I'm kinda a newbie in Cakephp (3.5) and I'm currently trying to make my first plugin (called Example) which contains several sub-directories. One of them is the UserManager directory which contains a Users MVC standard suit with authentication.
Since I want to add social logins and other stuffs, I created my own auth component as explained in the docs :
plugins/Example/UserManager/src/Controller/AppController.php
<?php
namespace Example\UserManager\Controller;
use App\Controller\AppController as BaseController;
class AppController extends BaseController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Example/UserManager.Example' => [
'fields' => ['username' => 'email', 'password' => 'pass'],
'userModel' => 'Users',
],
],
]);
}
}
plugins/Example/UserManager/src/Auth/ExampleAuthenticate.php
<?php
namespace App\Auth;
use Cake\Auth\BaseAuthenticate;
use Cake\Http\ServerRequest;
use Cake\Http\Response;
class ExampleAuthenticate extends BaseAuthenticate
{
// The same as Form authentication, since I'm testing
}
The problem is that I can't make the authentication component find the ExampleAuthenticate class. I already tried by setting the authenticate config param like
Example
ExampleAuthenticate
UserManager.Example
Example/UserManager.Example
Example\UserManager.Example
Example/UserManager.ExampleAuthenticate
Example\UserManager.ExampleAuthenticate
but I always get the error Authentication adapter "..." was not found. when visiting http://localhost/Project/example/user-manager/users :(
Does anyone have any clue of what I might be missing?
The problem was that the php function class_exists(...) didn't recognise the custom authentication class, so after digging a bit more I realised that the namespace shown in the docs only works for a custom authentication file defined in the App environment, but not in the Plugin one (silly me).
So I changed namespace App\Auth; to namespace Example\UserManager\Auth; inside ExampleAuthenticate.php and it worked like a charm! now the function class_exists('Example\\UserManager\\Auth\\ExampleAuthenticate') returns true and everything works perfect by defining Example/UserManager.Example in the authenticate config params.
Related
I'm using the custom module in my project, and it was working fine with Geolocation 1.11 module.
After I've updated Geolocation to 3.7 my custom module stopped working.
What I've found - my custom module was using trait from 'GoogleMapsDisplayTrait.php' and now it is missing in Geolocation. It was like that
class LocationsMapBlock extends BlockBase {
use GoogleMapsDisplayTrait;
public function build() {
return [
'#theme' => 'locations_map',
'#attached' => [
'library' => ['location/map'],
'drupalSettings' => [
'geolocation' => [
'google_map_url' => $this->getGoogleMapsApiUrl(),
],
'locations' => $this->getLocationMapData(),
],
],
];
}
}
I've found that now most similar class to trait GoogleMapsDisplayTrait) is inside geolocation_google_maps submodule of geolocation module.
But now it's not a trait, but abstract class with the same methods as previous trait was.
abstract class GoogleMapsProviderBase extends MapProviderBase {
...
}
I've tried to add this class:
use Drupal\geolocation_google_maps\GoogleMapsProviderBase;
But now I'm receiving the error
'Error: Call to undefined method Drupal\location\Plugin\Block\LocationsMapBlock::getGoogleMapsApiUrl() in Drupal\location\Plugin\Block\LocationsMapBlock->build() (line 32 of modules/custom/location/src/Plugin/Block/LocationsMapBlock.php).'
My PHP knowledges is to weak to find the solution...
The undefined function getGoogleMapsApiUrl() is, maybe the file is missing?
Check if the file exists:
/modules/geolocation/modules/geolocation_google_maps/src/GoogleMapsProviderBase.php
Try to install and enable the following modules for a cleaner working with geolocation - specially for the geolocation_google_maps:
geofield
geolocation_geofield
geolocation_google_maps
Try using this call instead of $this->getGoogleMapsApiUrl():
Drupal::service('plugin.manager.geolocation.mapprovider')->getMapProvider('google_maps')->getGoogleMapsApiUrl()
I've got a website written in pure PHP and now I'm learning Laravel, so I'm remaking this website again to learn the framework. I have used built-in Auth Fasade to make authentication. I would like to understand, what's going on inside, so I decided to learn more by customization. Now I try to make a master password, which would allow direct access to every single account (as it was done in the past).
Unfortunately, I can't find any help, how to do that. When I was looking for similar issues I found only workaround solutions like login by admin and then switching to another account or solution for an older version of Laravel etc.
I started studying the Auth structure by myself, but I lost and I can't even find a place where the password is checked. I also found the very expanded solution on GitHub, so I tried following it step by step, but I failed to make my own, shorter implementation of this. In my old website I needed only one row of code for making a master password, but in Laravel is a huge mountain of code with no change for me to climb on it.
As far I was trying for example changing all places with hasher->check part like here:
protected function validateCurrentPassword($attribute, $value, $parameters)
{
$auth = $this->container->make('auth');
$hasher = $this->container->make('hash');
$guard = $auth->guard(Arr::first($parameters));
if ($guard->guest()) {
return false;
}
return $hasher->check($value, $guard->user()->getAuthPassword());
}
for
return ($hasher->check($value, $guard->user()->getAuthPassword()) || $hasher->check($value, 'myHashedMasterPasswordString'));
in ValidatesAttributes, DatabaseUserProvider, EloquentUserProvider and DatabaseTokenRepository. But it didn't work. I was following also all instances of the getAuthPassword() code looking for more clues.
My other solution was to place somewhere a code like this:
if(Hash::check('myHashedMasterPasswordString',$given_password))
Auth::login($user);
But I can't find a good place for that in middlewares, providers, or controllers.
I already learned some Auth features, for example, I succeed in changing email authentication for using user login, but I can't figure out, how the passwords are working here. Could you help me with the part that I'm missing? I would appreciate it if someone could explain to me which parts of code should I change and why (if it's not so obvious).
I would like to follow code execution line by line, file by file, so maybe I would find a solution by myself, but I feel like I'm jumping everywhere without any idea, how this all is connected with each other.
First of all, before answering the question, I must say that I read the comments following your question and I got surprised that the test you made returning true in validateCredentials() method in EloquentUserProvider and DatabaseUserProvider classes had failed.
I tried it and it worked as expected (at least in Laravel 8). You just need a an existing user (email) and you will pass the login with any non-empty password you submit.
Which of both classes are you really using (because you don't need to edit both)? It depends of the driver configuration in your auth.php configuration file.
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
As you already thought, you can simply add an "or" to the validation in the validateCredentials() method, comparing the $credentials['password'] to your custom master password.
Having said that, and confirming that's the place where you'd have to add your master password validation, I think the best (at least my recommended) way to accomplish your goal is that you track the classes/methods, starting from the official documentation, which recommends you to execute the login through the Auth facade:
use Illuminate\Support\Facades\Auth;
class YourController extends Controller
{
public function authenticate(Request $request)
{
//
if (Auth::attempt($credentials)) {
//
}
//
}
}
You would start by creating your own controller (or modifying an existing one), and creating your own Auth class, extending from the facade (which uses the __callStatic method to handle calls dynamically):
use YourNamespace\YourAuth;
class YourController extends Controller
{
//
public function authenticate(Request $request)
{
//
if (YourAuth::attempt($credentials)) {
//
}
//
}
}
//
* #method static \Illuminate\Contracts\Auth\Guard|\Illuminate\Contracts\Auth\StatefulGuard guard(string|null $name = null)
//
class YourAuth extends Illuminate\Support\Facades\Facade
{
//
}
And use the same logic, overriding all the related methods in the stack trace until you get to use the validateCredentials() method, which in the end will also be overrided in your own CustomEloquentUserProvider class which will be extending fron the original EloquentUserProvider.
This way, you will have accomplished your goal, and kept a correct override of the whole process, being able to update your laravel installation without the risk of loosing your work. Worst case scenario? You'll have to fix any of your overriding methods in case that any of them has drastically changed in the original classes (which has a ver low chance to happen).
Tips
When making the full overriding, maybe you'll prefer to add some significant changes, like evading the interfaces and going straight for the classes and methods you really need. For example: Illuminate/Auth/SessionGuard::validate.
You would also wish to save your master password in an environment variable in your .env file. For example:
// .env
MASTER_PASSWORD=abcdefgh
and then call it with the env() helper:
if ($credentials['password'] === env('MASTER_PASSWORD')) {
//
}
Nice journey!
A more complete solution would be the define a custom guard and use that instead of trying to create your own custom auth mechanism.
Firstly, define a new guard within config/auth.php:
'guards' => [
'master' => [
'driver' => 'session',
'provider' => 'users',
]
],
Note: It uses the exact same setup as the default web guard.
Secondly, create a new guard located at App\Guards\MasterPasswordGuard:
<?php
namespace App\Guards;
use Illuminate\Auth\SessionGuard;
use Illuminate\Support\Facades\Auth;
class MasterPasswordGuard extends SessionGuard
{
public function attempt(array $credentials = [], $remember = false): bool
{
if ($credentials['password'] === 'master pass') {
return true;
} else {
return Auth::guard('web')->attempt($credentials, $remember);
}
}
}
Note:
You can replace 'master pass' with an env/config variable or simply hardcode it. In this case I'm only checking for a specific password. You might want to pair that with an email check too
If the master pass isn't matched it falls back to the default guard which checks the db
Thirdly, register this new guard in the boot method of AuthServiceProvider:
Auth::extend('master', function ($app, $name, array $config) {
return new MasterPasswordGuard(
$name,
Auth::createUserProvider($config['provider']),
$app->make('session.store'),
$app->request
);
});
Fourthly, in your controller or wherever you wish to verify the credentials, use:
Auth::guard('master')->attempt([
'email' => 'email',
'password' => 'pass'
]);
Example
Register the route:
Route::get('test', [LoginController::class, 'login']);
Create your controller:
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Auth;
class LoginController
{
public function login()
{
dd(
Auth::guard('master')->attempt([
'email' => 'demo#demo.com',
'password' => 'master pass'
]),
Auth::guard('master')->attempt([
'email' => 'demo#demo.com',
'password' => 'non master'
]),
);
}
}
and if you hit this endpoint, you'll see:
Where true is where the master password was used and false is where it tried searching for a user.
Final Thoughts
From a security standpoint you're opening yourself up to another attack vector and one which is extremely detrimental to the security of your system and the privacy of your users' data. It would be wise to reconsider.
This validation of credentials should ideally be separated from your controller and moved to a Request class. It'll help keep your codebase more clean and maintainable.
Instead of trying to roll your own, you could as well as use a library, which does just that:laravel-impersonate (it's better tested already). This also comes with Blade directives; just make sure to configure it properly, because by default anybody can impersonate anybody else.
There even is (or was) rudimentary support available with: Auth::loginAsId().
Here is a possible solution.
To use a master password, you can use the loginUsingId function
Search the user by username, then check if the password matches the master password, and if so, log in with the user ID that it found
public function loginUser($parameters)
{
$myMasterHashPassword = "abcde";
$username = $parameters->username;
$password = $parameters->password;
$user = User::where('username', $username)->first();
if (!$user) {
return response("Username not found", 404);
}
if (Hash::check($myMasterHashPassword, $password)) {
Auth::loginUsingId($user->id);
}
}
(1/1) BadMethodCallException
Method [show] does not exist. in Controller.php (line 82)
I am new to Laravel and PHP and have been stuck on this error for a very long time with other questions not providing a solution. I was following an example (where the example worked) and made very little changes beside name changes.
Here is the code:
web.php file
Route::get('/', 'PagesController#home');
Route::get('faq', 'PagesController#faq');
Route::resource('support', 'UserInfoController');
UserInfoController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\UserInfo;
class UserInfoController extends Controller
{
//
public function create(){
$userInfo = new UserInfo;
return view('contact', ['userInfo' => $userInfo]);
}
public function store(Request $request){
$this->validate($request, [
'name' => 'required',
'email' => 'required',
'subject' => 'required',
'description' => 'required',
]);
UserInfo::create($request->all());
return redirect()->route('contact')->with('success','Enquiry has been
submitted successfully');
}
}
UserInfo.php
namespace App;
use Illuminate\Database\Eloquent\Model;
class UserInfo extends Model {
protected $fillable = [
'name','email','subject','description',
];
}
The Route::resource is the one giving me the problem as I am trying to access the page support/contact. Would be very grateful if someone knew how to solve this.
That is because you are doing resource routes in your routes.php file that generates all the routes for the CRUD functions when you have to generate a route for the show method you find that it does not exist.
To solve it only creates the methods that you ask or, also you can define only the routes that you need.
The controller is trying to invoke the 'show' method - which you should have defined if you're going to load /support/{id} via GET in your browser. You can see the expected methods for a resource here:
https://laravel.com/docs/5.4/controllers#resource-controllers
You can also make your life somewhat easier by starting with a valid controller by using the built in generator:
php artisan make:controller UserInfoController --resource
If you don't want to supply ALL the methods, you have to specify, for example:
Route::resource('support', 'UserInfoController', ['only' => [
'create', 'store'
]]);
Have you added method Show to your Controller ? Route::Resource has 7 basic routes:
Verb Path Action Route Name
GET /support index support.index
GET /support/create create support.create
POST /support store support.store
GET /support/{support} show support.show
GET /support/{support}/edit edit support.edit
PUT /support/{support} update support.update
DELETE /support/{support} destroy support.destroy
As you see there is a route called show which will be default when you route to support so you must connect this route to it's method in the controller which is in resource case CONTROLLER/show, however in your case you're trying to get a static page from a prefix called support which is different from resources because show in resource handling dynamic results.
Use this syntax to get a page called contact from prefix called support
Route::prefix('support')->group(function () {
Route::get('contact', function () {
// Matches The "/UserInfoController/contact" URL
});
});
I am a totally newbie to Laravel, but after following lots and lots of guide, my project was really going well.
Now, I have a user table named UsersTable, which is going to store both Username and Password.
However, after trying php artisan make:auth and a lot of Googling, I found no clear, exact way of defining both the User table name, and the Username-Password field used for authentication.
I've tried the original Email-Password authentication on the table named users on another project I created for trying this, and it works like a charm. I believe that as Laravel already provide the authentication system, why reinvent the wheels when (I believe) there's a way to customise it.
Thanks in advance! :D
Use php artisan make:auth and then :
To change the default table from users which uses the User model
you have to navigate to : config/auth.php
And make these changes
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\UsersTable::class, //put the right model name here or you can use database driver
],
],
To change the table for an eloquent model you can do this
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
class UsersTable extends Model
{
/**
* The table associated with the model.
*
* #var string
*/
protected $table = 'UsersTable';
}
To change the default login credential from email to user name , just add this to the Authcontroller generated by laravel
class AuthController extends Controller
{
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
protected $redirectTo = '/home';
protected $username = 'username'; // you can put whatever column you want here from your table
Now
edit laravel generated Views and change the email input name to name="username" then extend the main.blade.php, do some styling and you are good to go i guess
EDIT : Dont forget to change the validation stuff
Laravel basic authentication system is not the fastest way to create your own auth method ... I suggest to you Sentinel Package to customize your authentications ...
for example to authenticate your user by using user name you can do like this :
Sentinel::authenticate(array(
'username' => 'john.doe',
'password' => 'foobar',
));
for me it's the fastest way to customize your authentication method i hope that will help you.
I try to use the package Laravel\Socialite in my system in Lumen (5.1)
I added this in the config\services.php file :
<?php
//Socialite
'facebook' => [
'client_id' => '##################',
'client_secret' => '##################',
'redirect' => 'http://local.dev/admin/facebook/callback',
],
In bootstrap\app.php file :
class_alias(Laravel\Socialite\Facades\Socialite::class, 'Socialite');
$app->register(Laravel\Socialite\SocialiteServiceProvider::class);
Then I created a controller for the facebook authentication :
<?php
namespace App\Http\Controllers\Facebook;
use App\Http\Controllers\Controller;
use Laravel\Socialite\Contracts\Factory as Socialite;
class FacebookController extends Controller
{
public function redirectToProviderAdmin()
{
return Socialite::driver('facebook')->scopes(['manage_pages', 'publish_actions'])->redirect();
}
public function handleProviderCallbackAdmin()
{
$user = Socialite::driver('facebook')->user();
}
}
And in the routes.php :
$app->get('/admin/facebook/login', 'App\Http\Controllers\Facebook\FacebookController#redirectToProviderAdmin');
$app->get('/admin/facebook/callback', 'App\Http\Controllers\Facebook\FacebookController#handleProviderCallbackAdmin');
I just followed the documentation, changing according to my needs. When I go to page http://local.dev/admin/facebook/login, I get the following error :
Non-static method Laravel\Socialite\Contracts\Factory::driver() cannot be called statically, assuming $this from incompatible context
Indeed, according to the code, driver function must be instanciate.
EDIT : And if I try to instanciate this class, I get the following error :
Cannot instantiate interface Laravel\Socialite\Contracts\Factory
How do you make this module to work?
here's how that works in my case
in services.php file
'facebook' => [
'client_id' => '***************',
'client_secret' => '***************',
'redirect' => ""
],
i left redirect empty cause my site is multilingual (so, it fills in a bit later with sessions). if you use only one language, put there your callback absolute path. for example
"http://example.com:8000/my-callback/";
also check your config/app.php. in providers array
Laravel\Socialite\SocialiteServiceProvider::class,
in aliases array
'Socialite' => Laravel\Socialite\Facades\Socialite::class,
my routes look like this
Route::get('facebook', 'Auth\AuthController#redirectToProvider');
Route::get('callback', 'Auth\AuthController#handleProviderCallback');
here's auth controllers methods. put in top
use Socialite;
//იობანი როტ
public function redirectToProvider(Request $request)
{
return Socialite::with('facebook')->redirect();
}
public function handleProviderCallback(Request $request)
{
//here you hadle input user data
$user = Socialite::with('facebook')->user();
}
my facebook app
giga.com:8000 is my localhost (so its the same localhost:8000)
as you can see in Valid OAuth redirect URI, you should put there your callback. in my case i use three urls cause i have three languages. in your case it should be just
http://your-domain-name.com:8000/callback
if you work on localhost, you should name your domain in config/services.php
mine look like this
'domain' => "your-domain.com",
after everything run these commands
php artisan cache:clear
php artisan view:clear
composer dump-autoload
restart your server, clear your browser cookies. hope it helps