Laravel route url changing after app()->handle() function - php

I'm accessing an api in my own project, but now I'm having problem with the route function, after dispatching the request with app()->handle($req), route function generate a different url
$req = Request::create('/api/auth/login', 'POST', [
"user" => $request->user,
"password" => $request->password,
]);
$redirect = route('home'); // http://127.0.0.1:8000/home
$res = app()->handle($req);
$redirect = route('home'); // http://localhost/home
What did I miss?

Request::create() is a method inherited from Symfony's HTTP Request class. When called, if you do not pass in any $_SERVER details, it will use reasonable defaults.
The UrlGenerator Laravel class uses the current Request to determine the fully-qualified domain name when calling functions such as route(). Since you did not tell the Request what the current domain is, it is reverting to localhost.
If you're in an environment where $_SERVER is populated with the proper information, you can pass it to the proper parameter:
Request::create(
'/api/auth/login',
'POST',
[
'user' => $request->user,
'password' => $request->password,
],
[], // cookies
[], // files
$_SERVER
);
Other potential solutions that may fit well:
Use Request::createFromGlobals() to populate a request with PHP's superglobals such as $_POST, $_SERVER, etc., then modify the parts that you want to change.
If the $request variable already holds a Laravel Request instance, you can call $request->duplicate(). And again, modify as needed.

Related

Laravel route returns wrong route [duplicate]

I'm accessing an api in my own project, but now I'm having problem with the route function, after dispatching the request with app()->handle($req), route function generate a different url
$req = Request::create('/api/auth/login', 'POST', [
"user" => $request->user,
"password" => $request->password,
]);
$redirect = route('home'); // http://127.0.0.1:8000/home
$res = app()->handle($req);
$redirect = route('home'); // http://localhost/home
What did I miss?
Request::create() is a method inherited from Symfony's HTTP Request class. When called, if you do not pass in any $_SERVER details, it will use reasonable defaults.
The UrlGenerator Laravel class uses the current Request to determine the fully-qualified domain name when calling functions such as route(). Since you did not tell the Request what the current domain is, it is reverting to localhost.
If you're in an environment where $_SERVER is populated with the proper information, you can pass it to the proper parameter:
Request::create(
'/api/auth/login',
'POST',
[
'user' => $request->user,
'password' => $request->password,
],
[], // cookies
[], // files
$_SERVER
);
Other potential solutions that may fit well:
Use Request::createFromGlobals() to populate a request with PHP's superglobals such as $_POST, $_SERVER, etc., then modify the parts that you want to change.
If the $request variable already holds a Laravel Request instance, you can call $request->duplicate(). And again, modify as needed.

Can't get Auth object and cookies by consuming my own Laravel API

I'm currently trying to build a secure SPA application in Laravel by using :
Laravel 5.6
Laravel Passport
Guzzle client
To make the whole application secure, I created a proxy to prefix all requests to the API and :
User the password grand type of token
Hide the client ID
Hide the client secret
Add automatic scopes based on the role of the user
This is how the Proxy works :
// The proxify endpoint for all API requests
Route::group(['middleware' => ['web']], function ()
{
Route::any('proxify/{url?}', function(Request $request, $url) {
return Proxify::makeRequest($request->method(), $request->all(), $url);
})->where('url', '(.*)');
});
Each time a request is made, it goes through that package I built to create the access token, refreshing it, or deleting it.
To create the access token for the user I'm using a MiddleWare at loggin :
$response = $http->post('http://myproject.local/proxify/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'username' => $request->get('email'),
'password' => $request->get('password'),
]
]);
This is working well, excepting the fact that I'm setting cookies in the Proxify::makeRequest, so I have to create them in the call, return them in the $response, and then at the end of the Middleware, attaching them to the request (Cookie::queue and Cookie::Make are not working in a Guzzle call it seems).
The access token is created and stored in a cookie.
First problem is that in this call, even in the middleware, and especially in that URL http://myproject.local/proxify/oauth/token, I don't have any access to the Auth trait, even if it's specified as a middleware attached to the route, so impossible to fetch information from the authenticated user.
Then the other problem is that when I'm making a call to get a ressource API such as :
$http = new Client();
$response = $http->get('http://myproject.local/proxify/api/continents');
$continents = $response->getBody()->getContents();
return view('dashboard')->with("continents", $continents);
In that case, when I'm calling the URL, the proxy is not able to get the access_token defined in the cookie with the CookieFacade through the HTTP call, neither the Auth object I'm whiling to use. The $_COOKIE variable is not working neither.
What is wrong with my structure so that I don't have any access to the cookie even if it's set and in the browser ? Any other way to get the info ? I tried to get the cookie from the request in the proxy, not working.
Have you tried using the Illuminate or Symfony Request classes and handling the routing via the Laravel instance? My immediate suspicion is Guzzle is the culprit behind no cookies coming through with the requests. Cookie::queue() is a Laravel specific feature so I wouldn't think Guzzle would know anything about them.
Replace Guzzle in one of the routes where the issue occurs. Start with a new Request instance and make the internal api call like:
// create new Illuminate request
$request = Request::create('/api/users', $action, $data, [], [], [
'Accept' => 'application/json',
]);
// let the application instance handle the request
$response = app()->handle($request);
// return the Illuminate response with cookies
return $response->withCookies($myCookies);
I do something similar to this in a couple applications and never had any problems with cookies or accessing server variables. Granted, it's only for authentication, the rest of the api calls are through axios.

API between two separate instances of Laravel

I am trying to figure out a problem I have. I have 2 laravel setups on the same server, each are independent sites controlled via vhosts.
SiteA needs to act as an API to SiteB. So within SiteA I set up an API by doing
Route::group(['prefix' => 'api/v1'], function () {
Route::post('postProject', array('as' => 'postProject', 'uses' => 'APIController#postProject'));
});
For now, the controller function is simply this
public function postProject(Project $project)
{
dd($project);
}
So within SiteB I want to call this API. As such, I set up a route which contains the project object (I have tried both get and post)
Route::get('projects/{projects}/postProject', array('as' => 'projects.postProject', 'uses' => 'APIController#postProject'));
And this controller function does the following
public function postProject($project)
{
$client = new GuzzleHttp\Client();
$req = $client->request('POST', 'http://localhost/api/v1/postProject', [
'body' => $project,
'headers' => [
'Content-Type' => 'text/xml',
'Content-Length' => strlen($project),
]
]);
$output = $req->getBody()->getContents();
return $output;
}
I have localhost as an example url so the real url wasnt exposed. The error siteB receives when making the post request is a 404 not found. If on siteA I set up a simple get function that returns something, siteB can execute this API call without any problem. The problem comes about when I am trying to post something from siteB to siteA.
Additionally, when I pass the $project object, is there any way to send over its related models as well? A $project has one to many relationships with a few other models, and ideally I would like to get the related data over.
I think you just need to eager load the relationships
public function postProject()
{
//dd($project);
Project::with('relation1', 'relation2')->find($id);
}

How do I do HTTP basic authentication using Guzzle?

I want to do basic access authentication using Guzzle and I am very new to programming. I have no clue what to do. I tried to do this using curl but my environment requires using guzzle.
If you're using Guzzle 5.0 or newer, the docs say that basic auth is specified using the auth parameter:
$client = new GuzzleHttp\Client();
$response = $client->get('http://www.server.com/endpoint', [
'auth' => [
'username',
'password'
]
]);
Please note that the syntax is different if you're using Guzzle 3.0 or earlier. The constructor is different, and you also need to explicitly use the send method on a request to get a response:
$client = new Guzzle\Http\Client();
$request = $client->get('http://www.server.com/endpoint');
$request->setAuth('username', 'password');
$response = $request->send();
A brief addendum
In response to #Matthwew-Knill, yes, you can set a default authorization and implicitly have Guzzle send it in each further request. #Nick's answer is on point. The client constructor takes every parameter you could think of and then some.
Another approach, if you want to get creative, would be to instantiate the client passing it default headers to send on every further request. Simple auth is, after all, an Authorization header. It's computed as:
$client = new Client([
'headers'=>[
'Authorization'=> Basic base64_encode(<username>:<password>)
]
]);
Last but not least please note that filling a simple auth dialog happens only once (upon the virst visit of a given session). This is usually achieved by setting a cookie on the visitor's browser. That cookie in turn contains enough info for the server to identify its matching active session.
Usually, Guzzle requests are stateless, but you can configure Guzzle with a middleware chain to either modify request or responses, for debug purposes and, for this use case, to remember cookies, thus becoming partially stateful.
Please check the detailed procedure in Guzzle Docs. The important thing is that, by instantiating the client with a cookiejar middleware, therefore having the client include it from then on, the first request will remember the server's set-cookie header, and will send it as every further cookie header, making the server recognize the client as a logged in user. Of course, you could also inspect the first response's headers yourself and send its value from then on.
There might be other ways, but I can't think of another right now.
In additional to #amenadiel answer. Sometimes handy specify auth parameters in constructor:
$client = new Client([
'auth' => ['username', 'password'],
]);
Then every request will use this default auth parameters.
This dint work when I used Guzzlev6 and used the advice from #amenadiel. When you use curl, your syntax would look something like
curl -u someone#gmail.com:password http://service.com
behind the scenes it actually takes the "someone#gmail.com:password" bit, base64 encodes it and sends the request with an "Authorization" Header with the encoded value. For this example, that will be:
Authorization: Basic c29tZW9uZUBnbWFpbC5jb206cGFzc3dvcmQ=
Advice from #amenadiel appended an "auth: username,password" header and hence, my authentication kept failing. To achieve this successfully, just craft the header when you are instantiating a Guzzle Client request, i.e
$client = new GuzzleHttp\Client();
$credentials = base64_encode('someone#gmail.com:password');
$response = $client->get('http://www.server.com/endpoint', [
'Authorization' => ['Basic '.$credentials]
]);
That would append the header as curl would, and whatever service you are trying to connect to will stop yelling at you,
Cheers.
According to the Guzzle 6 documentation, you can do a request with basic authorization as simple as this:
$client = new Client();
$response = $client->request(
'POST', /*instead of POST, you can use GET, PUT, DELETE, etc*/
$url,
[
'auth' => ['username', 'password'] /*if you don't need to use a password, just leave it null*/
]
);
echo $response->getBody();
NOTE: You don't need to use base64_encode() at all because it already does it before the request.
I've tested and it works :)
See more at: Guzzle 6 Documentation
$response = $client->request( 'GET', 'your_url', [
'auth' => [
'your_username',
'your_password'
],
'headers' => [
'if you want to pass something in the headers'
]
]
);
You can also configure the auth params when instantiating the client instead of adding it to each request:
$this->client = new \GuzzleHttp\Client([
'base_uri' => $this->endpoint,
'headers' => [
'Authorization' => ['Basic '.base64_encode($this->username.':'.$this->password)],
],
]);
Here are the various doc links for Guzzle 6:
Creating a Client
Request Options
Auth Request Options
According to what #bourgeois247 said about base64 encoding, the following worked perfectly for me on Guzzle 6:
$client = new Client();
$credentials = base64_encode('username:password');
$response = $client->post('url',
[
'headers' => [
'Authorization' => 'Basic ' . $credentials,
],
]);
If you use it with symfony, you can also define it in your configuration file (config/packages/eight_points_guzzle.yaml for symfony4 or flex or config.yml for the other version)
In your configuration file :
eight_points_guzzle:
clients:
your_service:
# Write here the host where to do requests
base_url: "yourURL"
options:
timeout: 30
auth:
- yourLogin # login
- yourPassword # password
plugin: ~
Then, in your service, controller, etc....
$client = $this->getContainer()->get('eight_points_guzzle.client.your_service');
$response = $client->get('yourRoute');
See : https://packagist.org/packages/eightpoints/guzzle-bundle

Guzzle HTTP request transforms from POST to GET

I have this very weird thing going on when trying to make post to an external API, I try to make a POST request to the URL but Guzzle make a GET request instead (which is a legal action on this API but returns something different).
Here is the code:
$request = $this->client->createRequest('POST', 'sessions', [
'json' => [
'agent_id' => $agentId,
'url' => $url
],
'query' => [
'api_key' => $this->apiKey
]
]);
echo $request->getMethod(); // comes out as POST
$response = $this->client->send($request);
echo $request->getMethod(); // suddenly becomes GET
Same thing happens when I use $this-client->post(…)
I really have no idea what to do next.
I run into the same problem.
the reason is that Guzzle Changes the Request-Method to 'GET' when there is a location Redirect with code 301 or 302.
I found the 'Problem-Code' in the RedirectMiddleware.php.
But when you see the if-condition you can disable this behavior by adding 'allow_redirects'=>['strict'=>true] to your options.
After finding this option, I discovered that the option is listed in the Guzzle Options Documentation
So yust rewrite your createRequest like this:
$request = $this->client->createRequest('POST', 'sessions', [
'json' => [
'agent_id' => $agentId,
'url' => $url
],
'query' => [
'api_key' => $this->apiKey
],
'allow_redirects'=> ['strict'=>true]
]);
And it should stay Method POST after the redirect.
You're probably getting a 3xx status code so that that the Redirect subscriber kicks in (redirect is enabled by default). From the docs:
[...] Pass an associative array containing the ‘max’ key to specify
the maximum number of redirects and optionally provide a ‘strict’ key
value to specify whether or not to use strict RFC compliant redirects
(meaning redirect POST requests with POST requests vs. doing what
most browsers do which is redirect POST requests with GET requests).
//edit Just saw you kinda answered that yourself in the question comments - still leaving this answer online as it provides some context.
Try to change the key 'query' to 'body'.
Please switch query to form_params. In Guzzle 6 it works.

Categories