Related
i have a problem on laravel-9 project php 8.1 once i'll do auth login using ajax request i save in session and i redirect to other page once do the redirect the website back to login and all information on auth and session removed:
public function accessadmin( Request $request )
{
$username = $request->input("username");
$password = $request->input("password");
$ua_remember= $request->input("ua_remember");
$result_array = array();
if (Auth::attempt(array('u_username' => $username, 'password' => $password)))
{
$user_info = Auth::user();
// Save information in the session
$this->SaveSessionInformaiton($user_info , $ua_remember);
$result_array['is_error'] = 0;
$result_array['company_homepage'] ="/dashboard/main";
}
else
{
$result_array['is_error'] = 1;
$result_array['error_msg'] = "Invalid username/Password";
}
return Response()->json($result_array,200);
}
below is the root access :
Route::get('/','Access\LogInController#login')->name("login");
Route::group(['middleware' => ['auth']], function() {
Route::get('/dashboard/main','Dashboard\DashboardController#main');
});
and this the authentication configuration:
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that each reset token will be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
],
/*
|--------------------------------------------------------------------------
| Password Confirmation Timeout
|--------------------------------------------------------------------------
|
| Here you may define the amount of seconds before a password confirmation
| times out and the user is prompted to re-enter their password via the
| confirmation screen. By default, the timeout lasts for three hours.
|
*/
'password_timeout' => 10800,
];
can you please advice
So I am trying to authenticate an unusual login model, Teachers, which uses Employee ID and Password as the login parameters. The database is also not the regular Users but Teachers. I am getting the following error.
**
Argument 1 passed to Illuminate\Auth\EloquentUserProvider::validateCredentials() must be an instance of Illuminate\Contracts\Auth\Authenticatable, instance of App\Teacher given, called in C:\xampp\htdocs\schoolcms\vendor\laravel\framework\src\Illuminate\Auth\SessionGuard.php on line 385
**
This is my Teacher model
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
class Teacher extends Model
{
//
}
This is my TeacherController part where the login attempt is being made
<?php
namespace App\Http\Controllers;
use App\Teacher;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class TeacherController extends Controller
{
public function login()
{
$teachers = Teacher::all();
return view('index', [ 'layout'=>'login']);
}
/**
* authenticate login credentials.
*/
public function authenticate(Request $request)
{
$userCredentials = $request->only('EmployeeID', 'Password');
// check user using auth function
if (Auth::attempt($userCredentials)) {
return view('student', [ 'layout'=>'index']);
}
else {
return view('index', [ 'layout'=>'master']);
}
/*return view('student', ['students'=>$teachers, 'layout'=>'register']);*/
}
}
This is my config/auth.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'teachers',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
/*A guard key has an array for it’s value and that array has two key-value pairs. First driver and second is provider.*/
'web' => [
'driver' => 'session',
'provider' => 'teachers',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
/*Providers are used to define how our users will be retrieved and how the user data with be stored after authentication.
/We are using eloquent so we will define the model that will be used for authentication.
*/
'teachers' => [
'driver' => 'eloquent',
'model' => App\Teacher::class,
],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'teachers' => [
'provider' => 'teachers',
'table' => 'password_resets',
'expire' => 60,
'throttle' => 60,
],
],
/*
|--------------------------------------------------------------------------
| Password Confirmation Timeout
|--------------------------------------------------------------------------
|
| Here you may define the amount of seconds before a password confirmation
| times out and the user is prompted to re-enter their password via the
| confirmation screen. By default, the timeout lasts for three hours.
|
*/
'password_timeout' => 10800,
];
The approach could be easier by customizing in the Controller.
public function authenticate(Request $request)
{
$userCredentials = $request->only('EmployeeID', 'Password');
// check user using auth function
if ($teachers=Teacher::where($userCredentials)->first()) {
auth()->login($teachers);
// redirect to the intended view
}
else {
// redirect to the view on failure to authenticate with a failure message
}
}
In my project I have users and members tables and eloquent models.
I'm going to use jwt authentication in members table and I changed corresponding config files, but still it goes to User model.
Here is config/auth.php :
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'members',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'members' => [
'driver' => 'eloquent',
'model' => \App\Models\Member::class
]
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
],
];
And here is config/jwt.php:
return [
/*
|--------------------------------------------------------------------------
| JWT Authentication Secret
|--------------------------------------------------------------------------
|
| Don't forget to set this, as it will be used to sign your tokens.
| A helper command is provided for this: `php artisan jwt:generate`
|
*/
'secret' => env('JWT_SECRET', 'changeme'),
/*
|--------------------------------------------------------------------------
| JWT time to live
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token will be valid for.
| Defaults to 1 hour
|
*/
'ttl' => 60,
/*
|--------------------------------------------------------------------------
| Refresh time to live
|--------------------------------------------------------------------------
|
| Specify the length of time (in minutes) that the token can be refreshed
| within. I.E. The user can refresh their token within a 2 week window of
| the original token being created until they must re-authenticate.
| Defaults to 2 weeks
|
*/
'refresh_ttl' => 20160,
/*
|--------------------------------------------------------------------------
| JWT hashing algorithm
|--------------------------------------------------------------------------
|
| Specify the hashing algorithm that will be used to sign the token.
|
| See here: https://github.com/namshi/jose/tree/2.2.0/src/Namshi/JOSE/Signer
| for possible values
|
*/
'algo' => 'HS256',
/*
|--------------------------------------------------------------------------
| User Model namespace
|--------------------------------------------------------------------------
|
| Specify the full namespace to your User model.
| e.g. 'Acme\Entities\User'
|
*/
'user' => 'App\Models\Member',
/*
|--------------------------------------------------------------------------
| User identifier
|--------------------------------------------------------------------------
|
| Specify a unique property of the user that will be added as the 'sub'
| claim of the token payload.
|
*/
'identifier' => 'id',
/*
|--------------------------------------------------------------------------
| Required Claims
|--------------------------------------------------------------------------
|
| Specify the required claims that must exist in any token.
| A TokenInvalidException will be thrown if any of these claims are not
| present in the payload.
|
*/
'required_claims' => ['iss', 'iat', 'exp', 'nbf', 'sub', 'jti'],
/*
|--------------------------------------------------------------------------
| Blacklist Enabled
|--------------------------------------------------------------------------
|
| In order to invalidate tokens, you must have the blacklist enabled.
| If you do not want or need this functionality, then set this to false.
|
*/
'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', true),
/*
|--------------------------------------------------------------------------
| Providers
|--------------------------------------------------------------------------
|
| Specify the various providers used throughout the package.
|
*/
'providers' => [
/*
|--------------------------------------------------------------------------
| User Provider
|--------------------------------------------------------------------------
|
| Specify the provider that is used to find the user based
| on the subject claim
|
*/
'user' => 'Tymon\JWTAuth\Providers\User\EloquentUserAdapter',
/*
|--------------------------------------------------------------------------
| JWT Provider
|--------------------------------------------------------------------------
|
| Specify the provider that is used to create and decode the tokens.
|
*/
'jwt' => 'Tymon\JWTAuth\Providers\JWT\NamshiAdapter',
/*
|--------------------------------------------------------------------------
| Authentication Provider
|--------------------------------------------------------------------------
|
| Specify the provider that is used to authenticate users.
|
*/
'auth' => 'Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter',
/*
|--------------------------------------------------------------------------
| Storage Provider
|--------------------------------------------------------------------------
|
| Specify the provider that is used to store tokens in the blacklist
|
*/
'storage' => 'Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter',
],
];
When I try to use JWTAuth::attempt($credentials) it returns error:
SQLSTATE[42S22]: Column not found: 1054 Unknown column 'mobile' in
'where clause' (SQL: select * from users where mobile =
98123456789 limit 1)
How could I fix this?
Yes I was looking at something like this because I have a web app with 2 tables one is users another is clients
I make web log in for user and api log in for clients
the second model need to extend like this:
use Illuminate\Foundation\Auth\User as Authenticatable;
class Client extends Authenticatable
then in /config/auth.php
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'session',
'provider' => 'clients',
]
],
I changed the provider for api But you can add any guards you want then create a provider:
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class,
],
]
And finally in the function you get the credential cause the guard you need
auth()->shouldUse('api');
$credentials = $request->only('email','password');
I am using Laravel 5.6 with spatie/laravel-permission version 2.9 also using Laravel Passport as auth driver with $guard = 'api'.
When I am trying to assign an array of permission like ['edit_project', 'add_project' 'delete_project'] to a role with help of this function
public function assignPermissions($role, $permissions)
{
$role = Role::findByName($role);
$role->givePermissionTo($permissions);
return $role;
}
but getting the error There is no permission namededit_projectfor guardapi`.
Also I have at config/auth.php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'table' => 'password_resets',
'expire' => 60,
],
],
];
if there is any solution please help me with it thanks.
as well I am seeding the permission table by help of Larvel seeder which my permission table looks at the first time like below which the guard_name is web.
but manually I am changing the guard_name field to "api" which my permission table became like this.
After creating permissions, running the following commands should work as it worked for me.
php artisan cache:forget spatie.permission.cache
then
php artisan cache:clear
Note: In Ubuntu you may need to run these commands as sudo...
Clear your cache php artisan cache:clear
if this does not work use sudo php artisan cache:clear it worked for me once i use sudo
The package uses the default guard unless instructed otherwise. The way to instruct it otherwise is to add the following to the Role class public $guard_name = 'api';. Of course adding that to the class in the vendor directory is a bad idea so you'd want to extend it and specify the guard like this
use Spatie\Permission\Models\Role as OriginalRole;
class Role extends OriginalRole
{
public $guard_name = 'api';
}
Then if you haven't done so already, generate the config file with php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider" --tag="config"
Lastly you'll want to register your Role in config/permissions.php by changing 'role' => Spatie\Permission\Models\Role::class, to 'role' => \App\Models\Role::class, (of course this will vary based on where your Role class is)
Also the example from your question mentions add_project but the database shows create_project so make sure you're using the same names everywhere.
Move the web and api places from
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
],
To
'guards' => [
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
'web' => [
'driver' => 'session',
'provider' => 'users',
],
]
run php artisan cache:clear
It might be a permissions issue. run below command.
sudo php artisan permission:cache-reset
In your user model add protected $guard_name = 'api'; This will override the default guard which is web.
You need to specify the guard when creating a role or permission failure of which spatie will take on the first guard that appears in the config/auth in this case "web"
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
You need to approach as follows:
// Create a manager role for users authenticating with the api guard:
$role = Role::create(['guard_name' => 'api', 'name' => 'manager']);
// Define a `edit_project` permission for the admin users belonging to the api guard
$permission = Permission::create(['guard_name' => 'api', 'name' => 'edit_project']);
If you want to do this from your code you can clear the cache straight from your code.
\DB::table('permissions')->insert([['name' => 'create Stuff', 'guard_name' => 'web']]);
\Artisan::call('cache:clear');
$role = Role::findByName('admin');
$role->givePermissionTo('create Stuff');
Empty the role and permission tables in the database and then fill in the tables again. I had this error and I fixed it this way
I've been wondering how could i make two login forms in laravel 5 for a while... The reason of this is because i have a multi-site project, i've got the admin site, and the public site in one project.
I've grouped the routes so the admin routes answer to a domain and public routes answer to another domain like this:
Route::group(array( 'domain' => 'restaurant.com', 'namespace' => 'Public' ), function () {
//some routes
});
Route::group(array( 'domain' => 'restaurant.net', 'namespace' => 'Admin' ), function () {
//some routes
});
I've also created custom routes for authentication in each group of routes like this (this ones are for Public):
Route::controllers([
'auth' => 'Auth\AuthController',
'password' => 'Auth\PasswordController',
]);
Route::get( '/register' , [
'as' => 'publicRegister' ,
'uses' => 'Auth\AuthController#getRegister'
] );
Route::post( '/registrar' , [
'as' => 'publicPostRegister' ,
'uses' => 'Auth\AuthController#postRegister'
] );
Route::get( '/login' , [
'as' => 'publicLogin' ,
'uses' => 'Auth\AuthController#getLogin'
] );
Route::post( '/login' , [
'as' => 'publicPostLogin' ,
'uses' => 'Auth\AuthController#postLogin'
] );
Route::get( '/logout' , [
'as' => 'publicLogout' ,
'uses' => 'Auth\AuthController#getLogout'
] );
I've also created the Auth folder with it's controllers ('AuthController', 'PasswordController') in each parent folder, my controllers are like this:
app
|---Http
|---Controllers
|----------Public
| |---Auth
| | |---AuthController
| | |---PasswordController
| |--- ...
|
|----------Admin
|---Auth
| |---AuthController
| |---PasswordController
|--- ...
And so for the views i've got separate Auth views like this:
resources
|---views
|----------Public
| |---Auth
| | |---login.blade.php
| | |---password.blade.php
| | |---register.blade.php
| | |---reset.blade.php
| |--- ...
|
|----------Admin
|---Auth
| |---login.blade.php
| |---password.blade.php
| |---register.blade.php
| |---reset.blade.php
|--- ...
In my models the users table has a type column that will filter users from Public or Admin site.
The main question here is: How could i make two login forms for my project?
What i would like is that Public Users couldn't log into the Admin site and viceversa.
What i've tried so far is override the AuthenticatesAndRegistersUsers functions like getLogin, getRegister and also variables like $loginPath, $redirectTo but when calling publicPostLogin(checkout routes) in the login form of Public that has as action {{ route('publicPostLogin') }} it just don't works...
Do you hear about Multiauth in laravel. in this library there are two or more type user can login in one laravel application.
In our case there are two type user Admin and Public that means User right.And you identified user by insert usertype that totally wrong my dear.
You have to use this library.just follow that link step to install library.And assign two different table like in our case in restaurant.com there is user type is Public that means there is simple user that uses User table.
On another hand for admin in our case there is restaurant.net.This login form use admin table to login.
Both forgot password and reset password functionality works separately in one application.
'multi' => [ 'admin' => [ 'driver' => 'database', 'table' => 'admin', 'email' => 'client.emails.password' ], 'users' => [ 'driver' => 'database', 'table' => 'users', 'email' => 'client.emails.password', ] ],