i have two type of api authentication way and i want if my first way fails check santcum laravel auth .
i make midlleware class and but i dont know how to check santcum in that
<?php
namespace App\Http\Middleware;
class UserApiAuthenticated
{
/**
* User authenticator container
* #var UserAuthenticatorServiceInterface
*/
protected UserAuthenticatorServiceInterface $user_authenticator_service;
public function __construct(UserAuthenticatorServiceInterface$user_authenticator_service)
{
$this->user_authenticator_service = $user_authenticator_service;
}
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure(\Illuminate\Http\Request):
(\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* #return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
if ($this->user_authenticator_service->isUserAuthenticated($request)) {
return $next($request);
} elseif () {
}
I would do something like that :
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* #param string|null ...$guards
*
* #return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next, ...$guards)
{
$guards = empty($guards) ? [null] : $guards;
foreach ($guards as $guard)
{
if (Auth::guard($guard)->check())
{
return $next($request);
}
}
abort(403, 'Unauthenticated')
}
it checks all the guards one by one,
when you use the middleware you set the guards :
->middleware('mymiddleware:web,sanctum')
or with a route group :
Route::group(['middleware' => ['mymiddleware:web,sanctum',
if you have routes in common, you could use both guards at the same time, and for routes that are specific to one authentication method, you can set the correct guard you need
but in the end i would check the auth middleware from laravel, i'm sure it does what you need (Illuminate\Auth\Middleware\Authenticate)
Related
I am trying to use the password.confirm middleware in some of my routes which I need to be secured. I want a user should confirm his password when he generate a specific post request.
Also, password.confirm middleware is added $routeMiddleware property in the app/Http/Kernel.php file.
This is what my route looks like in web.php.
Route::post('fetchResult', [ReportController::class, 'fetchResult'])->name('fetchComplaintResult')->middleware('password.confirm');
But it is not working. When I generate post request it directly hit to controller fetchResult method as usual.
My controller function:
public function fetchResult(Request $request)
{
Model::create([
'id' => $request->id,
'action' => $request->action,
'comments' => $request->comment
]);
// Other Action
}
Am I missing something ??
If you want to get prompted to confirm your password every time you should write your route like this:
Route::post('fetchResult', [ReportController::class, 'fetchResult'])
->name('fetchComplaintResult')
->middleware('password.confirm:password.confirm,1');
Why?
The password.confirm middleware maps to the Illuminate\Auth\Middleware\RequirePassword class. This is its code.
use Closure;
use Illuminate\Contracts\Routing\ResponseFactory;
use Illuminate\Contracts\Routing\UrlGenerator;
class RequirePassword
{
/**
* The response factory instance.
*
* #var \Illuminate\Contracts\Routing\ResponseFactory
*/
protected $responseFactory;
/**
* The URL generator instance.
*
* #var \Illuminate\Contracts\Routing\UrlGenerator
*/
protected $urlGenerator;
/**
* The password timeout.
*
* #var int
*/
protected $passwordTimeout;
/**
* Create a new middleware instance.
*
* #param \Illuminate\Contracts\Routing\ResponseFactory $responseFactory
* #param \Illuminate\Contracts\Routing\UrlGenerator $urlGenerator
* #param int|null $passwordTimeout
* #return void
*/
public function __construct(ResponseFactory $responseFactory, UrlGenerator $urlGenerator, $passwordTimeout = null)
{
$this->responseFactory = $responseFactory;
$this->urlGenerator = $urlGenerator;
$this->passwordTimeout = $passwordTimeout ?: 10800;
}
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null $redirectToRoute
* #param int|null $passwordTimeoutSeconds
* #return mixed
*/
public function handle($request, Closure $next, $redirectToRoute = null, $passwordTimeoutSeconds = null)
{
if ($this->shouldConfirmPassword($request, $passwordTimeoutSeconds)) {
if ($request->expectsJson()) {
return $this->responseFactory->json([
'message' => 'Password confirmation required.',
], 423);
}
return $this->responseFactory->redirectGuest(
$this->urlGenerator->route($redirectToRoute ?? 'password.confirm')
);
}
return $next($request);
}
/**
* Determine if the confirmation timeout has expired.
*
* #param \Illuminate\Http\Request $request
* #param int|null $passwordTimeoutSeconds
* #return bool
*/
protected function shouldConfirmPassword($request, $passwordTimeoutSeconds = null)
{
$confirmedAt = time() - $request->session()->get('auth.password_confirmed_at', 0);
return $confirmedAt > ($passwordTimeoutSeconds ?? $this->passwordTimeout);
}
}
The important parts to note are the handle method's signature:
public function handle($request, Closure $next, $redirectToRoute = null, $passwordTimeoutSeconds = null)
Here, $redirectToRoute and $passwordTimeoutSeconds are arguments we can set in the route file.
$redirectToRoute is used like this in the handle method:
$this->urlGenerator->route($redirectToRoute ?? 'password.confirm')
$passwordTimeoutSeconds is used here in the shouldConfirmPassword method.
return $confirmedAt > ($passwordTimeoutSeconds ?? $this->passwordTimeout);
Since it's set to null, the value $confirmedAt is compared to is $this->passwordTimeout, which is set in the constructor to 10800. (10800 seconds = 180 minutes = 3 hours).
So in summary we need to set the $passwordTimeoutSeconds parameter. Since it's the second parameter, we also need to set the $redirectToRoute parameter.
https://laravel.com/docs/9.x/middleware#middleware-parameters
what is the difference between Request and LoginRequest in laravel in these examples:
1- LoginRequest example:
/**
* Handle an incoming authentication request.
*
* #param \App\Http\Requests\Auth\LoginRequest $request
* #return \Illuminate\Http\RedirectResponse
*/
public function store(LoginRequest $request)
{
$request->authenticate();
$request->session()->regenerate();
return redirect()->intended(RouteServiceProvider::HOME);
}
2- Request example:
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null ...$guards
* #return mixed
*/
public function handle(Request $request, Closure $next, ...$guards)
{
throw new Exception($request);
$guards=empty($guards)? [null] : $guards ;
foreach ($guards as $guard) {
if (Auth::guard($guard)->check()) {
return redirect(RouteServiceProvider::HOME);
}
}
return $next($request);
}
I am using laravel 8.
I think my question is clear.
When you use Request, you cannot limit your form request. But if you use Custom Form Request, you can make it flexible like what you want, you can validate, authorize, make rules, and custom error message, like LoginRequest
You can make custom request with this command
php artisan make:request LoginRequest
Or you can read on documentation
https://laravel.com/docs/8.x/validation#form-request-validation
I'm trying to make an e-commerce admin/user authentication I use laravel 8 went register a test account and logged in and this error occured.
Error
Class 'Laravel\Fortify\Actions\Auth' not found
After i logged in a test account it was supposed to result like this
https://ibb.co/Vq5LxBk
C:\Users\ACER\laravel8ecommerce\vendor\laravel\fortify\src\Actions\AttemptToAuthenticate.php:58
This was the line 58
if(Auth::user()->utype === 'ADM')
My code on AttemptToAuthenticate.php
<?php
namespace Laravel\Fortify\Actions;
use Illuminate\Auth\Events\Failed;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Validation\ValidationException;
use Laravel\Fortify\Fortify;
use Laravel\Fortify\LoginRateLimiter;
class AttemptToAuthenticate
{
/**
* The guard implementation.
*
* #var \Illuminate\Contracts\Auth\StatefulGuard
*/
protected $guard;
/**
* The login rate limiter instance.
*
* #var \Laravel\Fortify\LoginRateLimiter
*/
protected $limiter;
/**
* Create a new controller instance.
*
* #param \Illuminate\Contracts\Auth\StatefulGuard $guard
* #param \Laravel\Fortify\LoginRateLimiter $limiter
* #return void
*/
public function __construct(StatefulGuard $guard, LoginRateLimiter $limiter)
{
$this->guard = $guard;
$this->limiter = $limiter;
}
/**
* Handle the incoming request.
*
* #param \Illuminate\Http\Request $request
* #param callable $next
* #return mixed
*/
public function handle($request, $next)
{
if (Fortify::$authenticateUsingCallback) {
return $this->handleUsingCustomCallback($request, $next);
}
if ($this->guard->attempt(
$request->only(Fortify::username(), 'password'),
$request->filled('remember'))
) {
if(Auth::user()->utype === 'ADM')
{
session(['utype'=>'ADM']);
return redirect(RouteServiceProvider::HOME);
}
elseif(Auth::user()->utype === 'USR')
{
session(['utype'=>'USR']);
return redirect(RouteServiceProvider::HOME);
}
return $next($request);
}
$this->throwFailedAuthenticationException($request);
}
/**
* Attempt to authenticate using a custom callback.
*
* #param \Illuminate\Http\Request $request
* #param callable $next
* #return mixed
*/
protected function handleUsingCustomCallback($request, $next)
{
$user = call_user_func(Fortify::$authenticateUsingCallback, $request);
if (! $user) {
$this->fireFailedEvent($request);
return $this->throwFailedAuthenticationException($request);
}
$this->guard->login($user, $request->filled('remember'));
return $next($request);
}
/**
* Throw a failed authentication validation exception.
*
* #param \Illuminate\Http\Request $request
* #return void
*
* #throws \Illuminate\Validation\ValidationException
*/
protected function throwFailedAuthenticationException($request)
{
$this->limiter->increment($request);
throw ValidationException::withMessages([
Fortify::username() => [trans('auth.failed')],
]);
}
/**
* Fire the failed authentication attempt event with the given arguments.
*
* #param \Illuminate\Http\Request $request
* #return void
*/
protected function fireFailedEvent($request)
{
event(new Failed(config('fortify.guard'), null, [
Fortify::username() => $request->{Fortify::username()},
'password' => $request->password,
]));
}
My Routes (web php)
<?php
use App\Http\Livewire\CartComponent;
use App\Http\Livewire\CheckoutComponent;
use App\Http\Livewire\HomeComponent;
use App\Http\Livewire\ShopComponent;
use App\Http\Livewire\User\UserDashboardComponent;
use App\Http\Livewire\Admin\AdminDashboardComponent;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
// Route::get('/', function () {
// return view('welcome');
// });
Route::get('/',HomeComponent::class);
Route::get('/shop',ShopComponent::class);
Route::get('/cart',CartComponent::class);
Route::get('/checkout',CheckoutComponent::class);
// Route::middleware(['auth:sanctum', 'verified'])->get('/dashboard', function () {
// return view('dashboard');
// })->name('dashboard');
// For User or Customer
Route::middleware(['auth:sanctum', 'verified'])->group(function(){
Route::get('user/dashboard',UserDashboardComponent::class,)->name('user.dashboard');
});
// For Admin
Route::middleware(['auth:sanctum', 'verified','authadmin'])->group(function(){
Route::get('admin/dashboard',AdminDashboardComponent::class,)->name('admin.dashboard');
});
I would really appreciate a help i'm doing this for my project on school
use Illuminate\Support\Facades\Auth;
use App\Providers\RouteServiceProvider;
from to vendor\laravel\fortify\src\Actions\AttemptToAuthenticate
but you must remove line :
use Laravel\Fortify\Actions\RouteServiceProvider;
Because this line is duplicate for RouteServiceProvider.... but maybe just for my project
use Illuminate\Support\Facades\Auth;
use App\Providers\RouteServiceProvider;
put these two on top of
vendor\laravel\fortify\src\Actions\AttemptToAuthenticate
adding two lines on the top of AttemptToAuthenticate.php file
use Illuminate\Support\Facades\Auth;
use App\Providers\RouteServiceProvider;
For future users;
On AttemptToAuthenticate.php, right under AttemptToAuthenticate.php,
add use Auth;
it will still throw an error class '\laravel\fortify\actions\RouteServiceProvider' not found!
To solve this,
Simply add
use App\Providers\RouteServiceProvider;, to direct it to the default
RouteServiceProvider class.
add
use Illuminate\Support\Facades\Auth;
in class vendor\laravel\fortify\src\Actions\AttemptToAuthenticate
<?php
namespace Laravel\Fortify\Actions;
use Illuminate\Auth\Events\Failed;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Validation\ValidationException;
use Laravel\Fortify\Fortify;
use Laravel\Fortify\LoginRateLimiter;
use Illuminate\Support\Facades\Auth;
use App\Providers\RouteServiceProvider;
class AttemptToAuthenticate
{
/**
* The guard implementation.
*
* #var \Illuminate\Contracts\Auth\StatefulGuard
*/
protected $guard;
/**
* The login rate limiter instance.
*
* #var \Laravel\Fortify\LoginRateLimiter
*/
protected $limiter;
/**
* Create a new controller instance.
*
* #param \Illuminate\Contracts\Auth\StatefulGuard $guard
* #param \Laravel\Fortify\LoginRateLimiter $limiter
* #return void
*/
public function __construct(StatefulGuard $guard, LoginRateLimiter $limiter)
{
$this->guard = $guard;
$this->limiter = $limiter;
}
/**
* Handle the incoming request.
*
* #param \Illuminate\Http\Request $request
* #param callable $next
* #return mixed
*/
public function handle($request, $next)
{
if (Fortify::$authenticateUsingCallback) {
return $this->handleUsingCustomCallback($request, $next);
}
if ($this->guard->attempt(
$request->only(Fortify::username(), 'password'),
$request->filled('remember'))
) {
if(Auth::user()->utype === 'ADM')
{
session(['utype'=>'ADM']);
return redirect(RouteServiceProvider::HOME);
}
elseif(Auth::user()->utype === 'USR')
{
session(['utype'=>'USR']);
return redirect(RouteServiceProvider::HOME);
}
return $next($request);
}
$this->throwFailedAuthenticationException($request);
}
/**
* Attempt to authenticate using a custom callback.
*
* #param \Illuminate\Http\Request $request
* #param callable $next
* #return mixed
*/
protected function handleUsingCustomCallback($request, $next)
{
$user = call_user_func(Fortify::$authenticateUsingCallback, $request);
if (! $user) {
$this->fireFailedEvent($request);
return $this->throwFailedAuthenticationException($request);
}
$this->guard->login($user, $request->filled('remember'));
return $next($request);
}
/**
* Throw a failed authentication validation exception.
*
* #param \Illuminate\Http\Request $request
* #return void
*
* #throws \Illuminate\Validation\ValidationException
*/
protected function throwFailedAuthenticationException($request)
{
$this->limiter->increment($request);
throw ValidationException::withMessages([
Fortify::username() => [trans('auth.failed')],
]);
}
/**
* Fire the failed authentication attempt event with the given arguments.
*
* #param \Illuminate\Http\Request $request
* #return void
*/
protected function fireFailedEvent($request)
{
event(new Failed(config('fortify.guard'), null, [
Fortify::username() => $request->{Fortify::username()},
'password' => $request->password,
]));
}
}
use Illuminate\Support\Facades\Auth;
This line should be added at the top of the AttemptAuthenticate.php file.
I had the same error and i solved by adding these lines. use Illuminate\Support\Facades\Auth; use App\Providers\RouteServiceProvider;
Add this to your AttemptToAuthenticate.php file.
use Illuminate\Support\Facades\Auth;
This works fine for me.
I am stuck with getting the redirectTo() function override in my LoginController.php as shown in the Laravel docs here.
My controller contains:
/**
* URI where we redirect to after login
*
* #var string
*/
protected $redirectTo = 'player/home';
/**
* Set route redirect
*
* #return mixed
*/
protected function redirectTo()
{
dd("STOP"); <-- does not trigger
if (session()->has('game.details')) {
return route(session()->get('game.details.setup_route'));
} else {
return 'player/home';
}
}
Why would the dd never trigger and the page always redirects to player/home? Thanks
If you comment
$this->middleware("guest")
in the constructor of Auth\RegisterController or change the line about guest middleware in the Kernel.php it will be worked.
Although I did not get the method override working, I solved it by changing these lines in the login method:
if ($this->attemptLogin($request)) {
session()->put('game.details', Game::findByUUIDOrFail($uuid));
$this->redirectTo = route(session()->get('game.details.setup_route'));
return $this->sendLoginResponse($request);
}
If you have run php artisan auth
change the RedirectIfAuthenticated Middleware like so
class RedirectIfAuthenticated
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null $guard
* #return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/home');//change the redirect here
}
return $next($request);
}
}
My goal is to pass User Context like email or ID into Sentry so I can see which users broke something.
I've configured a piece of Global Middleware to add user context to my Sentry errors. Here is the class:
class AddUserToSentry
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if(Auth::user())
{
//dd(Auth::user()->email);
app('sentry')->user_context(array(
'email' => Auth::user()->email
));
}
return $next($request);
}
}
In my Handler.php I have:
/**
* Report or log an exception.
*
* This is a great spot to send exceptions to Sentry, Bugsnag, etc.
*
* #param \Exception $e
* #return void
*/
public function report(Exception $e)
{
if ($this->shouldReport($e)) {
app('sentry')->captureException($e);
}
parent::report($e);
}
What am I missing to make this work? All I get for user context is the IP address, which is not very helpful in my case.
Thank you very much,
Josh
Here is a complete example, the source is from the official Sentry documentation. To avoid having to add use Auth; you can simply use the auth() helper function.
namespace App\Http\Middleware;
use Closure;
class SentryContext
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
*
* #return mixed
*/
public function handle($request, Closure $next)
{
if (app()->bound('sentry')) {
/** #var \Raven_Client $sentry */
$sentry = app('sentry');
// Add user context
if (auth()->check()) {
$sentry->user_context(['id' => auth()->user()->id, 'email' => auth()->user()->email]);
}
// Add tags context
// $sentry->tags_context(['foo' => 'bar']);
}
return $next($request);
}
}
You need to provide access to Laravel's Auth Facade in your controller like so:
Use Auth;