I want to have a link in an email that send to the user, the link is the url of the site and has an api token for the user to authenticate with.
however I am trying to send an api request to get the user details so I can authenticate the user and redirect them to the relavent page, however doing this I end up with a request the spins endlessly.
what could be the issue and if there are any other solutions please let me know.
the link/request looks like this
http://localhost:8005/api/token?_token=<API TOKEN>
The controller that handles the request
<?php
namespace App\Http\Controllers;
use Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\URL;
use Illuminate\Support\Facades\Http;
class PassportController extends Controller
{
function getToken(Request $request)
{
// return $request->_token;
return $user = Http::withToken($request->_token)->get('http://localhost:8005/api/user');
Auth::login($user);
return redirect('/dashboard');
}
}
Also when I send the request it gets stuck and I have to restart my php artisan serve again to make more requests, and every time i do so, It opens up on a new port, 8001,8002,8003 etc
You can make a call back to the app itself like this:
$tokenRequest = Request::create('/api/user', 'GET', ['name' => 'value']);
$tokenResult = app()->handle($tokenRequest);
Update the variables to match your implementations.
Related
I'm attempting to create a login endpoint so that I can use it without a blade.php file. While working with Unreal engine I cant use a actual web page so wanting to create a Login endpoint that will send back custom json. The below is what I have set up. When i use postman or Python requests I get a page response of Not Found or page expired. How can I get this to return the test or failed?
api.php
Route::post('/unreal-login', 'App\Http\Controllers\UnrealLoginController#authenticate');
UnrealLoginController.php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class UnrealLoginController extends Controller{
public function authenticate(Request $request){
// Retrive Input
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
// if success login
return "test";
//return redirect()->intended('/details');
}
// if failed login
return "failed";
}
}
I've implemented in my web app a part where user can't make a download of a resource (rapport) if he/she is not authenticated. The route in the web.php file looks like this:
//DOWNLOAD RAPPORT
Route::get('telecharger/{id}', 'downloadRapport#download')->middleware('auth');
And in the controller:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Rapport;
use Illuminate\Support\Facades\Storage;
class downloadRapport extends Controller
{
public function __construct(){
$this->middleware('auth');
}
public function download($id){
$rapport = Rapport::findOrFail($id);
return response()->download(storage_path('app/'.$rapport->path) , $rapport->fichierRapport);
}
}
I thought it works perfect until I found out something lately.
In order to download a rapport, a user must be authenticated as the logic suggests it. This means that once he is not anymore logged in, he has to re-enter his credentials to download the rapport.
BUT, what I've found out is that when the user once entered his credentials to download a rapport of a particular id, even if he logs out, he can download that particular rapport. For the other rapports, he has to log in first. And so on. May it have something with sessions (just a supposition..)? But why on this route in particular when auth middleware works fine on the others? Any of your help is welcome
I am using laravel 5.4 as backend for my application and for front-end I am using angular. I am using laravel auth for authentication.
Issue is Auth::attempt() is working fine and if immediately I print the Auth::user() then it prints the data but it returns false if I try to fetch it in next method. But this functionality is working fine in hosted server.
Tested,
Changing session from file to database.
Changes in kernel.php (Content of $middleware).
Did php artisan make:auth one more time.
Did changes in user table column.
Adding private $primarykey = 'id' to model.
Adding 'web' middleware to all routes.
This is my Controller
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Input;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\User;
public function login()
{
if (Auth::attempt(['email' => $email, 'password' => $password ]))
{
$response = array('response' =>'Succssfully Login!' , 'success' => true);
return $response;
}
}
This is where i am using Auth::check() in the same controller
public function check()
{
if(Auth::check())
$response = array('response' =>'Authenticated' , 'success'=>true);
else
$response = array('response' =>'UnAuthenticated' , 'success'=>false);
return $response;
}
I am confused because same code is working fine in hosted server but not working on localhost. Do I need to do any http related changes in laravel for this?
In case your Angular application is outside laravel, and loading without using blade template to load your Angular app's entry point i.e. Angular's index.html then what happens is Laravel is not able to set session for the app, hence when you request for the next time your laravel is not able to recognise the session so it gives false when you call Auth::check().
To achieve authentication on external (i.e Angular app on your case) you should use either Laravel Passport's password client or JWT based authentication using https://github.com/tymondesigns/jwt-auth <- this package. (Instructions on the package's readme file)
For angular and web based app I would prefer to go with JWT.
I was trying to implement a webhook in laravel.
I have created access token and created webhook endpoint also.
my webhook end point is like,https://www.example.com/gocardless.php
and my route is like,
Route::get('/gocardless.php',
'\App\Http\Controllers\gocardlessController#remote')->name('remote');
Controller code like,
class gocardlessController extends Controller
{
public function remote(Request $request)
{
$token ="token";
$raw_payload = file_get_contents('php://input');
$headers = getallheaders();
$provided_signature = $headers["Webhook-Signature"];
$calculated_signature = hash_hmac("sha256",$raw_payload,$token);
if ($provided_signature == $calculated_signature) {
$payload = json_decode($raw_payload, true);
}
}
}
But when i clik on send test webhook in gocardless account,they are given "405 no method found" as responce.
How i can solve this?
The HTTP 405 error you're seeing indicates that your Laravel application doesn't know how to handle the method of the incoming request.
GoCardless webhooks use the POST method to send you a request with a JSON body, but the route you've written is for handling a GET request (Route::get). To resolve this, you should define a route for POST requests to the endpoint which will receive webhooks.
A few remarks and fixes
Remark
Why do you include the "ugly" .php extension in your route, there is no need for that
Fix
Change your route (in web.php) to
Route::get('gocardless', 'gocardlessController#remote');
Remark
I also see you start your controller name with lowercase, this is not common practise
Fix
Don't forget to add these lines in your controller at the top
namespace App\Http\Controllers; // declare right namespace
use Illuminate\Http\Request; // Hint which Request class to use below
For the body: that you really have to write yourself and return the data as json for example
Laravel Passport has a very complex system for my app cause I think for this simple app it's very complex to have OAuth client's Id, Secret & ...
So I create a UserController myself to solve this complexity with these codes:
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
use App\User;
use Response;
class UserController extends Controller
{
//
public function __construct(){
$this->content = array();
}
public function login(){
if(Auth::attempt(['email' => request('email'), 'password' => request('password')])){
$user = Auth::user();
$this->content['token'] = $user->createToken('URL APP')->accessToken;
$status = 200;
}
else{
$this->content['error'] = "Unauthorised";
$status = 401;
}
return response()->json($this->content, $status);
}
}
but problem is every time user sign in get new tokens & old tokens won't expire & User with old tokens can send valid request (Its should be invalid I think).
Is there any way to config passport to users has one token or I should do it myself?
Yes its a problem with jwt tokens. But you can overcome this problem by making your own methods or by using some other libraries. "jwt-auth" is also a library for token and this also got the blacklist method you can use to blacklist a token.
or you can make a middleware in your routes and cache the token in redis or memcached database and save it against user_id and match it everytime with requests.