Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login once, logged in everywhere. 在一处登录后,所有设备均显示已登录。 #109

Closed
moycat opened this issue Dec 6, 2018 · 35 comments
Labels
bug Something isn't working

Comments

@moycat
Copy link

moycat commented Dec 6, 2018

  1. Tell us your software version

    Software Version
    PHP 7.2.12
    Swoole 4.2.10-alpha
    Laravel/Lumen 5.7.*
  2. Detail description about this issue(error/log)

    使用 Laravel 内置的用户系统时,只要在一处登录,在其他任何地方访问均显示我已登录,清空 Cookies 也无效。

    我已经按照 这里为什么注释掉了. 我打开注释登录用户才算正常? 有坑吗? #99 使用 jwt 时,auth 获取当前登录用户有问题。 #50 中的描述设置了 config/laravels.php 中的「register_providers」,但是并没有用。按照前一个 issue 提出者所说将 cleanRequest 函数里那两行取消注释,还是这样。

    这个 bug 并不稳定,不能 100% 复现。但它的确存在,用一个从未访问过此网站的手机打开也可能触发。

    我觉得就是那两个 issue 中的相关问题,但我想知道如何修复。

    When I use the built-in user system of Laravel, if I login once, the site shows I am logged in everywhere, even after I cleaned my cookies.

    I have set the "register_providers" in config/laravels.php to the following as mentioned in 这里为什么注释掉了. 我打开注释登录用户才算正常? 有坑吗? #99 and 使用 jwt 时,auth 获取当前登录用户有问题。 #50, but it did no good. Neither did uncommenting the two lines in the cleanRequest function.

    This bug isn't consistent, but it does exists. I have ever used a phone that never visited the site to browse it, and it said I was logged in.

    I think the bug is related to the two issues above. I want to know how to fix it.

    config/laravels.php:

return [
    //......
    'register_providers'       => [
        '\App\Providers\AuthServiceProvider',
        '\Illuminate\Auth\AuthServiceProvider',
        '\Illuminate\Auth\Passwords\PasswordResetServiceProvider',
    ],
    //......
];

image

请求头中没有 cookies,但还是显示已登录。

No cookies passed to server. Still shows logged in.

  1. Give us a reproducible code block and steps

    创建一个最简单的应用:

    1. laravel new test,进入目录,用 composer 安装 laravel-s。
    2. php artisan laravels publish,修改 config/laravels.php
    3. 使用 SQLite 数据库(只是简单起见,用 PostgreSQL 也一样),php artisan migrate
    4. 打开 http://127.0.0.1:5200 注册并登录。
    5. 清除 Cookies / 关闭浏览器,再打开这个站点,依然显示已登录。

    Just create a most simplified application (also the steps to have this bug):

    1. laravel new test and cd into it, install laravel-s via composer.
    2. php artisan laravels publish and modify the config/laravels.php file.
    3. php artisan make:auth to enable the user system.
    4. Change the database to SQLite (just to simplify. using PostgreSQL doesn't help), and php artisan migrate.
    5. Open http://127.0.0.1:5200, register a user, login.
    6. Clean the cookies / close the browser / change the device, re-open the site. It shows you are still online.
@hhxsv5 hhxsv5 added the bug Something isn't working label Dec 7, 2018
@hhxsv5
Copy link
Owner

hhxsv5 commented Dec 7, 2018

这是已知问题,guards被缓存在单例中了。下个版本会修复。

@ibrunotome
Copy link

Hi @hhxsv5, do you have an estimated date to release?

@hhxsv5
Copy link
Owner

hhxsv5 commented Dec 27, 2018

@ibrunotome It has not been solved yet, a bit troublesome.

@ibrunotome
Copy link

@hhxsv5 in swooletw/laravel-swoole I was able to solve reseting the providers:

        Illuminate\Auth\AuthServiceProvider::class,
        Tymon\JWTAuth\Providers\LaravelServiceProvider::class,
        Illuminate\Pagination\PaginationServiceProvider::class,

But I can't replicate in your package.

@hhxsv5
Copy link
Owner

hhxsv5 commented Dec 27, 2018

@ibrunotome The solution is much the same

Try the following methods:

  • Re-register providers
# config/laravels.php
'register_providers'       => [
    App\Providers\AuthServiceProvider::class,
    //...
],
Event::listen('laravels.received_request', function (\Illuminate\Http\Request $req, $app) {
     Facade::clearResolvedInstance('auth');
 });

@ibrunotome
Copy link

@hhxsv5 I tried this yesterday reading some other issues, no success too. Do you have plans to implement the go() method like this guy https://github.com/scil/LaravelFly too?

@hhxsv5
Copy link
Owner

hhxsv5 commented Dec 27, 2018

@ibrunotome In the next few days, I will delve into this issue and try to give a solution.

  • About coroutine, there are a large number of singletons and static properties in Laravel, they are unsafe in coroutine, so I want LaravelS to run in synchronous mode, not in coroutine mode.
  • At the same time, smf will come out, a minimalist coroutine micro-framework.

@jianhuawang
Copy link

jianhuawang commented Jan 11, 2019

Both setps must be done will solve this problem.

Step1: Re-register providers : config/laravels.php
'register_providers' => [
Illuminate\Auth\AuthServiceProvider::class,
Illuminate\Broadcasting\BroadcastServiceProvider::class,
Illuminate\Bus\BusServiceProvider::class,
Illuminate\Cache\CacheServiceProvider::class,
Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
Illuminate\Cookie\CookieServiceProvider::class,
Illuminate\Database\DatabaseServiceProvider::class,
Illuminate\Encryption\EncryptionServiceProvider::class,
Illuminate\Filesystem\FilesystemServiceProvider::class,
Illuminate\Foundation\Providers\FoundationServiceProvider::class,
Illuminate\Hashing\HashServiceProvider::class,
Illuminate\Mail\MailServiceProvider::class,
Illuminate\Notifications\NotificationServiceProvider::class,
Illuminate\Pagination\PaginationServiceProvider::class,
Illuminate\Pipeline\PipelineServiceProvider::class,
Illuminate\Queue\QueueServiceProvider::class,
Illuminate\Redis\RedisServiceProvider::class,
Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
Illuminate\Session\SessionServiceProvider::class,
Illuminate\Translation\TranslationServiceProvider::class,
Illuminate\Validation\ValidationServiceProvider::class,
Illuminate\View\ViewServiceProvider::class,
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\RouteServiceProvider::class,
],

Setp2: Clear facade in event (App\Providers\EventServiceProvider::class)
use Illuminate\Support\Facades\Facade;

Event::listen('laravels.received_request', function (\Illuminate\Http\Request $req, $app) {
Facade::clearResolvedInstance('auth');
});

try reregist almost all providers.

@star-xiong
Copy link

问题还是存在啊!

@jianhuawang
Copy link

问题还是存在啊!

刚开始的时候是可以的。过一段时间以后就有问题了,试试把所有providers都加近去吧。我正在测试

@star-xiong
Copy link

把所有providers都加进去,也不行。

@greenhat616
Copy link

=,= 所以修复版本会在何时发布呢? 可以说这个 bug 将导致无法生产, 不是应该列入紧急修复列表么。 试问guard缓存的管理员权限被普通用户所使用, 就很可能可以窃取到管理员的信息(比如apiToken, 再比如邮箱, 订单管理, 甚至是金额调用)

@Yoruchiaki
Copy link

还是解决不了

@flymorn
Copy link

flymorn commented Jan 24, 2019

解决方法:
第一步:config/laravels.php

'register_providers' => [
        // 重载auth相关服务
        \Illuminate\Auth\AuthServiceProvider::class,
        \App\Providers\AuthServiceProvider::class,
        /*\Tymon\JWTAuth\Providers\LaravelServiceProvider::class,*/
    ]

第二步,建立全局中间件 EveryRequest.php

public function handle($request, Closure $next)
    {
        // swoole请求进来的时候删掉缓存
        if (PHP_SAPI == 'cli') {
            \Illuminate\Support\Facades\Facade::clearResolvedInstance('auth');// swoole下解决auth单例问题
        }

        return $next($request);
    }

以上2步缺一不可

@pingcheng
Copy link

@ibrunotome The solution is much the same

Try the following methods:

  • Re-register providers
# config/laravels.php
'register_providers'       => [
    App\Providers\AuthServiceProvider::class,
    //...
],
Event::listen('laravels.received_request', function (\Illuminate\Http\Request $req, $app) {
     Facade::clearResolvedInstance('auth');
 });

| PHP | 7.2.15 |
| Swoole | 4.2.10-beta |
| LaravelS | 3.3.9 |
| Laravel Framework [local] | 5.7.19 |

问题还是存在

@jianhuawang
Copy link

@pingcheng
试试这个配置,try like following:
'register_providers' => [
Illuminate\Auth\AuthServiceProvider::class,
Illuminate\Broadcasting\BroadcastServiceProvider::class,
Illuminate\Bus\BusServiceProvider::class,
Illuminate\Cache\CacheServiceProvider::class,
Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
Illuminate\Cookie\CookieServiceProvider::class,
Illuminate\Database\DatabaseServiceProvider::class,
Illuminate\Encryption\EncryptionServiceProvider::class,
Illuminate\Filesystem\FilesystemServiceProvider::class,
Illuminate\Foundation\Providers\FoundationServiceProvider::class,
Illuminate\Hashing\HashServiceProvider::class,
Illuminate\Mail\MailServiceProvider::class,
Illuminate\Notifications\NotificationServiceProvider::class,
Illuminate\Pagination\PaginationServiceProvider::class,
Illuminate\Pipeline\PipelineServiceProvider::class,
Illuminate\Queue\QueueServiceProvider::class,
Illuminate\Redis\RedisServiceProvider::class,
Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
Illuminate\Session\SessionServiceProvider::class,
Illuminate\Translation\TranslationServiceProvider::class,
Illuminate\Validation\ValidationServiceProvider::class,
Illuminate\View\ViewServiceProvider::class,
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\RouteServiceProvider::class,
],

@pingcheng
Copy link

@pingcheng
试试这个配置,try like following:
'register_providers' => [
Illuminate\Auth\AuthServiceProvider::class,
Illuminate\Broadcasting\BroadcastServiceProvider::class,
Illuminate\Bus\BusServiceProvider::class,
Illuminate\Cache\CacheServiceProvider::class,
Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
Illuminate\Cookie\CookieServiceProvider::class,
Illuminate\Database\DatabaseServiceProvider::class,
Illuminate\Encryption\EncryptionServiceProvider::class,
Illuminate\Filesystem\FilesystemServiceProvider::class,
Illuminate\Foundation\Providers\FoundationServiceProvider::class,
Illuminate\Hashing\HashServiceProvider::class,
Illuminate\Mail\MailServiceProvider::class,
Illuminate\Notifications\NotificationServiceProvider::class,
Illuminate\Pagination\PaginationServiceProvider::class,
Illuminate\Pipeline\PipelineServiceProvider::class,
Illuminate\Queue\QueueServiceProvider::class,
Illuminate\Redis\RedisServiceProvider::class,
Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
Illuminate\Session\SessionServiceProvider::class,
Illuminate\Translation\TranslationServiceProvider::class,
Illuminate\Validation\ValidationServiceProvider::class,
Illuminate\View\ViewServiceProvider::class,
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\RouteServiceProvider::class,
],

好的 谢谢,我先尝试一下,感觉这样需要reset的类有点多

@fishtrees
Copy link

It's work for me:

+----------------------+---------+
| Component            | Version |
+----------------------+---------+
| PHP                  | 7.1.11  |
| Swoole               | 4.2.13  |
| LaravelS             | 3.3.9   |
| Laravel Framework [] | 5.5.44  |
+----------------------+---------+
class ClearUserForSwoole
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (Auth::check()) {
            $guard = app(\Illuminate\Auth\AuthManager::class)->guard('api');
            $guardRef = new \ReflectionObject($guard);
            $userRef = $guardRef->getProperty('user');
            $userRef->setAccessible(true);
            $userRef->setValue($guard, null);
        }
        return $next($request);
    }
}

@ibrunotome
Copy link

No one of the suggestions above have worked for me :/
Still using swooletw/laravel-swoole until this

@u5de6
Copy link

u5de6 commented Mar 3, 2019

@hhxsv5 3.3.10版本解决这个bug没有 目前有没有好的方案处理 感谢了
| PHP | 7.3.1 |
| Swoole | 4.2.9 |
| LaravelS | 3.3.9 |
| Laravel Framework [local] | 5.5.44 |

@ibrunotome
Copy link

@u5de6 using which settings in config/laravels.php?

@hhxsv5
Copy link
Owner

hhxsv5 commented Mar 4, 2019

Sorry, I am busy at work now, and will start to check this issue in my free time at night.

@LaoZhangRen
Copy link

加油鸭!!!!快点解决

@hhxsv5
Copy link
Owner

hhxsv5 commented Mar 10, 2019

@ALL After a week of debugging, I have passed the test locally for the Laravel/Lumen 5.1-5.8 user authorization. Please try the Master branch code(composer require hhxsv5/laravel-s:dev-master -vvv), if there is no problem, I will release v3.4.0, thanks for your support.

@hhxsv5
Copy link
Owner

hhxsv5 commented Mar 10, 2019

And you need to republish configuration php artisan laravels publish.

@hhxsv5
Copy link
Owner

hhxsv5 commented Mar 10, 2019

@ibrunotome
Copy link

@hhxsv5 Tested, I'm getting logged out using tymon jwt

@hhxsv5
Copy link
Owner

hhxsv5 commented Mar 11, 2019

@ibrunotome Please tell me the specific version of laravel & jwt.

@hhxsv5
Copy link
Owner

hhxsv5 commented Mar 11, 2019

@ibrunotome Added JWTCleaner in config/laravels.php, see Settings.md.

'cleaners'  => [
        Hhxsv5\LaravelS\Illuminate\Cleaners\SessionCleaner::class,
        Hhxsv5\LaravelS\Illuminate\Cleaners\AuthCleaner::class,
        Hhxsv5\LaravelS\Illuminate\Cleaners\JWTCleaner::class,  
        // ...
],

@ibrunotome
Copy link

@hhxsv5 Confirmed, it's working now :) Nice job!

@hhxsv5
Copy link
Owner

hhxsv5 commented Mar 11, 2019

Thank you. @ibrunotome

@hhxsv5
Copy link
Owner

hhxsv5 commented Mar 11, 2019

v3.4.0

@lisgroup
Copy link

Good job!

@justcy
Copy link

justcy commented Sep 17, 2021

+--------------------------+-----------------------------------------+
| Component | Version |
+--------------------------+-----------------------------------------+
| PHP | 7.2.23 |
| Swoole | 4.6.5-dev |
| LaravelS | 3.7.21 |
| Laravel Framework [prod] | Lumen (7.2.2) (Laravel Components ^7.0) |
+--------------------------+-----------------------------------------+

Auth::User串号,auth清理不成功,最后我将AuthCleaner修改了就好了

求大神解释下

<?php

namespace Hhxsv5\LaravelS\Illuminate\Cleaners;


use Illuminate\Container\Container;
use Illuminate\Support\Facades\Facade;

class AuthCleaner extends BaseCleaner
{
    private $guards;

    public function __construct(Container $currentApp, Container $snapshotApp)
    {
………………
    }

    public function clean()
    {
      …………
        $this->currentApp->forgetInstance('auth');
        Facade::clearResolvedInstance('auth');
    }
}

@seth-shi
Copy link

seth-shi commented Jan 5, 2022

Do not add \App\Providers\AppServiceProvider::class to register_providers as this will cause memory leaks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests