Im trying to get client IP through controller named LoginController but the error still there.
Argument 1 passed to App\Http\Controllers\Auth\LoginController::authenticated() must be an instance of App\Http\Controllers\Auth\Request, instance of Illuminate\Http\Request given
I've follow this SO question but still get the same error.
LoginController.php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Http\Controllers\Auth\Request;
class LoginController extends Controller
{
/**
* The user has been authenticated.
*
* #param App\Http\Controllers\Auth\Request $request
* #param mixed $user
*
* #return mixed
*/
protected function authenticated(Request $request, $user)
{
$user->update([
'last_login_at' => Carbon::now()->toDateTimeString(),
'last_login_ip' => $request->getClientIp()
]);
if($user->isAdmin === 1) {
return redirect()->intended('admin');
}
}
}
EDITED
So, I just found out about AuthenticatesUsers.php which is a trait(?) and found this code. Should I edit this code or not?
/**
* The user has been authenticated.
*
* #param \Illuminate\Http\Request $request
* #param mixed $user
* #return mixed
*/
protected function authenticated(Request $request, $user)
{
//
}
Change your use statement:
use Illuminate\Http\Request;
// Instead of
use App\Http\Controllers\Auth\Request;
You're overriding this method from the AuthenticatesUsers trait, which receives a Illuminate\Http\Request, not a App\Http\Controllers\Auth\Request
Related
I am doing a project in Laravel.
I have a database with posts and users. These posts can be modified and edited by the user who created it and the admin.
To do this I created a new field for users, there is an admin and two editor.
After limiting the access with the middleware, only the admin and editor can access the posts.
$this->middleware('auth',['only' => ['create', 'store', 'edit', 'update', 'destroy']]);
$this->middleware(['auth', 'roles:admin'],['only' => ['edit', 'update', 'destroy']]);
The problem is that now only the admin can access the edit and delete post functions. Publishers are redirected to the home page.
Is there a way to put an if that bypasses the middleware redirect or something similar?
I'd use a policy to simplify things, and remove the middleware.
Create Policy
php artisan make:policy PostPolicy --model=Post
Resulting in this file
<?php
namespace App\Policies;
use App\Post;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class PostPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* #param \App\User $user
* #return mixed
*/
public function viewAny(User $user)
{
//
}
/**
* Determine whether the user can view the model.
*
* #param \App\User $user
* #param \App\Post $post
* #return mixed
*/
public function view(User $user, Post $post)
{
//
}
/**
* Determine whether the user can create models.
*
* #param \App\User $user
* #return mixed
*/
public function create(User $user)
{
//
}
/**
* Determine whether the user can update the model.
*
* #param \App\User $user
* #param \App\Post $post
* #return mixed
*/
public function update(User $user, Post $post)
{
//
}
/**
* Determine whether the user can delete the model.
*
* #param \App\User $user
* #param \App\Post $post
* #return mixed
*/
public function delete(User $user, Post $post)
{
//
}
/**
* Determine whether the user can restore the model.
*
* #param \App\User $user
* #param \App\Post $post
* #return mixed
*/
public function restore(User $user, Post $post)
{
//
}
/**
* Determine whether the user can permanently delete the model.
*
* #param \App\User $user
* #param \App\Post $post
* #return mixed
*/
public function forceDelete(User $user, Post $post)
{
//
}
}
Modify the rules for each action, so for example we need to specify that only the admin or the post owner can update a post, so
public function update(User $user, Post $post)
{
if ($user->role === 'admin') {
return true;
}
return $post->user_id === $user->id;
}
And then register the policy
https://laravel.com/docs/8.x/authorization#registering-policies
<?php
namespace App\Providers;
use App\Models\Post;
use App\Policies\PostPolicy;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* #var array
*/
protected $policies = [
Post::class => PostPolicy::class,
];
/**
* Register any application authentication / authorization services.
*
* #return void
*/
public function boot()
{
$this->registerPolicies();
//
}
}
And finally authorize your controller, add this line to the constructor
public function __construct()
{
$this->authorizeResource(Post::class, 'post');
}
Note that the 2nd parameter in the function call is the name of the route parameter, post is going to be your route parameter if you created the a resourceful controller
If you are not using a resourceful controller, or want to authorize actions manually, then you can use without adding the above line in the constructor
https://laravel.com/docs/8.x/authorization#via-controller-helpers
public function update(Request $request, Post $post)
{
$this->authorize('update', $post);
// The current user can update the blog post...
}
the first parameter is the name of the policy method, and the 2nd paramter is the post object
Apologize, I'm latin and my english is not good.
I'm using the auth middlewate in UserController.php file but does not work, when I try to access user/profile_picture and user/bio routes from no logged in user Laravel throws an The GET method is not supported for this route. Supported methods: POST. exception.
web.php:
Route::get("/", function(){
return view('welcome');
});
Route::get('home', 'HomeController#index')->name('home');
Route::get("admin/users/seller_register", "Auth\RegisterController#showSellerRegistrationForm")
->name("users.seller_register_form");
Route::post("admin/users/seller_register", "Auth\RegisterController#sellerRegister")
->name("users.seller_register");
Route::get("admin/users/modal_delete_form", "AdministratorController#modalDeleteForm");
Route::get("admin/users/modal_update_form", "AdministratorController#modalUpdateForm");
Route::get("admin/users/crud_content", "AdministratorController#crudContent");
Route::resource('admin/users', 'AdministratorController');
Route::get("user/profile/{e_mail}", "UserController#profile")->name("user.profile");
Route::post("user/profile_picture", "UserController#profilePicture")->name("user.profilePicture");
Route::post("user/bio", "UserController#bio")->name("user.bio");
Auth::routes(["verify" => true]);
UserController.php:
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Storage;
use Illuminate\Http\Request;
use App\User;
class UserController extends Controller{
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct(){
$this->middleware("auth");
}
/**
* Display the user profile.
*
* #param String $e_mail
* #return \Illuminate\Http\Response
*/
public function profile($e_mail){
$user = User::where("e_mail", "=", $e_mail)->first();
return(view("user.profile")->with(["user" => $user]));
}
/**
* Store the user profile picture.
*
* #param \Illuminate\Http\Request
* #return \Illuminate\Http\Response
*/
public function profilePicture(Request $request){
$user = User::where("e_mail", $request->e_mail)->first();
if($request){
if($request->hasFile("profilePicture")){
if($user->profile_picture === "public/defaultUserPhoto.jpg"){
$path = Storage::putFile('public', $request->file('profilePicture'));
}else{
Storage::delete($user->profile_picture);
$path = Storage::putFile("public", $request->file('profilePicture'));
}
$user->update(["profile_picture" => $path]);
}
}
return(redirect()->route("user.profile", ["e_mail" => $user->e_mail]));
}
/**
* Update user biography and occupation.
*
* #param \Illuminate\Http\Request
*/
public function bio(Request $request){
$user = User::where("e_mail", $request->e_mail)->first();
if($request){
$user->update([
"occupation" => $request->occupation,
"biography" => $request->biography
]);
}
return(redirect()->route("user.profile", ["e_mail" => $user->e_mail]));
}
}
Try this use get method
Route::get("user/profile_picture","UserController#profilePicture")->name("user.profilePicture");
Route::get("user/bio", "UserController#bio")->name("user.bio");
Just change these routes
Route::post("user/profile_picture", "UserController#profilePicture")->name("user.profilePicture");
Route::post("user/bio", "UserController#bio")->name("user.bio");
to...
Route::get("user/profile_picture", "UserController#profilePicture")->name("user.profilePicture");
Route::get("user/bio", "UserController#bio")->name("user.bio");
done.
I setup my classes so I can use Laravel Authorization and use the Policies feature. But I keep getting this error (Class App\Policies\StatusPolicy does not exist) when defining the middleware to my methods. This is what I have:
AuthServiceProvider.php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* #var array
*/
protected $policies = [
'App\Status' => 'App\Policies\StatusPolicy',
];
/**
* Register any authentication / authorization services.
*
* #return void
*/
public function boot()
{
$this->registerPolicies();
//
}
}
StatusController.php
namespace App\Http\Controllers;
use App\Status;
use Illuminate\Http\Request;
class StatusController extends Controller
{
public function __construct()
{
$this->middleware('can:list,App\Status')->only('index');
$this->middleware('can:update,status')->only('edit');
}
// ...
StatusPolicy.php (generated by php artisan make:policy StatusPolicy --model=Status
namespace Policies;
use App\User;
use App\Status;
use Illuminate\Auth\Access\HandlesAuthorization;
class StatusPolicy
{
use HandlesAuthorization;
/**
* Verifica se o usuário tem permissão para listar os status.
*
* #param \App\User $user
* #return bool
*/
public function list(User $user)
{
return true;
}
/**
* Determine whether the user can view the status.
*
* #param \App\User $user
* #param \App\Status $status
* #return mixed
*/
public function view(User $user, Status $status)
{
//
}
/**
* Determine whether the user can create statuses.
*
* #param \App\User $user
* #return mixed
*/
public function create(User $user)
{
//
}
/**
* Determine whether the user can update the status.
*
* #param \App\User $user
* #param \App\Status $status
* #return mixed
*/
public function update(User $user, Status $status)
{
return true;
}
/**
* Determine whether the user can delete the status.
*
* #param \App\User $user
* #param \App\Status $status
* #return mixed
*/
public function delete(User $user, Status $status)
{
//
}
}
I found the problem.
For some reason, the command php artisan make:policy created a file with a wrong namespace. The fix was to change the namespace in the StatusPolicy.php file:
From namespace Policies;
To namespace App\Policies;
change the namespace in your StatusPolicy class to App\Policies;
I using Laravel 5.4 and I am trying to write a policy for my index view. I am trying to use a Method Without a Model, I am receiving the following error:
HttpException in Handler.php line 133:
This action is unauthorized.
Here is my Controller:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\County;
use Session;
use App\Http\Controllers\Controller;
class CountyController extends Controller
{
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('auth');
}
/**
* Display a listing of the resource.
*
* #return \Illuminate\Http\Response
*/
public function index()
{
$counties = County::orderBy('id', 'desc')->paginate(5);
$this->authorize('index');
return view('county.index', array(
'counties' => $counties
));
}
Here is my AuthServicePovider:
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use App\Role;
use App\County;
use App\Policies\CountyPolicy;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* #var array
*/
protected $policies = [
County::class => CountyPolicy::class,
];
/**
* Register any authentication / authorization services.
*
* #return void
*/
public function boot()
{
$this->registerPolicies();
Gate::define('is-Admin', function ($user) {
if($user->roles()->where('name','Admin')->first()){
return true;
}
return false;
});
}
}
Here is my Policy:
<?php
namespace App\Policies;
use App\User;
use App\Role;
use App\County;
use Illuminate\Auth\Access\HandlesAuthorization;
class CountyPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view the county.
*
* #param \App\User $user
* #param \App\County $county
* #return mixed
*/
public function index(User $user)
{
$userRoles = $user->getRoleNames();
$acceptedRoles = ['Sudo','Admin'];
$testArr = array_intersect($acceptedRoles, $userRoles);
dd($testArr);
if(!empty($testArr)){
return true;
}
return false;
//
}
/**
* Determine whether the user can view the county.
*
* #param \App\User $user
* #param \App\County $county
* #return mixed
*/
public function view(User $user, County $county)
{
$userRoles = $user->getRoleNames();
$acceptedRoles = ['Sudo','Admin','Client'];
$testArr = array_intersect($acceptedRoles, $userRoles);
if(!empty($testArr)){
return true;
}
return false;
//
}
/**
* Determine whether the user can create counties.
*
* #param \App\User $user
* #return mixed
*/
public function create(User $user)
{
//
}
/**
* Determine whether the user can update the county.
*
* #param \App\User $user
* #param \App\County $county
* #return mixed
*/
public function update(User $user, County $county)
{
//
}
/**
* Determine whether the user can delete the county.
*
* #param \App\User $user
* #param \App\County $county
* #return mixed
*/
public function delete(User $user, County $county)
{
//
}
}
I never get to dd($testArr) in the index policy. Also the view policy is working perfectly.
How do I write a policy for my index view?
keeping everything the same but changing:
$this->authorize('index');
to
$this->authorize('index', County::class);
fixed the problem. Apparently the model class needs to be passed on actions that don't require a model. This is only described under the middleware section of Laravel's docs, not the controller helpers... A little confusing.
I've been following the Laravel Authorization docs trying to build "is the user allowed to do this" functionality by using Policies, but I can't get it to work. I keep getting This action is unauthorized and I've tried with route middleware too.
PagePolicy.php:
namespace App\Policies;
use App\Models\User;
use App\Models\Page;
use Illuminate\Auth\Access\HandlesAuthorization;
class PagePolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view the page.
*
* #param App\Models\User $user
* #param App\Models\Page $page
* #return mixed
*/
public function view(User $user, Page $page)
{
return $user->id === $page->user_id;
}
/**
* Determine whether the user can create pages.
*
* #param App\Models\User $user
* #return mixed
*/
public function create(User $user)
{
}
/**
* Determine whether the user can update the page.
*
* #param App\Models\User $user
* #param App\Models\Page $page
* #return mixed
*/
public function update(User $user, Page $page)
{
//
}
/**
* Determine whether the user can delete the page.
*
* #param App\Models\User $user
* #param App\Models\Page $page
* #return mixed
*/
public function delete(User $user, Page $page)
{
//
}
}
PageController.php:
namespace App\Http\Controllers;
use Auth;
use Carbon\Carbon;
use App\Models\Page;
use App\Http\Requests\PageRequest;
class PageController extends ApiController
{
public function createNewPage(PageRequest $request)
{
$this->authorize('create', Page::class);
$request->merge([
'user_id' => Auth::id(),
'published_at' => Carbon::now(),
]);
if (Page::create($request->all())) {
return response()->json('success', 201);
}
return response()->json('error', 500);
}
}
AuthServiceProvidor.php:
namespace App\Providers;
use App\Models\Page;
use App\Policies\PagePolicy;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* #var array
*/
protected $policies = [
Page::class => PagePolicy::class,
];
/**
* Register any authentication / authorization services.
*
* #return void
*/
public function boot()
{
$this->registerPolicies();
//
}
}
I managed to figure it out. I wasn't using Route Model Binding. So I added authorize() after the page call and used the $page variable instead of Page::class.
public function update(PageUpdateRequest $request, $pageSlug)
{
$page = Page::where(['user_id' => Auth::id(), 'slug' => $pageSlug])->first();
$this->authorize('update', $page);
$page->update($request->all());
return fractal()->item($page, new PageTransformer())->toArray();
}
It's not totally clear to me which action you're attempting to authorize since you've provided the call to create in the controller but only provided a policy check in place for viewing a page. Having said that, I would be sure to var_dump/dd the values you're attempting to do a type comparison of to verify they're of the same type. If anything's been explicitly cast, it may cause issues with certain database drivers that return integers as strings.
I think the problem is not in your policies, rather in your PageRequest class. Make sure the authorize() method in your App\Http\Requests\PageRequest class returns true .
class PageRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* #return bool
*/
public function authorize()
{
return true; // you can also check the authorization using PagePolicy here
}
}
Current code:
protected $policies = [
Task::class => TaskPolicy::class,
];
Solution code:
protected $policies = [
'App\Task' => 'App\Policies\TaskPolicy',
];
I experienced the same problem, while following the Intermediate Task List Tutorial on the Laravel website.
The solution is actually present in the Github code for this tutorial.