Разве промежуточное программное обеспечение [auth:sanctum] не должно отклонять запросы, которые имеют только веб-аутенти ⇐ Php

[Гость]

I have a test that is failing unexpectedly, and I'm wondering if there's something obvious I'm missing. Basically, I want to test an API endpoint returns the appropriate responses depending on common case scenarios (unauthenticated user, forbidden actions, invalid data, valid data, etc).

I am using sanctum and (to me), it does not make sense for this api endpoint to work with other forms of authentication. However, this test is failing.

PostControllerTest

public function test_should_return_401() { $user = User::factory()->create(); $response = $this->actingAs($user, 'web')->postJson(route('posts.store'), []); $response->assertStatus(401); } I have checked the route is using the auth:sanctum middleware.

routes/api.php

Route::middleware(['auth:sanctum'])->group(function () { Route::apiResource('posts'); }); And there does not seem to be anything out of the ordinary in the default middleware...

Middleware/Kernel

protected $middlewareGroups = [ 'api' => [ \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, 'throttle:api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ], ]; ...or the service provider.

RouteServiceProvider

public function boot() { $this->configureRateLimiting(); $this->routes(function () { Route::middleware('api') ->prefix('api') ->group(base_path('routes/api.php')); }); } Am I missing something or is this expected behavior?


Источник: https://stackoverflow.com/questions/781 ... -web-authe