I have a project with simple authentication by mysql database with username and password. I have simple form for authentication with 3 fields: pass, user and yubico key. I want to have two variants of authentication: by login+pass and by only yubico key. Now I created custom Authentication Provider by tutorial in this topic.
As a result, it does not work. I get this error log:
exception
'Symfony\Component\Security\Core\Exception\BadCredentialsException'
with message 'Bad credentials' in
E:\Dropbox\hmciAdmin\vendor\symfony\symfony\src\Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider.php:70
Stack trace: #0 E:\Dropbox\hmciAdmin\app\cache\dev\classes.php(183):
session_start() #1
E:\Dropbox\hmciAdmin\app\cache\dev\classes.php(277):
Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage->start()
My code here:
https://dl.dropbox.com/u/30086473/Authentication/Firewall/YubicoListener.php
https://dl.dropbox.com/u/30086473/Authentication/Provider/YubicoProvider.php
https://dl.dropbox.com/u/30086473/Authentication/Token/YubicoToken.php
https://dl.dropbox.com/u/30086473/Authentication/Token/config/services.yml
https://dl.dropbox.com/u/30086473/Authentication/Token/config/config/security.yml
UPDATE:
https://dl.dropbox.com/u/30086473/YubicoFactory.php - here Factory
UPDATE 2:
I solve this problem. The problem was that I used the same html form for both types of authorizations, but it was necessary to send yubico key to url of the page that is being protected. Now all work. Thanks all for help.
Related
I am facing a very strange problem. If I enter this following url in my browser it returns the user correctly
http://192.168.0.100:8000/app/getUser?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC8xOTIuMTY4LjAuMTAwOjgwMDBcL2FwcFwvbG9naW4iLCJpYXQiOjE1Nzk5NjAwMTcsImV4cCI6MjQyODU4ODAwMTcsIm5iZiI6MTU3OTk2MDAxNywianRpIjoiYlFiYXIyVEJIdVJNN1lUSCIsInN1YiI6MTcsInBydiI6Ijg3ZTBhZjFlZjlmZDE1ODEyZmRlYzk3MTUzYTE0ZTBiMDQ3NTQ2YWEifQ.KLsnS769zthfFWth5Z4BeWDP6K0zEQ5eTONpKdlJMbA
But if I send a get request from postman or my app, it gives me error like this
[2020-01-25 13:49:43] local.ERROR: Token Signature could not be verified. {"userId":17,"exception":"[object] (Tymon\\JWTAuth\\Exceptions\\TokenInvalidException(code: 0): Token Signature could not be verified. at /Users/mdzainalabedin/laravel/olvboxapi/vendor/tymon/jwt-auth/src/Providers/JWT/Lcobucci.php:137)
[stacktrace]
#0 /Users/mdzainalabedin/laravel/olvboxapi/vendor/tymon/jwt-auth/src/Manager.php(101): Tymon\\JWTAuth\\Providers\\JWT\\Lcobucci->decode('eyJ0eXAiOiJKV1Q...')
#1 /Users/mdzainalabedin/laravel/olvboxapi/vendor/tymon/jwt-auth/src/JWT.php(200): Tymon\\JWTAuth\\Manager->decode(Object(Tymon\\JWTAuth\\Token))
My function is this
public function getUserInfo(Request $request){
\Log::info($request);
return $user = JWTAuth::parseToken()->authenticate();
}
Both has valid same token but still gives different result. Any idea what could be wrong? Thank you.
your question is unclear about how you pass the token using postman
but i guess using the below method to passing the token would solve the problem:
Bearer
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC8xOTIuMTY4LjAuMTAwOjgwMDBcL2FwcFwvbG9naW4iLCJpYXQiOjE1Nzk5NjAwMTcsImV4cCI6MjQyODU4ODAwMTcsIm5iZiI6MTU3OTk2MDAxNywianRpIjoiYlFiYXIyVEJIdVJNN1lUSCIsInN1YiI6MTcsInBydiI6Ijg3ZTBhZjFlZjlmZDE1ODEyZmRlYzk3MTUzYTE0ZTBiMDQ3NTQ2YWEifQ.KLsnS769zthfFWth5Z4BeWDP6K0zEQ5eTONpKdlJMbA
I'm trying to implement Mailgun API serive for handle my emails, this is my code according to the documentation:
index.php
require 'vendor/autoload.php';
use Mailgun\Mailgun;
$mgClient = Mailgun::create("key-xxxxxxxxxxxxxxxxxxxxxxxxxxx");
$domain = "xxxxxxx.com";
$mgClient->sendMessage($domain,
array('from' => 'Dwight Schrute<dwight#xxxxxxx.com>',
'to' => 'Michael Scott <xxxx#xxxxx.com>',
'subject' => 'The Printer Caught Fire',
'text' => 'We have a problem.'));
var_dump($result);
composer.json
"require": {
"mailgun/mailgun-php": "^2.3",
"php-http/curl-client": "^1.7",
"guzzlehttp/psr7": "^1.4"
}
everything works fine but $result contains tons of data instead of simple return array with id and message "message was queued thank you". Another problem is when I simulate error to see what happen, unfortunately Mailgun make fatal error instead of connection exception which I can handle:
[30-Nov-2017 10:05:44 UTC] PHP Fatal error: Uncaught exception 'Mailgun\Connection\Exceptions\MissingRequiredParameters' with message 'The parameters passed to the API were invalid. Check your inputs! Free accounts are for test purposes only. Please upgrade or add the address to authorized recipients in Account Settings.' in /home/xxx/xxx/vendor/mailgun/mailgun-php/src/Mailgun/Connection/RestClient.php:254
Stack trace:
#0 /home/xxx/xxx/vendor/mailgun/mailgun-php/src/Mailgun/Connection/RestClient.php(110): Mailgun\Connection\RestClient->responseHandler(Object(GuzzleHttp\Psr7\Response))
#1 /home/xxx/xxx/vendor/mailgun/mailgun-php/src/Mailgun/Connection/RestClient.php(179): Mailgun\Connection\RestClient->send('POST', 'xxxxx.com...', Array, Array)
#2 /home/xxx/xxx/vendor/mailgun/mailgun-php/src/Mailgun/Mailgun.php(204): Mailgun\Connection\RestClient->post('xxxxx.com...', Array, Array)
#3 /home/xxx/xxx/vendor/mailgun/mailgun-php/src/Mailgun/Mailgun.php(135): Mailgun\Mailgun->post(' in /home/xxxxxx/vendor/mailgun/mailgun-php/src/Mailgun/Connection/RestClient.php on line 254
I'm using PHP 7 os linux no framework. What I'm doing wrong? Thanks for any advice.
This error occurs whenever utilizing either a sandbox domain or a free account without inviting users called Authorized Recipients. Free plans are intended for test usage and all custom domains require Authorized Recipients. With upgraded plans, custom domains no longer require Authorized Recipients.
Please take a look at the following Help Center article for more information about the Authorized Recipient process:
https://help.mailgun.com/hc/en-us/articles/217531258-Authorized-Recipients
For more information on upgrading, please review:
https://help.mailgun.com/hc/en-us/articles/203599840-How-do-I-upgrade-my-account-
Disclaimer I work at Mailgun
I am wanting to create a registration verification,
So far I have planned out, that my Users table should have a confirmation_code column, and an confirmed column. The confirmed column has a default value of 0 (boolean false).
I create the new User from registration and assign them a confirmation_code.
I then email them a link to the verify route, which expects this confirmation_code in the query string.
The method which handles the verify request will be checking to see if the query string parameter (confirmation_code) exists.
My question is :
If the confirmation_code is absent, should I use the abort(404) method? Or throw a custom exception?
public function verify($confirmation_code)
{
if ( ! $confirmation_code ) {
// abort(404)?
// or,
// throw new Exception?
}
Some feedback on when to use the abort method would be appreciated too.
It's actually your choice to choose what type of error handling and error logging you implement in your project.
As advice, I will say that using custom exceptions for missing field exceptions. is a better idea. You can read more about a 404 error in the given link:
404 error.
Also refer to laravel documentation for more details regarding error logging.
Having a weird issue. I have a portal I have developed which up until today has been working good in both the prod and dev environments. Today after running a composer update everything works great on dev environment but when I pushed it to production one of my pages stopped working. The page allows me to pull up a user account and modify certain fields(pretty straight forward).
As an example/test I have created a test function in the controller to spit out a specific users information:
public function getTest(){
$user = Sentry::findUserByLogin('XXXXX');
echo $user;
}
When I run this function on the dev side it shows all the information its suppose to. When on the production side I get this error:
production.ERROR: 500 - Method Cartalyst\Sentry\Users\Eloquent\User::__toString() must not throw an exception # /employees/admin/test
exception 'Symfony\Component\Debug\Exception\FatalErrorException' with message 'Method Cartalyst\Sentry\Users\Eloquent\User::__toString() must not throw an exception' in E:\sites\yaya.com\portal\app\src\employees\controllers\admin.php:0
Stack trace:
[internal function]: Illuminate\Exception\Handler->handleShutdown()
{main} [] []
I have not modified anything inside of Sentry or Eloquent.
Any ideas on what would cause this error? On the production side if I do a var_dump(user) it wont throw the error and I can see everything inside the protected fields. Or if I do echo $user->username it also works just fine. Problem is I need to return the user information as well as the groups the user is in to my JS to display it on my screen depending on the drop down selected for the user.
Finally figured it out! Not sure what happened but I started comparing rows of data in the database and found a few discrepancies. Pulled up the design view and sure enough a couple fields were different on production then my dev enviroment. Instead of "datetime" they were set to "smalldatetime" not sure what would have caused that but changed it to "datetime" and it all started working.
Thanks for the help Werewolf!
The most general case when this error is produced is mistype, when, f.e. instead of
{{ $user->id }}
Someone types
{{ $user }}
So error clearly says that method toString was called.
I am trying with Facebook API with codeigniter. While I am trying with get some basic information about the users like
$this->facebook->api('/me?fields=id,name,link,email,user_hometown,user_education_history,user_birthday&perms=publish_stream,create_event');
I am getting exception like
Exception: Unknown fields: user_hometown,user_education_history,user_birthday
But the documentation says it is fine. Any thoughts?
You don't need the "user_" prefix on "hometown", "education", and "birthday". You also don't need "_history" on "education". Try this in your API call instead:
'me?fields=id,name,link,email,hometown,education,birthday'