我正在使用具有标准内置身份验证支持的Laravel 4框架。在本地环境中一切正常(MAMP,OSx),但是在我的生产服务器上(带有Ubuntu,Apache,Php 5.5.9的数字海洋标准映像)身份验证过滤器失败并允许未经身份验证的访问。
路线.php:
Route::group(['before'=>'auth'], function(){
Route::get('admin', array('uses' => 'AdminController@home'));
Route::get('admin/dashboard', function(){
return Redirect::to('admin');
});
Route::post('payment/ok', array('uses' => 'PaymentController@ok'));
Route::post('payment/fail', array('uses' => 'PaymentController@fail'));
Route::get('admin/makeDMS/{id}', array('uses' => 'PaymentController@makeDMStransaction'));
Route::get('admin/products', array('uses' => 'AdminController@products'));
Route::get('admin/product/{id}', array('uses' => 'AdminController@product'));
Route::get('admin/orders', array('uses' => 'AdminController@orders'));
Route::get('admin/order/{id}', array('uses' => 'AdminController@order'));
Route::post('admin/setOrderStatus', array('uses' => 'AdminController@setOrderStatus'));
Route::post('admin/updateProduct', array('uses' => 'AdminController@updateProduct'));
Route::get('admin/transactions', array('uses' => 'AdminController@transactions'));
});
过滤器.php:
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
});
Route::filter('auth.basic', function()
{
return Auth::basic();
});
Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});
我尝试使用 Route::group 和控制器构造函数保护所需的路由,但输出是相同的:使用良好凭据登录有效,使用不良凭据的用户无法登录,但应该受到保护的路由组可供未经身份验证的用户使用。
我发现快速 CGI 模式下的 php 会产生这样的行为,但这是我sudo apachectl -M输出:
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php5_module (shared)
rewrite_module (shared)
setenvif_module (shared)
status_module (shared)
好的,我找到了解决方案。与往常一样,RTM...
我的环境被设置为"测试",这是为单元测试保留的,手册很好地说:
注意:在测试环境中时,路由过滤器处于禁用状态。自 启用它们,将 Route::enableFilters() 添加到您的测试中。
我将环境变量更改为"生产",现在一切正常。