I'm working on a laravel 5.7 project and I want to have my own authentication scenario.
Well, I'll give a mobile from my user and send her a one time pass to her phone and then check if she is giving me the correct code.
So, I do not use laravel authentication system at this point at all.
My Controller is something like this :
/*
* Show Login Form
*/
public function showLoginForm()
{
return view('auth.custom.login');
}
/*
* Login
*/
public function login(Request $request)
{
$mobile = $request->mobile;
$this->validate($request, [
'mobile' => 'iran_mobile|required'
]);
$check = User::where('mobile', $mobile)->first();
if( $check === null )
{
Session::flash('toasterr', 'is not registered yet');
Session::put('mobile', $mobile);
return redirect(route('register'));
}
else
{
$singleTimePass = Str::random(4);
sendSms($mobile, 'your code:' . PHP_EOL . $singleTimePass . PHP_EOL . 'Insert that bla bla');
Session::put('singleTimePass', $singleTimePass);
Session::put('mobile', $mobile);
return redirect(route('check_pass'));
}
dd($check);
}
/*
* Show Check Pass page
*/
public function showCheckPass()
{
return view('auth.custom.pass');
}
/*
* Check Pass For Login
*/
public function checkPassForLogin(Request $request)
{
$this->validate($request, [
'pass' => 'required|regex:/^[\w-]*$/'
]);
if( $request->pass == Session::get('singleTimePass'))
{
$user = User::where('mobile', Session::get('mobile'))->first();
// dd($user->id);
Auth::login($user->id);
return redirect(route('game'));
}
else
{
Session::flash('toasterr', 'pass is wrong');
return redirect(route('check_pass'));
}
}
/*
* Show Register Form
*/
public function showRegisterForm()
{
return view('auth.custom.register');
}
/*
* Register
*/
public function register(Request $request)
{
$this->validate($request, [
'name' => 'persian_alpha|required',
'family' => 'persian_alpha|required',
'username' => 'required|min:4|max:255|string',
'mobile' => 'iran_mobile|required',
]);
return $request->all();
}
Ok! Every thing seems to be good but now, I expect laravel that give me abilities like Auth::check() or Auth::user() and...
So I know that I have an error at this line: Auth::login($user->id); and I want to know how can I do something like this manually for mentioned goal.
May be it is because of my poor knowledge about laravel authentication architecture but it would be appreciate if you let me know how do that because googled this for a while and there's not direct answer to this question-or I did not searched enough-.
Based on the documentation the login method expects a User object to log you in. So you can either try
Auth::login($user);
// or
Auth::loginUsingId($user->id);
Related
In my input form, I have two fields; momentFrom & momentTo. I need to put a validation which gives error message if any of the following criteria fails.
momentFrom is greater than or equal to momentTo.
momentFrom is less than now.
My code for storing the data:
public function store(Request $request, Requisition $requisitionObj) {
$momentFrom = strtotime($request->txtTravelDate . " " . $request->txtTimeFrom);
$momentTo = strtotime($request->txtTravelDate . " " . $request->txtTimeTo);
$timeValidation = $requisitionObj->validateTiming($momentFrom, $momentTo);
if ($timeValidation['error']) {
echo 'ERROR: ' . $timeValidation['message'];
return view('requisitions.create');
} else {
/* store form data into requisition object */
$requisitionObj->travel_date = $request->txtTravelDate;
$requisitionObj->moment_from = $momentFrom;
$requisitionObj->moment_to = $momentTo;
$requisitionObj->save();
return redirect()->route('requisitions.index');
}
}
I have seen laravel custom validation rules where only one field can be validated at a time. But in my scenario I need to check both fields at a time depending on each other. How can I achieve this?
Thanks for any help in advance!
Creating new Rule Class
You can create your custom rule with the artisan command: php artisan make:rule YourRuleNamethis will create a new Rule Class file into the Rules folder.
By default the created file contains a constructor, a passes method and a message method.
Rules Logic
If you have some complicated rules where you need the request or some models, you can pass them via the constructor.
public function __construct(Request $request, User $user, ....)
{
//save them into class variables to access them later
$this->request = $request;
$this->user = $user;
}
Otherwise you can directly put your validation logic into the passes method:
public function passes($attribute, $value){
//some code
return #myCondition
}
Last you are able to specify the message if the validation fails.
public function message()
{
return 'Your message';
}
To use your rule simply add it to your rules array:
$rules = [
'my_attribute' => [new MyCustomRule(),...],
]
At last, I have solved this problem using FormRequest and AppServiceProvider. Thought this would help others who come to this place.
First I have created FormRequest validator using following artisan command.
php artisan make:request StoreRequisition
Then added primary validation rules and messages into it.
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class StoreRequisition extends FormRequest {
public function authorize() {
return true;
}
public function rules() {
$rules = [
'txtTravelDate' => 'required|date_format:Y-m-d|after_or_equal:today',
'txtTimeFrom' => 'required|date_format:H:i|travel_time_validate',
'txtTimeTo' => 'required|date_format:H:i',
];
return $rules;
}
public function messages() {
return [
'txtTravelDate.required' => 'Travel date is required!',
'txtTravelDate.date_format' => 'Invalid format for Travel Date!',
'txtTravelDate.after_or_equal' => 'Travel Date should be today or later!',
'txtTimeFrom.required' => 'Time From is required!',
'txtTimeFrom.date_format' => 'Invalid format for Time From!',
'txtTimeFrom.travel_time_validate' => 'Invalid time selected!',
'txtTimeTo.required' => 'Time To is required!',
'txtTimeTo.date_format' => 'Invalid format for Time To!',
'listFunction.required' => 'Department to be selected!',
'txtPickLoc.required' => 'Pickup Location is required!',
'txtDropLoc.required' => 'Drop Location is required!',
'listPurpose.required' => 'Travel Purpose to be selected!'
];
}
}
Then inside app\Providers\AppServiceProvider, added the extra validation logic.
public function boot() {
Validator::extend(
'travel_time_validate',
function ($attribute, $value, $parameters, $validator) {
$inputs = $validator->getData();
/* convert time to moments */
$momentFrom = strtotime($inputs['txtTravelDate'] . " " . $inputs['txtTimeFrom']);
$momentTo = strtotime($inputs['txtTravelDate'] . " " . $inputs['txtTimeTo']);
$result = true;
if ($momentFrom >= $momentTo) {
$result = false;
}
return $result;
}
);
}
My Controller:
public function store(StoreRequisition $request, Requisition $requisitionObj) {
$validatedData = $request->validated();
/* store form data into requisition object */
$requisitionObj->requester_id = Auth::user()->id;
$requisitionObj->travel_date = $request->txtTravelDate;
$requisitionObj->time_from = $request->txtTimeFrom;
$requisitionObj->time_to = $request->txtTimeTo;
$requisitionObj->purpose_id = $request->listPurpose;
/* Finally save the record into the database */
$requisitionObj->save();
return redirect()->route('requisitions.index');
}
Example how make custom rule for validation in Laravel 8.x / Lumen 8.x.
public static function rules(){
return [
'number' => [
'required', 'min:1', 'max:30', 'string', self::testNumber(),
],
];
}
public static function testNumber(){
return function($attribute, $value, $fail){
if ($value === 'foo'){
$fail('The '.$attribute.' is invalid.');
}
};
}
i have this PATCH function but i need to add some form of authorization to ensure you can only edit/update a film that is associated with the current user, can i get some help on how to add this
controller function:
public function update(string $id)
{
$this->user = Auth::user();
$this->film = film:findOrFail($id);
return $this->film->toJson();
}
I've looked at the laravel docs at the validation section and seen this example
$validatedData = $request->validate([
'title' => 'required|unque:posts|max:255',
'body' => 'required',
]);
i then added my own validation at the top of the file
protected $validation = [
'name' => 'string',
'description' => 'new description'
];
im a little lost on how i implement authorization to ensure only a current user can update a film?
What you're looking for is not a form validation, but a User Authorization (as in the comments). So you should have a look at the official documentation. In your case you should write a FilmPolicy that may look like to this (I will skip the registration part... It can be easily understood from the docs):
class FilmPolicy {
/**
* Determine if the given film can be updated by the user.
*
* #param \App\User $user
* #param \App\Post $post
* #return bool
*/
public function update(User $user, Film $film)
{
return $user->id === $film->user_id; // Or whatever is your foreign key
}
}
Then you should update your controller in order to handle the authorization as follow:
public function update(string $id)
{
$this->film = film::findOrFail($id);
$this->authorize('update', $this->film);
return $this->film->toJson();
}
Since this method simply throws an exception, you can have a more elaborate response as explained in the docs
Ok basically, to enable what you need in a simple way, what you can do is this;
First pass the 'user_id' to the controller.
public function update(string $id, $userid)
{
$user = Auth::user();
$id = $user->id;
if($id == $userid)
{
$this->user = Auth::user();
$this->film = film::findOrFail($id);
return $this->film->toJson();
}else{
return "Not Authorized";
}
}
If im not misunderstanding your question, this basically allows only the user who is logged in to update his film. if he goes into any other profile, the id's would mismatch and thus return a not authorized prompt.
My goal is to use two login pages that in mobile and desktop.
Mobile login page use ID and Password and original is use Email and Password.
So I made a mobile page include a simple login form that include just two buttons named as In / Out, and this form's action target is same as original Laravel Auth login route('/login') for use the login validation.
So I added below code to use another login page in Http/Auth/LoginController.
//Http/Auth/LoginController
public function username()
{
if(request('id')) {
return 'id'; // if request contains id in mobile then return it
}
return 'email'; // else return email
}
protected function validateLogin(Request $request)
{
if(request('id')){
$this->validate($request, [
$this->username() => 'required|numeric',
'password' => 'required|string',
]);
}
}
protected function authenticated(Request $request, $user)
{
if ($request->in == 'in') {
return redirect()->route('mobiles_start', ['in' => 'in']);
} // route('mobiles_start') is target to logic controller
// and after worked then return to mobile login view.
elseif ($request->out == 'out') {
return redirect()->route('mobiles_destroy', ['out' => 'out']);
} // route('mobile_destroy) also.
}
public function showLoginForm(Request $request)
{
if ($request->in == 'in' || $request->out == 'out') {
return view('mobiles.login');
}
else return view('auth.login');
}
But problem is if login failed in mobile login page, then always redirect to original login page('auth.login') instead of mobile one.
How could I make mobile login page's redirection?
You would need to overwrite sendFailedLoginResponse in this LoginController.
Code for Laravel 5.3:
protected function sendFailedLoginResponse(Request $request)
{
return redirect()->back()
->withInput($request->only($this->username(), 'remember','in','out'))
->withErrors([
$this->username() => Lang::get('auth.failed'),
]);
}
Code for Laravel 5.5(similar to Wreigh's post):
protected function sendFailedLoginResponse(Request $request)
{
if ($request->in == 'in' || ) {
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
])->redirectTo('/login?in=in');
} else if($request->out == 'out'){
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
])->redirectTo('/login?out=out');
} else {
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
]);
}
}
As the original sendFailedLoginResponse only redirect back with username and remember parameters, add in and out would make it work I believe.
However, the above is a fast workaround. For desktop and mobile, you should use responsive web design and use blade template to provide different parameters to the login function.
Also, I would use a better structure to identify whether it was from mobile login or the normal login page. For example, giving a variable like is_mobile_login would make the code more readable.
Hope it helps.
Try overriding the sendFailedLoginResponse from AuthenticatesUsers trait.
Add this in your LoginController.
use Illuminate\Validation\ValidationException;
protected function sendFailedLoginResponse(Request $request)
{
$validationException = ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
]);
if ($request->in == 'in' || $request->out == 'out') {
return $validationException->redirectTo('mobile/url');
}
return $validationException->redirectTo('auth/url');
}
Take note that redirectTo accepts a URL and not a View or Route name.
I am guessing the route 'mobiles_destroy' is leading to the wrong method. Check the redirect from that method.
The redirect for failed/missing authentication is defined in
Illuminate\Foundation\Exceptions\Handler.php
/**
* Convert an authentication exception into a response.
*
* #param \Illuminate\Http\Request $request
* #param \Illuminate\Auth\AuthenticationException $exception
* #return \Illuminate\Http\Response
*/
protected function unauthenticated($request, AuthenticationException $exception)
{
return $request->expectsJson()
? response()->json(['message' => $exception->getMessage()], 401)
: redirect()->guest(route('login'));
}
The functions that interest you are unauthenticated() and invalid().
Based on your platform location you can override those in App\Exceptions\Handler.php thus controlling the flow of failed auth and redirect.
Hope that helps.
I'm using dingo/api (that has built-in support for jwt-auth) to make an API.
Suppose this is my routes :
$api->group(['prefix' => 'auth', 'namespace' => 'Auth'], function ($api) {
$api->post('checkPhone', 'LoginController#checkPhone');
//Protected Endpoints
$api->group(['middleware' => 'api.auth'], function ($api) {
$api->post('sendCode', 'LoginController#sendCode');
$api->post('verifyCode', 'LoginController#verifyCode');
});
});
checkPhone method that has task of authorize and creating token is like :
public function checkPhone (Request $request)
{
$phone_number = $request->get('phone_number');
if (User::where('phone_number', $phone_number)->exists()) {
$user = User::where('phone_number', $phone_number)->first();
$user->injectToken();
return $this->response->item($user, new UserTransformer);
} else {
return $this->response->error('Not Found Phone Number', 404);
}
}
And injectToken() method on User Model is :
public function injectToken ()
{
$this->token = JWTAuth::fromUser($this);
return $this;
}
Token creation works fine.
But When I send it to a protected Endpoint, always Unable to authenticate with invalid token occures.
The protected Endpoint action method is :
public function verifyCode (Request $request)
{
$phone_number = $request->get('phone_number');
$user_code = $request->get('user_code');
$user = User::wherePhoneNumber($phone_number)->first();
if ($user) {
$lastCode = $user->codes()->latest()->first();
if (Carbon::now() > $lastCode->expire_time) {
return $this->response->error('Code Is Expired', 500);
} else {
$code = $lastCode->code;
if ($user_code == $code) {
$user->update(['status' => true]);
return ['success' => true];
} else {
return $this->response->error('Wrong Code', 500);
}
}
} else {
return $this->response->error('User Not Found', 404);
}
}
I used PostMan as API client and send generated tokens as a header like this :
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI5ODkxMzk2MTYyNDYiLCJpc3MiOiJodHRwOlwvXC9hcGkucGFycy1hcHAuZGV2XC92MVwvYXV0aFwvY2hlY2tQaG9uZSIsImlhdCI6MTQ3NzEyMTI0MCwiZXhwIjoxNDc3MTI0ODQwLCJuYmYiOjE0NzcxMjEyNDAsImp0aSI6IjNiMjJlMjUxMTk4NzZmMzdjYWE5OThhM2JiZWI2YWM2In0.EEj32BoH0URg2Drwc22_CU8ll--puQT3Q1NNHC0LWW4
I Can not find solution after many search on the web and related repositories.
What is Problem in your opinion?
Update :
I found that not found error is for constructor of loginController that laravel offers :
public function __construct ()
{
$this->middleware('guest', ['except' => 'logout']);
}
because when I commented $this->middleware('guest', ['except' => 'logout']); all things worked.
But if I remove this line is correct?
How should be this line for APIs?
updating my config/api.php to this did the trick
// config/api.php
...
'auth' => [
'jwt' => 'Dingo\Api\Auth\Provider\JWT'
],
...
As I mentioned earlier as an Update note problem was that I used checkPhone and verifyCode in LoginController that has a check for guest in it's constructor.
And because guest middleware refers to \App\Http\Middleware\RedirectIfAuthenticated::class and that redirects logged in user to a /home directory and I did not created that, so 404 error occured.
Now just I moved those methods to a UserController without any middleware in it's constructor.
Always worth reading through the source to see whats happening. Answer: The is expecting the identifier of the auth provider in order to retrieve the user.
/**
* Authenticate request with a JWT.
*
* #param \Illuminate\Http\Request $request
* #param \Dingo\Api\Routing\Route $route
*
* #return mixed
*/
public function authenticate(Request $request, Route $route)
{
$token = $this->getToken($request);
try {
if (! $user = $this->auth->setToken($token)->authenticate()) {
throw new UnauthorizedHttpException('JWTAuth', 'Unable to authenticate with invalid token.');
}
} catch (JWTException $exception) {
throw new UnauthorizedHttpException('JWTAuth', $exception->getMessage(), $exception);
}
return $user;
}
I'm using Socialite to get user information from facebook. All is going well but my redirect isn't working
Sub-routes
I read that it's not possible to do a redirect from a submethod, or
any method that's not in your routes.
But how else can i redirect the user after I logged them in?
My URL looks like this after the successfull facebook handshake
http://tmdb.app/auth/login/facebook?code=AQBTKNZIxbfdBruAJBqZ8xx9Qnz...
Code
class SocialController extends Controller {
public function login(Authenticate $authenticate, Request $request)
{
return $authenticate->execute($request->has('code'), $this);
}
public function userHasLoggedIn($data)
{
$user = User::where('provider_id', $data->id)->first();
if( !$user )
{
$user = User::create([
'name' => $data->name,
'email' => $data->email,
'provider' => 'facebook',
'provider_id' => $data->id
]);
}
// NOT WORKING!
return redirect('test');
}
}
Your login function should be handling the redirect.
I'm guessing execute returns $data if the user is sucessfully logged in and false if not.
class SocialController extends Controller {
public function login(Authenticate $authenticate, Request $request)
{
if($data = $authenticate->execute($request->has('code'), $this))
{
$user = User::where('provider_id', $data->id)->first();
// maybe delegate the user creation to another class/service?
if( !$user )
{
$user = User::create([
'name' => $data->name,
'email' => $data->email,
'provider' => 'facebook',
'provider_id' => $data->id
]);
}
return redirect('test');
}
return redirect('fail_view');
}
}
You can do it using PHP header function in Laravel sub method. I try it and works properly. Hope it can help you.
// You can using the following code
$url= url("about-laravel");
header("Location:" . $url);
exit;
// Or using the following code to redirect and keep set flash message
$result= $this->yourMethod(); // return redirect($this->route)->with('flash_message', 'I\'m Flash Message'); for TRUE or NULL for false
if( $result ){
return $result;
}