I created unique url registration, when someone uses link, he will be able to register to my app.
The only problem is, my signed route is invalid and gives 0 on hasValudSignature, where might be the problem?
My register function in RegisterController:
public function register(Request $request) {
abort_unless($request->hasValidSignature(), 403, 'That link has expired or is no longer valid!');
//they can register now
}
My URL generator:
$url = URL::temporarySignedRoute(
'register',
now()->addDays(7)
);
After using my user index view it is displayed on page so I can copy link for new user. However when I try to register using this link, at the end I've got information about wrong Validation (error I made by myself to prevent from registering unauthorized people)
Is my $url written wrongly?
Edit
For some reason after typing in console php artisan route:list
I've got error that
ReflectionException::("Class "UserController" does not exist")
How might this be possible?
Edit
After remakeing controller, I'm back to the original problem with hasValidSignature
Related
Route::post('order', 'OrderController#store')->name('order');
When I browse to the URL http://127.0.0.1:8000/order it shows the error:
The GET method is not supported for this route. Supported methods: POST.
Which is the correct.
But I want to redirect user to home page instead of showing this error.
First of all note that what you are trying to do seems like an anti-pattern for Laravel. Accessing a route with the wrong method should be denied!
I currently do not know about altering the default way of handling the wrong method error and I wouldn't advise to do that. But you can work around it:
Patching
Method 1
Keep your routes file clean but alter the original route line and add some lines to the beggining of the controller method
Route::match(['get', 'post'], 'order', [OrderController::class, 'store'])->name('order');
public function store(Request $request)
{
if ($request->isMethod('get')) {
return to_route('home');
}
// ...
Method 2
Keep your controller clean, but add a line to your routes file
Route::get('order', fn () => to_route('home'));
I just applied the laravel email-verification and wanted to make sure my users are verified, before entering page behind the login.
I added the follwing code:
class User extends Authenticatable implements MustVerifyEmail
...
Auth::routes(['verify' => true]);
...
Route::get('management', function () {
// Only verified users may enter...
})->middleware('verified');
If a user registers he gets a note and an email to verify his mail. He clicks the button in the mail, gets verified and everything works perfectly well.
But I discovered another case:
If the user registers and won't verify his mail, he will always get redirected to email/verify.
For example if accidentally having entered a wrong email, he can't even visit the register page, because even on mypage.com/register he gets redirected to mypage.com/email/verify!
Is this done on purpose by Laravel? Did I miss something? Do I have to / is it possible to exclude the login/register pages from verification?
Thank you in advance
I have this issue before, I have this way to resolve that, if you want to customize it you can consider this way.
In LoginController.php you can add this a little bit code, I overwriting the default login method:
public function login(Request $request)
{
$this->validateLogin($request);
$user = User::where($this->username(), $request->{$this->username()})->first();
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($user->hasVerifiedEmail()) {
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
})
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
You can overwrite and add a new parameter to the sendFailedLoginResponse too to let the method know when to redirect to email/verify page or just add else in $user->hasVerifiedEmail() if block to redirect him to email/verify page
EDIT:
You can delete $this->middleware('guest') in LoginController and RegisterController to make logged in user can go to register and login page, but it will be weird if someone who already logged in can login or register again.
I had the same problem and I solved it very user friendly... (I think!)
First: Inside View/Auth/verify.blade.php put a link to the new route that will clear the cookie:
My mail was wrong, I want to try another one
Second: On your routes/web.php file add a route that will clear the session cookie:
// Clear session exception
Route::get('/clear-session', function(){
Cookie::queue(Cookie::forget(strtolower(config('app.name')) . '_session'));
return redirect('/');
});
This will clear the cookie if the user press the button, and redirect to home page.
If this doesn't work, just make sure that the cookie name you are trying to forget is correct. (Use your chrome console to inspect: Application -> cookies)
For example:
Cookie::queue(Cookie::forget('myapp_session'));
I'm using laravel 5.8 and "laracasts/flash": "^3.0"
Within my application all redirections and flash messages are working well except for this very specific piece of code.
/* Controller */
public function show( Test $test) {
$test->checkPermission();
...
}
/* Model */
public function checkPermission()
{
flash()->warning('You can not have access to this.');
return redirect( route('home' ) )->send(); //Notice the send()
}
If i'm using this code with the ->send()(that I never used before) I'm well redirected to the homepage but without flash message.
If I remove the ->send(), I have got the flash message but I'm not redirected.
I also tried to remove the flash() and using redirect()->with(). Then the session is containing the message and I'm redirected. But I want to use flash() or atleast undertand why it's not working for this specific use-case.
The controller should return the redirect, not the check permission. Try to return what check permission is returning in the controller.
Try adding the web middleware on your routes. or ensure the web middleware group contains the StartSession middleware.
via https://laracasts.com/discuss/channels/laravel/auth-session-killed-after-redirect-laravel-52/replies/124991
I'm getting Token required error while already Enabled route option but still, it's not working.
by using this library : https://github.com/JoeDawson/youtube
could you help me to solve this problem?
Code :
class VideoController extends BaseController {
public function __construct(){
}
public function store(Request $request){
$video = Youtube::upload($request->file("video")->getPathName(), [
'title' => 'My Video',
'description' => 'This video is uploaded through API.',
'tags' => ['api', 'youtube'],
]);
return $this->sendResponse($video);
}
}
According to the documentation of that package you need to do these steps, because you may have problem with refresh_token (I guess you don't have any token in your database which must be created after logging in google)
It's important that before you begin uploading a video, you have confirmed that you have a refresh_token in your database if not these steps have to be helpful.
1- Delete all of your tokens in the youtube_access_tokens table.
2- Enable routes in youtube.php
3- Re-authenticate with Google
4- Check your youtube_access_tokens table and find the most recent token.
5- Review the token and ensure a refresh_token exists.
6- Disable authentication routes in config/youtube.php
briefly, for creating a token You need to visit your Google console and add your URL as the callback (localhost).
Then in your app, visit http://localhost:8000/youtube/auth - you will be redirected to Google and will be asked to log in. This is when you get a token and then you may not see that error again!
Another newb question here, but hopefully someone can shed some light:
I am using Socialite with Laravel 5, and I want to be able to redirect the user to a page on the site after they have logged in. The problem is that using
return redirect('any-path-I-put-here');
simply redirects back to 'social-site/login?code=afkjadfkjdslkfjdlkfj...' (where 'social-site' is whatever site is being used i.e. facebook, twitter, google, etc.)
So, what appears to me to be happening is that the redirect() function in the Socialite/Contracts/Provider interface is overriding any redirect that I attempt after the fact.
Just for clarification, my routes are set up properly. I have tried every version of 'redirect' you can imagine ('to', 'back', 'intended', Redirect::, etc.), and the method is being called from my Auth Controller (though I have tried it elsewhere as well).
The question is, how do I override that redirect() once I am done storing and logging in the user with socialite? Any help is appreciated! Thank you in advance.
The code that contains the redirect in question is:
public function socialRedirect( $route, $status, $greeting, $user )
{
$this->auth->login( $user, true );
if( $status == 'new_user' ) {
// This is a new member. Make sure they see the welcome modal on redirect
\Session::flash( 'new_registration', true );
return redirect()->to( $route );// This is just the most recent attempt. It originated with return redirect($route);, and has been attempted every other way you can imagine as well (as mentioned above). Hardcoding (i.e., 'home') returns the exact same result. The socialite redirect always overrides anything that is put here.
}
else {
return redirect()->to( $route )->with( [ 'greeting' => $greeting ] );
}
}
... The SocialAuth class that runs before this, however, is about 500 lines long, as it has to determine if the user exists, register new users if necessary, show forms for different scenarios, etc. Meanwhile, here is the function that sends the information through from the Social Auth class:
private function socialLogin( $socialUser, $goto, $provider, $status, $controller )
{
if( is_null( $goto ) ) {
$goto = 'backlot/' . $socialUser->profile->custom_url;
}
if( $status == 'new_user' ) {
return $controller->socialRedirect($goto, $status, null, $socialUser);
}
else {
// This is an existing member. Show them the welcome back status message.
$message = 'You have successfully logged in with your ' .
ucfirst( $provider ) . ' credentials.';
$greeting =
flash()->success( 'Welcome back, ' . $socialUser->username . '. ' . $message );
return $controller->socialRedirect($goto, $status, $greeting, $socialUser);
}
}
I managed to workaround this problem, but I am unsure if this is the best way to fix it. Similar to what is stated in question, I got authenticated callback from the social media, but I was unable to redirect current response to another url.
Based on the callback request params, I was able to create and authenticate the user within my Laravel app. It worked good so far but the problems occured after this step when I tried to do a return redirect()->route('dashboard');. I tried all the flavours of redirect() helper and Redirect facade but nothing helped.
The blank page just stared at my face for over 2 days, before I checked this question. The behaviour was very similar. I got redirect from social-media to my app but could not further redirect in the same response cycle.
At this moment (when the callback was recieved by the app and user was authenticated), if I refreshed the page manually (F5), I got redirected to the intended page. My interpretation is similar to what's stated in this question earlier. The redirect from social-media callback was dominating the redirects I was triggering in my controller (May be redirect within Laravel app got suppressed because the redirect from social-media was still not complete). It's just my interpretation. Experts can throw more light if they think otherwise or have a better explaination.
To fix this I issued a raw http redirect using header("Location /dashboard"); and applied auth middleware to this route. This way I could mock the refresh functionality ,redirect to dashboard (or intended url) and check for authentication in my DashboardController.
Once again, this is not a perfect solution and I am investigating the actual root of the problem, but this might help you to move ahead if you are facing similar problem.
I believe you are overthinking this. Using Socialite is pretty straight forward:
Set up config/services.php. For facebook I have this:
'facebook' => [
'client_id' => 'your_fb_id',
'client_secret' => 'your_fb_secret',
'redirect' => '>ABSOLUTE< url to redirect after login', //like: 'http://stuff'
],
Then set up two routes, one for login and one for callback (after login).
In the login controller method:
return \Socialize::with('facebook')->redirect();
Then in the callback function
$fb_user = \Socialize::with('facebook')->user();
// check if user exists, create it and whatnot
//dd($fb_user);
return redirect()->route('some.route');
It should be pretty much similar for all other providers.
We are using the Socialite login in our UserController as a trait. We simply overrode the AuthenticatesSocialiteLogin::loginSuccess() in our controller.
use Broco\SocialiteLogin\Auth\AuthenticatesSocialiteLogin;
class UserController extends BaseController
{
use AuthenticatesSocialiteLogin;
public function loginSuccess($user)
{
return redirect()->intended(url('/#login-success'));
}
....