Consider the following test:
public function it_should_not_let_you_access_the_company_end_point_when_not_logged_in() {
$response = $this->call('GET', 'api/v1/company/');
$this->assertEquals('302', $response->getStatusCode());
}
This should be an ajax call and the result should be 401 for unauthorized.
My middle ware states:
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class Authenticate {
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest())
{
if ($request->ajax())
{
return response('Unauthorized.', 401);
}
return redirect()->guest('auth/login');
}
return $next($request);
}
}
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire