L5 - Call to a member function toUser() on boolean about jwt-auth HOT 8 CLOSED

@shah-newaz I'm not sure if this is related to your issue, but I had a problem with the fact that laravel encrypts cookies. I have made a middleware that checks the token, and this middleware is (apparently) called before the EncryptCookies middleware has a chance to be called. Therefore instead of something like:

JWTAuth::setToken($request->cookie('token'));

It was necessary instead to write:

JWTAuth::setToken(Crypt::decrypt($request->cookie('token')));

Again, this might not be 100% relevant for your issue, but perhaps some else experienced the same as me :)

from jwt-auth.

Hi @k4kuz0 !
Was exactly my issue :) I found it out thankfully and solved by adding the token to the $except array of Laravels EncryptCookies middleware (App\Http\Middleware\EncryptCookies.php)

namespace App\Http\Middleware;

use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter;

class EncryptCookies extends BaseEncrypter
{
    /**
     * The names of the cookies that should not be encrypted.
     *
     * @var array
     */
    protected $except = [
        'token'
    ];
}

Like so.

Cheers!

from jwt-auth.

Hi drawmyattention,
Looks like it's caused by JWTAuth returning false when it's unable to parseToken().

You could check for token parsing success before fetching the user, ie:

if (! $auth = JWTAuth::parseToken();) {
    throw Exception('JWTAuth unable to parse token from request');
}
$user = $auth->toUser();

from jwt-auth.

You were right, it wasn't able to parse the token from a POST parameter. I had to set the token in a header (my mistake).

However, now when I send a request with an Authorisation bearer {token} header, the parseToken() method no longer kicks out an error, but the toUser() method results in

'Wrong number of segments'

I'm generating the token using:

$user = User::find(1);
$token = JWTAuth::fromUser($user);
dd($token); 

Then copying the token generated:

eyJhbGXXXXXXXXXXIkpXUyJ9.eyJzdWIiOjEsImlzcyI6Imh0dHA6XC9cL2w1LmFwcFwvaG9tZSIsImlhdCI6IjE0MjM0NzMyNzciLCJleHAiOiIxNDIzNXXXXXXXXX3MjI2YWFjY2RmIn0.NTI3ZWUyMzUzMWUzMzY2ZTViNDk3ZjBjNTEyYjVjZmI3MXXXXXXXXXXXOWNjNzg0Mw

to use in the auth header.

I've added a bit of debugging to my code to try to quickly see what's going on, and it looks like the validateStructure() method is called twice. The first time, a token is present but the second time an empty token is being passed, which is causing the Exception to be thrown.

from jwt-auth.

Thanks, I will have a look into this.

Note: I think I will change it so that parse token will throw an exception instead of returning false if the token cannot be extracted from the request.

from jwt-auth.

Hi! Any news on this?
When I'm doing a authentication and sending token as response to JS app, it works fine.
The JS app sets the cookie and sends it with header.

However, when I set it from Laravel using Laravel cookie helper, it gives me 'Wrong number of segments'

This is what fails currently

        $token = JWTAuth::fromUser($user);
        $expire = 60 * 60 * 24 * 90;
        $cookieJar->queue(cookie('token', $token, $expire, null, null, null, false));
        return redirect('app');

I can verify the token is being generated correctly and the JS app is returning the cookie generated by laravel.

As you can see, I set the http only flag as false too. Tried without that as well.

Any ideas?
Thank you so much for the excellent library
@tymondesigns

from jwt-auth.

@shah-newaz Glad you found a solution! However note that if you use the solution I mentioned, you can keep the token encrypted, perhaps unnecessary, but extra security is always nice!

from jwt-auth.

@k4kuz0 Hmm, I think you're decrypting the token by Crypt::decrypt($request->cookie('token')
The token is already encrypted. Laravel was double encrypting it. Which was the issue. I can be wrong.

Thanks again!

from jwt-auth.