta', 'ContaController');
    Route::resource('categoria-despesa', 'CategoriaDespesaController');
    Route::put('conta/ativar/{id}', 'ContaController@ativar');
    Route::get('auth/me', 'AuthController@me');
});

Route::post('auth/login', 'AuthController@login');
Route::post('auth/logout', 'AuthController@logout');
Route::post('auth/refresh', 'AuthController@refresh');
Route::post('new/user', 'PessoaController@store');

Postman

inserir a descrição da imagem aqui

Personal Controller@store inserir a descrição da imagem aqui

  • Do not put image, put the complete code of this controller

  • Never do $usuario->all() when you’re still filtering, do $usuario->where('','')->get() or $usuario->where('','')->count(), for the filter to be written to SQL and run back from the database only what you need

  • @Virgilionovic Thanks for the tip.

1 answer

0

Herick,

I saw that the route you’re calling on the Postman is

Route::post('new/user', 'Personal Controller@store');

And as it uses the POST method Laravel by definition requires a token to avoid Cross Site Request Forgery, see in the documentation of the link below that within an HTML form we use {{ csrf_field() }} to create a field "Hidden" with this token generated automatically by PHP (Server side).

Documentation: https://laravel.com/docs/5.7/csrf#csrf-Introduction

The error that is appearing to you has no reference with JWT but with the verb POST, you can switch to GET and pass all the data through the URL but this is not a good idea. The principle is that if you are going to create a new user you must already be logged in or already be in the application, if you want to do through an API to consume a service you will have to authenticate first

I hope it wasn’t too confusing, but read the documentation or give me a call and we’ll help you.

Abc

Browser other questions tagged

You are not signed in. Login or sign up in order to post.