Can you help me I would like to make a user registration with fortify where the validation of the mail is done with a call to an external api or otherwise to a json. And after verifying that if the email exists, proceed to register otherwise a warning message that you can not register on the site.
Greetings,
Related
I am trying to use a API which has a postable address where you can verify if a customer's username/password is correct, if so it returns a user ID.
What would be the best way of handling this, I need to query that postable API from the login form on my Laravel website to see whether or not a username / password is validated.
How can I use Laravel's Middleware to store a USER ID and session securely?
How can I create a Laravel session to allow someone to login to my Laravel site using their WHMCS client login?
The API I am using is https://developers.whmcs.com/api-reference/validatelogin/
Why does laravel need authentication while sending mails? Is it possible to send mail without authentication just a valid email id?
I'm using Laravel 7.x and sanctum. Logins are working and I would like to create a Forgot Password option from my SPA application.
I'm struggling with the basics as most of the examples in the documentation rely on the auth scaffolding. So far I've managed to get the following:
I have a controller class called ForgotPasswordController with a method called reset that receives the email to be reset via POST.
I've created a object: $user = User::where('email', $email)->get()->first();
At this point I'm too unfamiliar with the architecture to know where to go next, whether it's the Password facade, I see some additional classes in the Illuminat\Auth\Password namespace. My goal is to create an expiring token, email it to the user via the default email config (I know how to send the email / design the template) and then be able to make the webservice call that will allow the password to be resolved.
Here's what I think I know...
I've set CanResetPassword trait on my user models, which I believe are necessary to support the native methods for password reset
I believe the goal is to create a reset token keyed against the user email that expires after a period of time, then send that token appended to a url in an email (I don't know the architectural implications surrounding the generation of the token beyond the table row)
There's a Password facade with a sendResetLink method - but this
method can't work for spa applications because the base url of the
client app will be different, so I'm assuming something native will have to be re-written. In fact, calling this method will return an error of Route [password.reset] not defined.
I'm assuming I will need the password Facade, if so, what is the method to generate the token? Should I just email the link with the token appended or are there other architectural considerations to support the token expiration?
Apologies if my questions are flawed, I'm unclear on the architecture so I'm making assumptions.
Have you tried Laravel authentication? All authentication requirements have been moved to a package called laravel/ui.
By installing that package you can use Laravel authentication. It will take care of your registration, login, and forgot password processes.
This package will create some controllers for all those processes and those you need for forgot password are
ForgotPasswordController: will generate and send reset password links.
ResetPasswordController: will reset the password by getting user's email, new password, and reset password token.
But if you don't want to use the official Laravel package you should take these steps:
Show a "Request reset password form" to the user.
Validate the provided email by the user.
Generate a random reset password token and store it at DB (Need a table with at least two fields: email and token).
Send that token to the user(It's better if you send it as a URL parameter in the reset password link).
When the user navigated to the reset password page, ask for email again and validate the token by checking your DB table and matching the email and token.
Reset the password to whatever the user wants at this point.
Update: I use this piece of code for generating random tokens:
$email = 'user#email.com';
$token = \Illuminate\Support\Str::random(10);
while(\DB::table('reset_password_tokens')->where('token', $token)->exists()) {
$token = \Illuminate\Support\Str::random(10);
}
\DB::table('reset_password_tokens')->insert(compact('email', 'token'));
I've written a custom provider that overwrites the e-mail configuration settings in mail.php with values populated from a database. I have a feature in my app that lets users tests the e-mail configuration entered into the system.
I can test whether current credentials are valid by calling Mail::send(). If the configuration isn't valid, the send() method will return a reason on why sending the e-mail failed.
Is there anyway for me to check configuration without actually sending an e-mail?
You can use Mail::fake(); that doesn't send the email.
In you /config/mail.php set email driver from smtp to log. I usually do it in .env
MAIL_DRIVER=log
Then send the mail as usual. You'll get a log with your email in it in /storage/logs/laravel.log This would be the easiest method. Further you can use services like mailtrap.io or mailthief
I am writing a code in salesforce to update Email signature using the API documentation mentioned in https://developers.google.com/admin-sdk/email-settings/. I am using a 3 legged approach.
Considering that this is an API for domain admins, My questions is
can a user ( non - admin) provide authorization for this API ?.
And can the access token returned as a result of this authorization be used to update his email signature. ?
Right now I am getting an Error 403- "you are not authorized to access this API
Note that this is working fine if a domain admin provide authorization and his access token is used to update his/ any user's email signature
Thanks for your help
With the new updates on the GMAIL Api you can get the user signature by using the method "Users.settings.sendAs: get" explained here https://developers.google.com/gmail/api/v1/reference/users/settings/sendAs/get and it does not require the user to be an admin. This method returns a Users.settings.sendAs resource in the response body and this resource contains the property signature which you can manipulate.
Hope it helps!