PostMan Unauthorized 401

Question

I'm having an issue when trying to register a new user in my Laravel application that uses Passport for API authentication. Here's the scenario and the error I'm facing:

Scenario: I'm developing a RESTful API with Laravel and using Passport for user authentication. I'm trying to create an endpoint to register new users through a POST request to /api/register.

Error: When I attempt to register a new user by sending the appropriate JSON data via Postman, I receive the following error:

json Copy code { "name":"paco", "email": "[email protected]", "password": "password123" } { "error": "Unauthorized2" } Relevant Code: I've configured my PassportAuthMiddleware middleware to protect the API routes, but I'm puzzled as to why I'm receiving this error even on the registration route that shouldn't be protected.

Questions:

What could be causing this "Unauthorized2" error when trying to register a new user? What steps should I take to resolve this issue and allow registration requests to pass without errors?

Postman Middleware

Im trying to use withoutMiddleware, but still doesnt work api.php (Routes)

AuthController.php :

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Models\User;
use Illuminate\Support\Facades\Validator;
use Laravel\Sanctum\HasApiTokens;
use App\Enums\Roles;

class AuthController extends Controller
{
    /**
     * Registro de un nuevo usuario.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function register(Request $request)
    {
        $validator = Validator::make($request->all(), [
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|max:255|unique:users',
            'password' => 'required|string|min:8',
        ]);

        if ($validator->fails()) {
            return response()->json(['error' => $validator->errors()], 400);
        }

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => bcrypt($request->password),
            'role' => Roles::USER, // Asignamos el rol de usuario por defecto al registrar
        ]);

        $token = $user->createToken('auth_token')->plainTextToken;

        return response()->json(['token' => $token], 201);
    }

    /**
     * Login de usuario existente.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function login(Request $request)
    {
        $credentials = $request->only('email', 'password');
        
        if (Auth::attempt($credentials)) {
            $user = $request->user();
            $token = $user->createToken('auth_token')->plainTextToken;

            // Verificar el rol del usuario y redirigir según el rol
            if ($user->role === Roles::ADMIN) {
                return response()->json(['token' => $token, 'role' => Roles::ADMIN], 200);
            } elseif ($user->role === Roles::USER) {
                return response()->json(['token' => $token, 'role' => Roles::USER], 200);
            }

            // En caso de que el rol no esté definido o no coincida con los roles permitidos
            return response()->json(['error' => 'Unauthorized'], 401);
        }

        return response()->json(['error' => 'Unauthorized'], 401);
    }
}

I can't even access the register or login routes, which shouldn't be protected by any middleware.

I have even opened a GitHub repository so that the error can be seen if necessary. I have been trying to solve it for several days and I am not able to. I have discussed the problem with my teacher, and we haven't been able to solve it together... I don't know what else to do; it's my final project for the boot camp :') I would love to be able to solve it and move on to testing. https://github.com/LemonRH/TestSprint5

I have tried many different things, but none of them work. I have tried to do some var dumps, but it doesn't even get to that point. I'm starting to think it must be a stupid error that I'm not able to see. I have tried to review most of my project-related files with ChatGPT, and I can't figure out what the problem is.

Answer 1

I have Checked your GitHub repository and found some passport configuration issues in your code, then I update your code in 3 files like below snippets:

First Change in api.php

    use App\Http\Controllers\AuthController;
    use App\Http\Middleware\PassportAuthMiddleware;
    
    // Rutas de autenticación
    Route::post('/login', [AuthController::class, 'login'])->withoutMiddleware(PassportAuthMiddleware::class);
    Route::post('/register', [AuthController::class, 'register'])->withoutMiddleware(PassportAuthMiddleware::class);

Second Change in App\Http\Controllers\AuthController's register function :

    public function register(Request $request)
    {
        $validator = Validator::make($request->all(), [
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|max:255|unique:users',
            'password' => 'required|string|min:8',
        ]);

        if ($validator->fails()) {
            return response()->json(['error' => $validator->errors()], 400);
        }

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => bcrypt($request->password),
            'role' => Roles::USER, // Asignamos el rol de usuario por defecto al registrar
        ]);
        $credentials = $request->only(['email', 'password']);
        if(Auth::attempt($credentials)) {
            $token = $user->createToken('Token Name')->accessToken;
        }

        return response()->json(['token' => $token], 201);
    }

And last App\Models\User :

Remove

use Laravel\Sanctum\HasApiTokens; // Importa el trait HasApiTokens

and Add

use Laravel\Passport\HasApiTokens;

This is the trait for Laravel passport which create access token.

After these changes, your registration and generation accessToken completely working fine.

Note: if you will face Personal access client not found error while creating accessToken run this command to fix php artisan passport:install

For more details you can check document : https://laravel.com/docs/10.x/passport

Thank you!

Answer 2

Change use Laravel\Sanctum\HasApiTokens; to use Laravel\Passport\HasApiTokens; in User.php

then comment this \App\Http\Middleware\PassportAuthMiddleware::class in app\Http\Kernel.php