I have the following problem: Always when I try to log in, on the first attempt the page is just reloading without performing any action like showing up a message for wrong credentials or something like this. On the second attempt everything works fine. Any ideas?
Laravel version: 8
After many, many researches for this kind of problem I think I found my specific solution. I've actually built a route long time ago for logging out which had the following code:
Auth::logout();
return redirect()->route('site.home');
I have no idea why I've created and used this route at all. According to jetstream's core code and my understandings that's not how you fully logout a user and destroy session. But here's how:
/**
* Destroy an authenticated session.
*
* #param \Illuminate\Http\Request $request
* #return \Laravel\Fortify\Contracts\LogoutResponse
*/
public function destroy(Request $request): LogoutResponse
{
$this->guard->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return app(LogoutResponse::class);
}
I've tested it right now and everything works fine.
Related
I've encountered a pretty weird problem if I say so, a user of an API is reporting that the rate limit of the API is exceeded, when checking this, it seems that the rate-limit is not bound to a specific user, but rather to all users at once.
So when user 1 does an request, the rate-limit for other users will get lowered too.
I've tested this using Postman whilst using two separate Bearer tokens (generated for two unique users)
Does anyone have an idea?
Laravel’s built in throttle middleware bases the limitation on the user’s ip address.
see https://github.com/illuminate/routing/blob/master/Middleware/ThrottleRequests.php
protected function resolveRequestSignature($request)
{
if ($user = $request->user()) {
return sha1($user->getAuthIdentifier());
}
if ($route = $request->route()) {
return sha1($route->getDomain().'|'.$request->ip());
}
throw new RuntimeException('Unable to generate the request signature. Route unavailable.');
}
This would explain why you are seeing the limitations you are in your local test. Depending on your end user's use case, it likely explains their issues as well. Are one or more person testing it with different usernames but from the same physical location?
If you think about what the goals of a throttle like this are, this makes good sense. The use case of the throttle starting over when the same end user start using a new username to try to log in only really makes sense in a testing scenario, and is problematic in production environments.
If you do want to alter this behavior, you could make a new custom middleware in the folder app/Http/Middleware which extends the base Illuminate\Routing\Middleware\ThrottleRequests.
Within your custom middleware, you could then override the method resolveRequestSignature() and change it from ip to something else.
You don’t have an authenticated user to work with, so your choices are limited.
If you have users passing in an api key header, that is a reasonable option. Depending on how you have that set up, it would look something like this:
<?php
namespace App\Http\Middleware;
use Illuminate\Routing\Middleware\ThrottleRequests;
/**
* Class ApiKeyBasedThrottleRequests
*
*
*
* #package App\Http\Middleware
*/
class SessionBasedThrottleRequests extends ThrottleRequests
{
/**
* Override the default, which returns as signature
* sha1($route->getDomain().'|'.$request->ip());
*
* Resolve request signature.
*
* #param \Illuminate\Http\Request $request
* #return string
*
* #throws \RuntimeException
*/
protected function resolveRequestSignature($request)
{
if ($user = $request->user()) {
return sha1($user->getAuthIdentifier());
}
if ($route = $request->route()) {
return sha1($route->getDomain().'|'. $request->header('api-key'));
}
throw new RuntimeException('Unable to generate the request signature. Route unavailable.');
}
}
You would then need to update the reference to the middleware in the file app/Http/Kernel in the array $routeMiddleware. Change the value assigned to the key throttle to point to your new custom middleware, App\Http\Middleware;\ApiKeyBasedThrottleRequests::class instead if \Illuminate\Routing\Middleware\ThrottleRequests::class
If you don't have an api key to work with you could think also about session id, but if a single user is trying different usernames from the same browser session, you will still be having the same problem. In that scenario, you could advise the user to restart their browser and try again. However, this basically creates a workaround to the intent of the throttle.
Think carefully and tread lightly with how you approach this. While it makes sense to make things flexible so you don’t block users, keep in mind one of the intents of the throttle is to stop potential malicious users from brute force attacks to discover working username/password combinations. Anything you do here could give them a potential workaround.
How do I make the onAfterRender to be called last?
The problem is I wan't to make changes to the JResponse:getBody() when everything is all done.
But sadly to say the custom plugin that I created is not being called in last, so after I do my changes to the content there is another plugin that will do its changes, which is not good on my side.
Is there any other way or setup to do, in order my onAfterRender get call in last?
[update]
Found and answer from Joomla Forum, but still not working that changing the ordering of plugin to the last, this might work but for some other reason the other plugin is still not following the order.
As of now, I guess the sequence of constructing the plugin is fine but the event is a bit odd.
My theory is Custom Plugin might have a less process which will call the onAfterRender than the Other Plugin instead of being in a sequence of Other Plugin __construct ()Custom Plugin __construct ()Other Plugin onAfterRender ()Custom Plugin onAfterRender ()
I manage to fix the issue by detaching and attaching it on JEventDispatcher::getInstance();
/**
* [onAfterInitialise description]
* #return [type] [description]
*/
public function onAfterInitialise()
{
$dispatcher = JEventDispatcher::getInstance();
$dispatcher->detach($this);
$dispatcher->attach($this);
}
/**
* [onBeforeRender description]
* #return [type] [description]
*/
public function onBeforeRender()
{
$dispatcher = JEventDispatcher::getInstance();
$dispatcher->detach($this);
$dispatcher->attach($this);
}
Still I'm in question, hope someone could explain it to me :)
I am using Laravel and PHPStorm.
The auto completion works for all models, just not for the 'User', when I call it with Auth::user().
When I call the Auth::user() I get the right user object, but the return type of Auth::user() is Authenticatable and not User. So I get no code completion for my user object which is very anoying because I use it very often. I think the problem has something to do with the return type of Auth::user() because it is Authenticatable and not User.
In the config/auth.php I already set the model to app/User::class.
Can you tell me how to cast the return value to the User model?
In this example you can see the behaviour.
Add laravel-ide-helper package to your project - https://github.com/barryvdh/laravel-ide-helper.
The package generates a help file for the IDE with all the Facades and their functions.
It fixes the Facades auto-completion so Auth::user() is fixes too
I know this is an old post, but I'm still seeing the issue, in spite of using ide-helper.
In my Laravel app, Eloquent model App\User is set for "User Providers" in /config/auth.php:
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
I just rebuilt the file _ide_helper.php by running:
php artisan ide-helper:generate
and this is what I see for Auth()::user()
* Get the currently authenticated user.
*
* #return \App\User|null \\this is desired
* #static
*/
public static function user()
{
/** #var \Illuminate\Auth\SessionGuard $instance */
return $instance->user();
}
Looking in the _ide_helper.php file, I see this:
Which results in undesired type hinting:
The end result, is that even with using the ide-helper, I'm still seeing the completion problems described by the OP.
The solution presented here solved a lot of related problems (the ide-helper package is a godsend), but I still have the OP's problem and the provided answer does not help.
Auth::user()
Auth is an Alias from ServiceProviders array in config/app.php if you directly use use Illuminate\Support\Facades\Auth;
you will get a nice completion in PHPstorm as well as Sublime but it depends on the IDE.
I'm running into a problem where the following email aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaanom#domaine.com is not valid according to this assertion on the Doctrine Entity using #Assert\Email for the email property.
I don't see any documentation detailing what the checks are for passing or failing this validation.
Curious to know where the code is or where I can find more documentation on what this assertion is doing...
Update, my whole assertions on that Entity property are:
/**
* #ORM\Column(type="string", length=511)
* #Filter\Trim()
* #Filter\StripNewlines()
* #Assert\NotBlank(message="email.error")
* #Assert\Email(message="email.error")
* #Assert\Length(min="6", max="150", minMessage="email.error", maxMessage="email.error")
* #Encrypted
*/
private $email;
Using Symfony 2.3
I believe Symfony\Component\Validator\Constraints\EmailValidator class is what you're looking for. Check source code
Symfony 2.3 Email validator uses the PHP var filter method
$valid = filter_var($value, FILTER_VALIDATE_EMAIL);
Which the internet leads em to believe uses similar to the following (ridiculous) regex (broken into multiple lines for readability)
^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?
\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}#)(?:(?:[\x21\x23-\x27\x2A\x2B\
x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\
x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\
x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:
\x5C[\x00-\x7F]))*\x22)))*#(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]
+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[
(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(
?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)
))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(
?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?
)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])
|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$
So make of that what you will.
In short, the local part of the email address is too long.
I'm not sure which part of regex decides that though.
Ok so i tried doing what this post says about adding code completion to zend studio, even with the libraries added code hinting/completion still fails to show. As my libraries are growing it's becoming more important to have this feature as i'm starting to forget what my methods were actually designed for or what there called. from within a controller, model maybe even view i would like to have it show after typing $this->router->(show completion) as an example. I have also added application/libraries path for my custom made libraries and they too wont show.
I have done a bit off google searching but most just say to do what the above post says. I attempted to try /* #var $var Class */ but wasnt able to assign it with a property eg. /* #var $this->router CI_Router */ only a standard variable..
This was solved simply by doing comment as such
/**
* #var CI_Loader
*/
$load
and not just doing
/* #var ........ */