I am calling a function which is in my laravel controller. I have used laravel's custom response to return data. But some other data is getting added to my response even though I have not added it.
return Response::make(json_encode(array(
'error' => false,
'message' => 'Redaction done successfully.',
'is_redacted' => 0)), 200,
array(
'Content-Type' => 'application/json'
)
);
Above is the code that I have added to return my response.
But response that I am receiving is:
> * Found bundle for host redaction-stage-tcm.tylerhost.net: 0x55998c67ee40
* Re-using existing connection! (#0) with host redaction-stage-tcm.tylerhost.net
* Connected to redaction-stage-tcm.tylerhost.net (208.64.239.110) port 443 (#0)
> POST /ocr/OCRWeb/v2/Documents('mfr_8')/OCRWeb.Scan HTTP/1.1
Host: redaction-stage-tcm.tylerhost.net
User-Agent: GuzzleHttp/6.3.3 curl/7.43.0 PHP/5.6.11-1ubuntu3.4
OData-Version: 4.01
OData-MaxVersion: 4.01
Content-Type: application/json
Content-Length: 2
upload completely sent off: 2 out of 2 bytes
< HTTP/1.1 200
< Cache-Control: no-transform
< Cache-Control: no-cache
< Cache-Control: no-store
< Cache-Control: must-revalidate
< Cache-Control: max-age=0
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Vary: *
< Pragma: no-cache
< X-Clacks-Overhead: GNU Terry Pratchett
< OData-Version: 4.01
< Preference-Applied:
< Content-Type: application/json; odata.metadata=minimal
< Content-Length: 163
< Date: Wed, 13 Feb 2019 10:44:40 GMT
<
* Connection #0 to host redaction-stage-tcm.tylerhost.net left intact
{"error":false,"message":"Redaction done successfully.","is_redacted":0}
I have called some rest APIs in my function. This data is related to that but why is it getting appended to my custom response??
Please help me with it.
Try this,
return response()->json([
'error' => false,
'message' => 'Redaction done successfully.',
'is_redacted' => 0,
'Content-Type' => 'application/json'
], 200)
create a Middleware called AddToRequest and registered it in Kernel.php. See the code below
AddToRequest.php
<?php namespace App\Http\Middleware;
use Carbon\Carbon;
use Closure;
class AddToRequest {
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$request->request->add(['dummy' => 'hey man', 'date' => Carbon::now()]);
return $next($request);
}
}
Kernel.php
<?php namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel {
/**
* The application's global HTTP middleware stack.
*
* #var array
*/
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
'App\Http\Middleware\VerifyCsrfToken',
];
/**
* The application's route middleware.
*
* #var array
*/
protected $routeMiddleware = [
'auth' => 'App\Http\Middleware\Authenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
'inject' => 'App\Http\Middleware\AddToRequest'
];
}
In the handle() method of the AddToRequest Middleware, I set two variables and add it to the request
$request->request->add(['dummy' => 'hey man', 'date' => Carbon::now()]);
Then, in my controller I use the inject middleware
public function __construct()
{
$this->middleware('inject');
$this->middleware('guest');
}
In the index() method of the controller I inject the use Illuminate\Http\Request object and pull the variables I set in the middleware from the request object as follows:
public function index(Request $request)
{
dd($request->get('dummy'), $request->get('date'));
return view('welcome');
}
Related
i was trying to download and this bug came out and i don't how to fix it!
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class XFrameHeaders
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* #return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
$response = $next($request);
$response->withHeaders([
'X-Frame-Options' => 'DENY',
'X-XSS-Protection' => '1; mode=block',
'X-Permitted-Cross-Domain-Policies' => 'master-only',
'X-Content-Type-Options' => 'nosniff',
'Referrer-Policy' => 'no-referrer-when-downgrade',
'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains',
'Cache-Control' => 'no-cache, no-store, must-revalidate, post-check=0, pre-check=0',
'Pragma' => 'no-cache',
'Expires' => 'Sat, 26 Jul 1997 05:00:00 GMT',
]);
return $response;
}
}
this is the code that got pop-up on my screen and don't have the knowledge to fix it!
also the error line is number 20
The withHeaders does not exist in the response object which is an instance of Symfony\Component\HttpFoundation\BinaryFileResponse.
To fix this error, you can replace withHeaders with headers->set() which does not accept an array of headers so you have to set each header in one line.
$response->headers->set('X-Frame-Options', 'DENY');
$response->headers->set('X-XSS-Protection', '1; mode=block');
$response->headers->set('X-Permitted-Cross-Domain-Policies', 'master-only');
$response->headers->set('X-Content-Type-Options', 'nosniff');
$response->headers->set('Referrer-Policy', 'no-referrer-when-downgrade');
$response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
$response->headers->set('Cache-Control', 'no-cache, no-store, must-revalidate, post-check=0, pre-check=0');
$response->headers->set('Pragma', 'no-cache');
$response->headers->set('Expires', 'Sat, 26 Jul 1997 05:00:00 GMT');
I need to turn my laravel api + angular sanctum authentication into a SAML authentication.
I've noticed that I need to use a laravel plugin like laravel-saml2 or laravel-saml2. (Yes... Same name but different plugins)
I intend to use OKTA because I am already using it to authenticate in my Stack ELK.
But my biggest doubt is: Since my front-end (angular) is communicating to my backend through a stateless API (sanctum), is it possible to implement a SSO SAML to authentication?
I would truly appreciate if anyone could show me how it is possible. And in case it is not, how could my app be rethinked to achieve this goal.
Thanks in advance.
i had the same requirement working according to the next:
Laravel 8 with sanctum (the key to make use of SANCTUM_STATEFUL_DOMAINS)
Make sure your Angular URL application is configured in SANCTUM_STATEFUL_DOMAINS (.env)
like
SANCTUM_STATEFUL_DOMAINS=localhost:4200
laravel-saml2 (https://github.com/aacotroneo/laravel-saml2) configured accorded to documentation.
In app/Http/Kernel.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'saml' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
],
];
And
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
// Add SAML Middleware
'auth.saml' => \App\Http\Middleware\SAMLAuthenticated::class,
];
In app/Providers/EventServiceProvider.php
namespace App\Providers;
use Aacotroneo\Saml2\Events\Saml2LoginEvent;
use App\Models\User;
use Illuminate\Auth\Events\Registered;
use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Session;
class EventServiceProvider extends ServiceProvider
{
/**
* The event listener mappings for the application.
*
* #var array
*/
protected $listen = [
Registered::class => [
SendEmailVerificationNotification::class,
],
];
/**
* Register any events for your application.
*
* #return void
*/
public function boot()
{
Event::listen('Aacotroneo\Saml2\Events\Saml2LogoutEvent', function ($event) {
Auth::logout();
Session::save();
});
Event::listen('Aacotroneo\Saml2\Events\Saml2LoginEvent', function (Saml2LoginEvent $event) {
$messageId = $event->getSaml2Auth()->getLastMessageId();
// Add your own code preventing reuse of a $messageId to stop replay attacks
$user = $event->getSaml2User();
$userData = [
'id' => $user->getUserId(),
'attributes' => $user->getAttributes(),
'assertion' => $user->getRawSamlAssertion()
];
//If it not exists, create a Laravel User from an Authenticated SAML account
$laravelUser = User::firstOrCreate([
'email' => $user->getAttribute("urn:oid:0.9.2342.19200300.100.1.3")[0],
'name' => $user->getAttribute("urn:oid:0.9.2342.19200300.100.1.1")[0],
], ['password' => Hash::make('CREATE_DUMMY_NOT_BEING_USED')]);
Auth::login($laravelUser); // AUTHENTICATION WITHIN LARAVEL
});
}
}
Next, I've created a new Middleware (/app/Http/Middleware/SAMLAuthenticated.php)
namespace App\Http\Middleware;
use Aacotroneo\Saml2\Saml2Auth;
use Closure;
use Illuminate\Support\Facades\Auth;
class SAMLAuthenticated
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null ...$guards
* #return mixed
*/
public function handle($request, Closure $next, ...$guards)
{
if (!Auth::check())
{
if ($request->ajax())
{
return response('Unauthorized.', 401); // Or, return a response that causes client side js to redirect to '/routesPrefix/myIdp1/login'
}
else
{
// VERY IMPORTANT WHEN ANGULAR REQUEST
$retUrl = 'http://localhost:4200';
$saml2Auth = new Saml2Auth(Saml2Auth::loadOneLoginAuthFromIpdConfig('corsisa'));
return $saml2Auth->login($retUrl);
}
}
return $next($request);
}
}
You can test SAML Auth (/app/routes/web.php)
Route::middleware('auth.saml')->group(function () {
//protected routes go here
Route::get('/', function () {
return view('welcome');
});
});
// Also, you can map login & logout
Route::redirect('/login', '/saml2/<idp_name>/login')->name('login');
Route::redirect('/logout', '/saml2/<idp_name>/logout')->name('logout');
At this point, laravel application should redirect to SAML2 Login page.
Configure API routes, (app/routes/api.php:)
Route::middleware('auth.saml')->group(function () {
// Secured routes go here
Route::get('/me' ,function (Request $request) { return $request->user(); });
Route::get('/login' ,function (Request $request) {
return redirect('http://localhost:4200');
});
});
In Angular application, I use the next steps:
First, Make an HTTP Request to "http://laravel_api/api/me"
For example:
this.http.get<User>(URLHelper.concat(environment.API_BASE_URL, "api", "me"), { withCredentials: true, setHeaders: {"X-Requested-With": "XMLHttpRequest"} })
If response is 401, (UNAUTHORIZED), then will be redirected to "http://laravel_api/api/login"
window.location.replace(URLHelper.concat(environment.API_BASE_URL, "api", "login"), { withCredentials: true, setHeaders: {"X-Requested-With": "XMLHttpRequest"} })
Redirection will send the user to the SAML2 Login Page and then redirect back to Angular frontend. (by SAMLAuthenticated middleware )
So when redirect back is completed, Angular makes a new request to http://laravel_api/api/me, this time with an Auth Cookie generated by Sanctum.
Surely this procedure can be improved, but you can use it as a working starting point.
Regards
I'm on Shared Server.
Laravel v8.15.0 (PHP v7.3.23)
unable to set it up properly.
Sanctum & Passport both tried but that crashes with 500 Internal Server Error. So removed them.
https://townies.pk/api/v1/getCart is working.
Another GET route for fetching Images is also working.
But https://townies.pk/api/register POST or https://townies.pk/api/v1/register POST not working. 500 Internal Server Error.
And https://townies.pk/api/login POST or https://townies.pk/api/v1/login POST not working. 500 Internal Server Error.
api.php
<?php
use App\Models\User;
use App\Http\Controllers\AuthController;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;
use Illuminate\Support\Facades\DB;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
/*Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});*/
Route::get('/v1/getCart', function(Request $request){
return response()->json([
'success'=> true,
'msg'=> "yes",
'cartItems' => ['Beef Salaami Large: Rs. 780/-', 'Chicken Supreme Small: Rs. 290/-', 'Super Supreme Medium: Rs. 530/-' ]
])
->header('Content-Type', 'application/json');
});
Route::post('/v1/register', [AuthController::class, 'register'])->name('register');
Route::post('/v1/login', [AuthController::class, 'login'])->name('login');
AuthController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class AuthController extends Controller
{
public function register(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => 'required',
'email' => 'required|email',
'password' => 'required'
]);
if($validator->fails())
{
Log::error('Something is really going wrong.');
return response()->json(['status_code' => 400, 'message' => 'Bad Request']);
}
$user = new User();
$user->name = $request->name;
$user->email = $request->email;
$user->password = algo($request->password);
$user->save();
return response()->json([
'status_code' => 201,
'message' => 'User Registration Successful.'
]);
}
public function login(Request $request)
{
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'password' => 'required'
]);
if($validator->fails())
{
return response()->json(['status_code' => 400, 'message' => 'Bad Request']);
}
$credentials = request(['email', 'password']);
if(!Auth::attempt($credentials))
{
return response()->json([
'status_code' => 401,
'message' => 'Unauthorised'
]);
}
$user = User::where('email', $request->email)->first();
$tokenResult = $user->createToken('authToken')->plaitTextToken;
return response()->json([
'status_code' => 200,
'token' => $tokenResult
]);
}
public function logout(Request $request)
{
$request->user()->currentAccessToken()->delete();
return response()->json([
'status_code' => 200,
'message' => 'LogOut Successful'
]);
}
}
My Database Schema
Next time, please share the exception message from your logs. It is much easier and faster to debug errors when we have a clear picture on the error message itself.
I tried with Laravel Sanctum and /register works fine after adding the missing imports to AuthController and HasApiTokens trait to User model, as outlined below.
/login was still failing until fixing a typo on this line:
$tokenResult = $user->createToken('authToken')->plaitTextToken;
plaitTextToken is misspelled. Should be: plainTextToken.
These are the imports missing on AuthController:
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Validator;
Also, be sure to:
Add the Laravel\Sanctum\HasApiTokens trait to the User model
Add the middleware needed for Sanctum into ./app/Http/Kernel.php under the api middleware group
Publish and run Laravel Sanctum migrations
All these are outlined on Laravel Sanctum installation guide, please be sure to follow the installation guide very closely:
https://laravel.com/docs/8.x/sanctum#installation
After applying the changes above I tried with PHPStorm HTTP Client using these requests:
POST http://my-app.test/api/v1/register
Accept: application/json
Content-Type: application/json
{"name": "bar", "email": "bar#example.com", "password": "password"}
###
POST http://my-app.test/api/v1/login
Accept: application/json
Content-Type: application/json
{"email": "bar#example.com", "password": "password"}
###
With these corresponding responses:
POST http://my-app.test/api/v1/register
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Sun, 29 Nov 2020 01:26:22 GMT
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Access-Control-Allow-Origin: *
{
"status_code": 200,
"message": "User Registration Successful."
}
Response code: 200 (OK); Time: 80ms; Content length: 61 bytes
And
POST http://my-app.test/api/v1/login
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Sun, 29 Nov 2020 01:27:17 GMT
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
Access-Control-Allow-Origin: *
{
"status_code": 200,
"token": "1|5ImkzdVQgNhQyotxlZzs5Hr2YDkTPKfpfovthx1o"
}
Response code: 200 (OK); Time: 86ms; Content length: 72 bytes
I want to apply cors in dingo api in laravel.
Because, I am getting this error.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 500.
I have tried this.
Created Cors middleware.
Added like this Cors.php
<?php
namespace App\Http\Middleware;
use Closure;
class Cors
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers',' Origin, Content-Type, Accept, Authorization, X-Request-With')
->header('Access-Control-Allow-Credentials',' true');
}
}
Then modified Kernel.php like this.
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'cors' => \App\Http\Middleware\Cors::class,
];
Now, I want to know how to add middleware in dingo api routes.
Routes are like this.
$api->version('v1', function($api){
$api->GET('statelist', 'App\Http\Controllers\HospitalController#statelist');
});
$api->version('v1', function($api){
$api->GET('citylist', 'App\Http\Controllers\HospitalController#citylist');
});
try
$api->version('v1', function ($api) {
$api->group(['middleware' => 'cors'], function ($api) {
$api->GET('statelist', 'App\Http\Controllers\HospitalController#statelist');
$api->GET('citylist', 'App\Http\Controllers\HospitalController#citylist');
});
});
I'm trying to create a route post in laravel, i use "get" and it works fine but when i use "post", "delete" etc not working it's returning error 500 (Internal Server Error).
There is my route code
Route::post('Register' ,function(){
return "Hello World";
});
I'm using extension for google chrome "Advanced REST client" to execute one "post", and that gives me that information
Request headers
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
Content-Type: application/json
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: pt-PT,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: XSRF-TOKEN=
Response headers
Host: localhost:60967
Connection: close
X-Powered-By: PHP/5.5.12
Cache-Control: no-cache, private
date: Wed, 23 Dec 2015 01:51:29 GMT
Content-type: text/html
I'm searching for hours and i can't find a solution.
Your XSRF token is missing. By default, all routes in a fresh Laravel application have CSRF protection turned on.
You will either need to add a valid token to your POST request header, or to the POST data itself by setting _token.
If you simply need to test the POST route itself, you can temporarily disable the CSRF middleware, or apply it on a case-by-case basis.
To Disable
app/Http/Kernel.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
//\App\Http\Middleware\VerifyCsrfToken::class, //Comment this out
],
'api' => [
'throttle:60,1',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* #var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
To Enable as Route Middleware
app/Http/Kernel.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
],
'api' => [
'throttle:60,1',
],
];
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* #var array
*/
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'csrf' => \App\Http\Middleware\VerifyCsrfToken::class, //Move it here
];
have you tried to dump-autoload
composer dump-autoload
have you checked if the route is listed?
php artisan route:list
are you actually using a post (using a form or an app like POSTman)