IsVerified can't protect api routes

[osaris]

Hello,

I can't reject API call if user isn't verified by adding the middleware ìsVerified to my api routes because this line

laravel-user-verification/src/Middleware/IsVerified.php

Line 25 in c798f80

if( ! $request->user()->verified){

fails ($request->user() is null in this case)

Regards

[jrean]

Hi @osaris
https://github.com/jrean/laravel-user-verification/releases/tag/v3.0.18

Is that fixing your issue?

[osaris]

Looking at your commit here 2cdf8fe i think it won't fix my issue because there won't be error anymore but no check is done anymore in the case of an API call ?

[jrean]

So I don't understand your question neither your request. What do you suggest? Please share your thoughts + code sample

…

On Jan 16, 2017, at 2:11 AM, Raphaël Emourgeon ***@***.***> wrote: Looking at your commit here 2cdf8fe i think it won't fix my issue because there won't be error anymore but no check is done anymore in the case of an API call ? — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[osaris]

Sorry I have no code sample but the problem is that API guard doesn't set $request->user. Your patch doesn't provide an alternative to check if the current $user is verified, it simply doesn't do the check if $user is null.

I wasn't able to find a good code to do check for both web/api guard (and custom user guard ?) user. But the problem is mentionned here for example : laravel/framework#11782 (comment)

[jrean]

Sorry I don't understand what is your issue then.
Feel free to provide more details or code sample :-)