I am writing tests to validate that a locale is set for a notification and asserting that the correct translation is used in the notification's content. I have been unable to get the locale set on notifications when using Twilio: https://github.com/laravel-notification-channels/twilio
I have a notification test for a mail channel that uses a Mailable which is working as expected:
public function test_mail_notifications_use_localisation()
{
$user = factory(User::class)->create();
$user->notify(
(new WelcomeMailNotificationStub)
->locale('fr')
);
$this->assertContains('Bonjour Le Monde',
app('swift.transport')->messages()[0]->getBody()
);
}
class WelcomeMailStub extends \Illuminate\Mail\Mailable
{
public function build()
{
return $this->view('welcome-notification');
}
}
class WelcomeMailNotificationStub extends \Illuminate\Notifications\Notification
{
public function via($notifiable)
{
return ['mail'];
}
public function toMail($notifiable)
{
return (new WelcomeMailStub);
}
}
I would like to write a similar test for SMS notifications sent via Twilio but in my attempts so far the locale appears to be ignored when sending the notification and the default locale is instead used. Here's what I've come up with:
public function test_sms_notifications_use_localisation()
{
Notification::fake();
$user = factory(User::class)->create();
$user->notify(
(new WelcomeSmsNotificationStub)
->locale('fr')
);
Notification::assertSentTo(
$user,
WelcomeSmsNotificationStub::class,
function ($notification, $channels) use ($user)
{
return $notification->toTwilio($user)->content === 'Bonjour Le Monde'; // test fails here
}
);
}
class WelcomeSmsNotificationStub extends \Illuminate\Notifications\Notification
{
public function via($notifiable)
{
return [TwilioChannel::class];
}
public function toTwilio($notifiable)
{
return (new TwilioSmsMessage())
->content(__('welcome_notification.opening_text'));
}
}
If I dd() inside the callback in assertSentTo like this:
Notification::assertSentTo(
$user,
WelcomeSmsNotificationStub::class,
function ($notification, $channels) use ($user)
{
dd(
$notification,
$notification->toTwilio($user)
);
return $notification->toTwilio($user)->content === 'Bonjour Le Monde'; // test fails here
}
);
I get the following:
Tests\Unit\Notifications\WelcomeSmsNotificationStub {#116
+id: "ae164ce6-fa47-4730-b401-e6cc15b27e16"
+locale: "fr"
}
NotificationChannels\Twilio\TwilioSmsMessage {#2414
+alphaNumSender: null
+applicationSid: null
+maxPrice: null
+provideFeedback: null
+validityPeriod: null
+content: "Default welcome" <== using the default welcome instead of 'fr'
+from: null
+statusCallback: null
+statusCallbackMethod: null
}
Any advice on getting this working would be appreciated, thanks!
User exohjosh has solved the issue. I need to explicitly set the translated string's locale in the SMS Notification's toTwilio method like this:
__('welcome_notification.opening_text', [], $this->locale)
whereas when using Laravel's Mailable this was done automatically.
Edit
Event better solution if you're using views is to use Illuminate\Support\Traits\Localizable then you can do this:
public function toTwilio($notifiable)
{
return $this->withLocale($this->locale, function() {
$content = View::make('welcome-notification')->render();
return (new TwilioSmsMessage())->content($content);
});
}
Related
I have this policy :
class ProjectPagePolicy
{
use HandlesAuthorization;
public function viewAny(User $user)
{
return true;
}
public function view(User $user, ProjectPage $projectPage)
{
return true;
}
public function create(User $user)
{
return $user->isAdmin() || $user->isDeveloper();
}
public function update(User $user, ProjectPage $projectPage)
{
return $user->isAdmin() || $user->isDeveloper();
}
..........
}
ProjectPageController :
class ProjectPageController extends Controller
{
public function __construct()
{
$this->authorizeResource(ProjectPage::class, 'project-page');
}
public function index(Request $request)
{
return response(
[],
HttpStatusCode::OK
);
}
public function store(ProjectPageRequest $projectPageRequest)
{
$inputs = $projectPageRequest->validated();
$projectPage = ProjectPage::create($inputs);
return response()->json([
'data' => new ProjectPageResource($projectPage)
], HttpStatusCode::Created);
}
public function update(
ProjectPageRequest $projectPageRequest,
ProjectPage $projectPage
) {
$inputs = $projectPageRequest->validated();
$projectPage->fill($inputs)->save();
return response(status: HttpStatusCode::NoContent);
}
In the routes file :
Route::middleware(['auth:sanctum'])->group(function () {
Route::post(
'/refresh-token',
fn () => app(RefreshTokenResponse::class)
);
Route::apiResources([
'project-page' => ProjectPageController::class,
]);
});
When I try to save a project page, I received 201 CREATED so all good in this case.
When I try to update it I have 403 forbidden.
Where the problem is ? Why is working on creation and not on updated ? Have an idea about that ?
TL;DR Remove the second argument ('project-page') from your authorizeResource call.
When using Route::resource(...), Laravel will convert a hyphenated route parameter to be snake-case (this will not have any affect on the URL itself, just how laravel accesses the parameter). This will mean that that when you call authorizeResource with project-page, it won't match. This will in-turn cause the authorize method to fail.
You can view your routes via the CLI with the following:
php artisan route:list
which should show your route param for your project-page routes to be project_page e.g. project-page/{project_page}
I made my code where an administrator can send a message to a group, and soon all users within that group receive notification on the mobile app:
public function create(Request $request)
{
if(!($error = $this->isNotValidate($request))){
//Log::error(print_r("validado", true));
$message = Message::create($request->toArray());
$message->recives()->attach($request->recive_ids);
foreach($message->recives as $group){
foreach($group->users as $user){
$user->notify(new NotificationMessage($message));
}
}
$response = ['message' => $message];
return response($response, 200);
}
return response($error, 422);
}
I used the library: https://github.com/laravel-notification-channels/fcm it is working he send the notification to the mobile through the firebase.
my difficulty is that in the toFcm function I want to retrieve the message to build the notification I'm sending:
public function toFcm($notifiable)
{
return FcmMessage::create()
->setData(['message_id' => $this->invoice->id, 'message_created' => $this->invoice->created_at])
->setNotification(\NotificationChannels\Fcm\Resources\Notification::create()
->setTitle($this->invoice->title)
->setBody($this->invoice->content)
//->setImage('http://example.com/url-to-image-here.png')
)->setAndroid(
AndroidConfig::create()
->setFcmOptions(AndroidFcmOptions::create()->setAnalyticsLabel('analytics'))
->setNotification(AndroidNotification::create()->setColor('#0A0A0A'))
)->setApns(
ApnsConfig::create()
->setFcmOptions(ApnsFcmOptions::create()->setAnalyticsLabel('analytics_ios')));
}
I thought that in the variable $this->invoice or in the $notifiable would come the $message that I am passing as a parameter in the creation, but it does not pass, both are returning the user.
does anyone know how i can make this dynamic notification with my message data?
UPDATE
class NotificationMessage extends Notification
{
/**
* Specifies the user's FCM token
*
* #return string|array
*/
public function routeNotificationForFcm()
{
return $this->fcm_token;
}
public function via($notifiable)
{
return [FcmChannel::class];
}
public function toFcm($notifiable)
{
return FcmMessage::create()
->setData(['message_id' => $notifiable->id, 'message_created' => $notifiable->created_at])
->setNotification(\NotificationChannels\Fcm\Resources\Notification::create()
->setTitle($notifiable->title)
->setBody($notifiable->content)
//->setImage('http://example.com/url-to-image-here.png')
)->setAndroid(
AndroidConfig::create()
->setFcmOptions(AndroidFcmOptions::create()->setAnalyticsLabel('analytics'))
->setNotification(AndroidNotification::create()->setColor('#0A0A0A'))
)->setApns(
ApnsConfig::create()
->setFcmOptions(ApnsFcmOptions::create()->setAnalyticsLabel('analytics_ios')));
}
// optional method when using kreait/laravel-firebase:^3.0, this method can be omitted, defaults to the default project
public function fcmProject($notifiable, $message)
{
// $message is what is returned by `toFcm`
return 'app'; // name of the firebase project to use
}
}
I decided to invert the logic of who was my notify, now instead of the user being the notify, my message became
In my control I'm even simpler:
public function create(Request $request)
{
if(!($error = $this->isNotValidate($request))){
//Log::error(print_r("validado", true));
$message = Message::create($request->toArray());
$message->recives()->attach($request->recive_ids);
$message->notify(new NotificationMessage);
$response = ['message' => $message];
return response($response, 200);
}
return response($error, 422);
}
in my message template I made the following changes:
use Illuminate\Notifications\Notifiable;
...
class Message extends BaseModel
{
use Notifiable;
...
public function routeNotificationForFcm()
{
$tokens = [];
foreach($this->recives as $group){
foreach($group->users as $user){
$tokens = array_merge($tokens, $user->notifications()->pluck('token')->toArray());
}
}
return $tokens;
}
}
with that in my variable $notifiable started to receive the information of the message and then it was easy to pass them as parameter.
So basically I want to create something like #IsGranted.
I used #IsGranted on my application to access control to prevent a simple user from accessing an admin page for example.
On my entity, I have a boolean field called is_Active
if it's true (1) then the user can use his account
if it's false (0) then he gets redirected to an error page!
In this case, I am not going to test on the Rolesfield of the user but I am gonna test on the is_Active field that's why I can't use the #IsGranted.
I created an error twig page active.html.twig
and I place it on templates folder, and I found myself FORCED to add those 2 lines on every controller function.
if ($this->getUser()->getIsActive()==false) {
return $this->render('active.html.twig');}
Here is an example:
/**
* #IsGranted("ROLE_ADMIN")
* #Route("/", name="user_index", methods={"GET"})
*/
public function index(UserRepository $userRepository): Response
{
if ($this->getUser()->getIsActive()==false) {
return $this->render('active.html.twig');}
return $this->render('user/index.html.twig', [
'users' => $userRepository->findAll(),
]);
}
This is very heavy and bad to add this if statement on every function (I have +30 functions on the app)
Maybe I can create something similar to #IsGranted and use it on the annotation of each function instead?
You can keep using #IsGranted with a custom voter. https://symfony.com/doc/current/security/voters.html#creating-the-custom-voter
Create new voter like in the documentation
public const ACTIVE = 'active';
protected function supports(string $attribute, $subject)
{
return $attribute === self::ACTIVE;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
if ($user instanceof User && !$user->isActive()) {
throw new InactiveUserException();
}
return true;
}
Then you can create a listener for InactiveUserException and show what ever you want to the client.
In your controller you'll need to put #IsGranted("active") or #Security(expression="is_granted('active')") before the route method or controller
I would use the authentication for this then you don't have to touch your controllers. You can check if they are logged in and active then they can view the content or if they fail auth then you can direct them to another route with your active.html.twig.
You can also just have this set on certain routes or all of them.
https://symfony.com/doc/current/security/guard_authentication.html
Sample Authenticator and set this just for your admin routes then you can have a normal authenticator without checking for an active user on the checkCredentials for all other routes.
<?php
namespace App\Security;
use App\Entity\User;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Twig\Environment;
class AdminAuthenticator extends AbstractGuardAuthenticator
{
/** #var Environment */
private $twig;
public function __construct(Environment $twig)
{
$this->twig = $twig;
}
public function supports(Request $request): bool
{
$email = $request->request->get('email');
$password = $request->request->get('password');
return $email && $password;
}
public function getCredentials(Request $request)
{
$email = $request->request->get('email');
$password = $request->request->get('password');
return [
'email' => $email,
'password' => $password
];
}
public function getUser($credentials, UserProviderInterface $userProvider)
{
$email = $credentials['email'];
return $userProvider->loadUserByUsername($email);
}
public function checkCredentials($credentials, UserInterface $user)
{
$password = $credentials['password'];
if (!$this->passwordEncoder->isPasswordValid($user, $password)) {
throw new CustomUserMessageAuthenticationException(
'Sorry, you\'ve entered an invalid username or password.'
);
}
if (!$user->isActive()) {
throw new NotActiveUserException(
'This account is not active'
);
}
return true;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($exception instanceof NotActiveUserException) {
// You should redirect here but you get the idea!
$this->twig->render('active.html.twig');
}
// Do something else for any other failed auth
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
return new JsonResponse('success', Response::HTTP_OK);
}
public function start(Request $request, AuthenticationException $authException = null)
{
return new JsonResponse('Not Authorized', Response::HTTP_UNAUTHORIZED);
}
public function supportsRememberMe()
{
return false;
}
}
Then in your security.yaml
firewalls:
admin:
pattern: ^/admin
provider: user
guard:
authenticators:
- App\Security\AdminAuthenticator
I am seeing some behaviour. I can't explain when accessing user data via the Auth facade in Laravel class. Here's an extract of my code:
private $data;
private $userID;//Set property
function __construct()
{
$this->middleware('auth');//Call middleware
$this->userID = Auth::id();//Define property as user ID
}
public function index() {
return view('');
}
public function MyTestMethod() {
echo $this->userID;//This returns null
echo Auth::id();//This works & returns the current user ID
}
I am logged in and have included use Illuminate\Support\Facades\Auth; in the class thus the code works, but only when accessing Auth in methods - else it returns a null value.
Most odd, I can't work out what is causing this. Any thoughts much appreciated as ever. Thanks in advance!
In Laravel Laravel 5.3.4 or above, you can't access the session or authenticated user in your controller's constructor, since the middlware isn't runnig yet.
As an alternative, you may define a Closure based middleware directly in your controller's constructor.:
try this :
function __construct()
{
$this->middleware(function ($request, $next) {
if (!auth()->check()) {
return redirect('/login');
}
$this->userID = auth()->id(); // or auth()->user()->id
return $next($request);
});
}
another alternative solution go you your base controller class and add __get function like this :
class Controller
{
public function __get(string $name)
{
if($name === 'user'){
return Auth::user();
}
return null;
}
}
and now if your current controller you can use it like this $this->user:
class YourController extends Controller
{
public function MyTestMethod() {
echo $this->user;
}
}
You should try this :
function __construct() {
$this->userID = Auth::user()?Auth::user()->id:null;
}
OR
public function __construct()
{
$this->middleware(function ($request, $next) {
$this->userID = Auth::user()->id;
return $next($request);
});
}
I have added a custom authentication component for a Yii2 RESTful project and it is validating credentials OK but it is not returning the valid User object to \Yii::$app->user
The component looks like this:
public function authenticate($user, $request, $response) {
$bearerToken = \Yii::$app->getRequest()->getQueryParam('bearer_token');
$user = Account::findIdentityByAccessToken($bearerToken);
return $user;
}
And the Account model method looks like this:
public static function findIdentityByAccessToken($token, $userType = null) {
return static::findOne(['bearer_token' => $token]);
}
I can see $user is the expected record of Account when debugging in the authenticate() method but \Yii::app()->user seems to be a newly instatiated user. \Yii::app()->user->identity is equal to null.
Can anyone see what I'm doing wrong here?
To login user this is not enough:
Account::findIdentityByAccessToken($bearerToken);
You need to call $user->login($identity) inside authentificate(). See for example how it's implemented in yii\web\User loginByAccessToken():
public function loginByAccessToken($token, $type = null)
{
/* #var $class IdentityInterface */
$class = $this->identityClass;
$identity = $class::findIdentityByAccessToken($token, $type);
if ($identity && $this->login($identity)) {
return $identity;
} else {
return null;
}
}
So you can also call it in your custom auth method:
$identity = $user->loginByAccessToken($accessToken, get_class($this));
See for example how it's implemented in yii\filters\auth\QueryParamAuth.
And you also need to return $identity, not $user. Also handling failure is missing in your code. See how it's implemented in built-in auth methods:
HttpBasicAuth
HttpBearerAuth
QueryParamAuth
More from official docs:
yii\web\User login()
yii\filters\auth\AuthInterface
Update:
Nothing forces you to use loginByAccessToken(), I just mentioned it as an example.
Here is an example of custom auth method that I wrote quite a while ago, not sure if it's 100% safe and true, but I hope it can help you to understand these details:
Custom auth method:
<?php
namespace api\components;
use yii\filters\auth\AuthMethod;
class HttpPostAuth extends AuthMethod
{
/**
* #see yii\filters\auth\HttpBasicAuth
*/
public $auth;
/**
* #inheritdoc
*/
public function authenticate($user, $request, $response)
{
$username = $request->post('username');
$password = $request->post('password');
if ($username !== null && $password !== null) {
$identity = call_user_func($this->auth, $username, $password);
if ($identity !== null) {
$user->switchIdentity($identity);
} else {
$this->handleFailure($response);
}
return $identity;
}
return null;
}
}
Usage in REST controller:
/**
* #inheritdoc
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpPostAuth::className(),
'auth' => function ($username, $password) {
$user = new User;
$user->domain_name = $username;
// This will validate password according with LDAP
if (!$user->validatePassword($password)) {
return null;
}
return User::find()->username($username)->one();
},
];
return $behaviors;
}
Specifying $auth callable is also can be found in HttpBasicAuth.