I am trying to load test a Laravel application, however I'm stuck at the very beginning. I am attempting a login with a POST request, but I'm always getting response code: 419. I have googled and asked around a bit to no avail.
So far, I have extracted the xsrf token from the GET request and am trying to append it as a header to the POST request. I'm not sure if I'm doing it correctly, however.
That's what my header manager looks like, I looked at the post request through dev tools when doing it manually and I tried to replicate it.
I really can't tell what I'm doing wrong. I don't think I can fix this by using a different tool.
For web routes you need to Disable CSRF, or put csrf on the jmeter.
For API routes you need to disable rate limiter. Just go to app/Http/Kernel.php and comment throttle:60,1 line
protected $middlewareGroups = [
...
'api' => [
// 'throttle:60,1',
],
];
Maybe you should disable these on test environment only, in most cases in the production these feature is needed.
Related
im using a package called https://github.com/garygreen/pretty-routes
there is line in its service provider boot() method (here the code)
it is defining a get route with middlewares from its config file(link to the code) I just added 'auth:web' to its config file but it seems the 'auth:web' middleware is called as soon as code reaches the line before Laravel bootstraps its session and etc. when the auth('web')->user() is yet null
What I can not understand is that I do the same exact thing (here the code)with laravel/telescope but it works. why ???
also changing :
Route::get(config('pretty-routes.url'), 'PrettyRoutes\PrettyRoutesController#show')
->name('pretty-routes.show')
->middleware(config('pretty-routes.middlewares'));
to :
$this->app['router']->get(config('pretty-routes.url'), 'PrettyRoutes\PrettyRoutesController#show')
->name('pretty-routes.show')
->middleware(config('pretty-routes.middlewares'));
in service provider seems to solve the problem and make this code behave like the way telescope package use 'auth:web' as middleware.
what's happening ?
You need to have the web middleware applied to any routes you need sessions for, which is what the default authentication system is using. When you apply the auth middleware without this it can't possibly resolve a user since there is no session to be authenticated against.
You need to apply the web middleware and then what ever other middleware you want:
'middlewares' => [
'web', 'auth:web',
],
If you look at the telescope example you provided you will see they also add the web middleware. So you didn't quite "do the same exact thing" as the telescope config.
I am making APIs in Laravel version 8.x for a third party system. For this, I have created few APIs and all routes are mentioned in routes/api.php
In our system, there are few APIs that can be accessible via GET request, that returns data without any authentication and parameters. Look at the routes below in api.php:
//routes/api.php
Route::group(['namespace' => 'App\Http\Controllers\WebServices'], function() {
Route::get('event_types', 'EventWs#getEventTypes');
Route::get('event_type/{event_type_id}', 'EventWs#getEventTypeById');
});
Look at the both routes above. The route having segment is working fine with GET request, but the route without any segment is not calling. This is just a simple GET request without any segment or query string.
I am working on Laravel from past few months, but this issue is strange to me. May be there could be some kind of middleware that prevent GET (without segment or query string) route execution. But I am not able to find reason or that unknown barrier.
Have anyone idea about why this happening or I am missing something?
Please Note that I am using Laravel 8.x
I'm building an API in Laravel 5.4, using Laravel Passport 3 for authentication. All of my API methods return a set of values that are always returned, success, errors (if there are any errors) etc.
I've changed the response of a \Illuminate\Auth\AuthenticationException throws, to fit with the rest of my app, however I'm not sure how to change the response of various token grant responses, without doing something horrible like editing the vendor files.
I think you can use middleware to change your response.
From laravel documentation:
Before & After Middleware
Whether a middleware runs before or after a
request depends on the middleware itself.
You can capture the response and re-format the response.
You can use laravel's setContent method to set the content in response. Check here.
What you are trying to do here is not supported by the library, so whatever you do will be hacky and will probably break the compatibility with future versions of laravel/passport.
In my opinion, you can only choose between those 2 options:
Instead of declaring passport routes (Passport::routes()) you can declare equivalent routes to your custom methods. Those method internally calls Passport classes and methods, handling passport returning values before returning them to the user. It requires a lot of digging into passport code but, at the same time, if you only add some fields (success or error) you should be able to update your code without too much effort when updating the library.
Fork laravel/passport and modify it to suit you needs. This solution in not as messy as the first, but a merge with new versions of passport in the future will probably be hard.
Of course, both are not great solutions. Keeping the standard passport responses or use a more suitable library are better options: I assume they are not feasible if you are asking.
Another way - create proxy routes for your purposes.
Route::post('custom-auth/token', function (Request $request) {
$proxy = Request::create('oauth/token', 'POST', $request->request->input());
$response = app()->handle($proxy);
return responseCallback($response);
});
Where responseCallback your custom response modificator function.
Hello I am trying to create my venues registration values from Laravel API (POST URL) and I am doing right when I check with postman and it shows me the success values and when I give the same routes controllers and whatever I need I give to the mobile app developer and when he tried to run the same thing which is obviously working fine it does not work there it shows
CLIENT PROTOCOL EXCEPTION I does not understand what to do
Any help will highly appreciated
org.apache.http.client.HttpResponseException: client protocol exception
If you used the guzzle http package, it is bundled with the CLientException error class which is an extension of the laravel RuntimeException. This is caused by a a wrong url fed into the guzzle http library.
for instance a
$http = new guzzleclient;
$response = $http->post('localhost/stack/overflow', [
'form_params' => [
"params" => "params"
],
]);
make sure you change the 'localhost/stack/overflow' url to your current server url, else it will throw errors.
I hope this helps.. Cheers
Would like to check, I am fairly new to Bitbucket's new introduced webhook where previously i was using services where Bitbucket will execute a link to my site thus triggering a deployment script.
So since the old service is going to be depreciated soon, we all migrated to webhook instead. With the same implementation, I keep getting an error 500 upon commit/push/merge and there is no way for us to see the details for the error given. At first I thought it was my server giving problem but when i call the link manually via browsers and everything was fine. The deployment script can be executed successfully so then why bitbucket's webhook keeps telling me error 500?
Subsequently I find the guide given by Bitbucket was not helpful. There is no specified call method to the url stated so is the webhook initiates a GET or POST request? previously using services initiates a POST request. Then, are there any necessary payloads i need to include into the webhook URL? None is stated. Then, if there is an error at least let me see the error so I can fix it instead of telling me error 500.
I hope someone here can help me with this issue. Below are some specification of the site.
Server : Ubuntu LEMP 14.04 x64 Laravel framework 5.0
Webhook Url: bot.example.com/bitbucket/deploy/{Site API}
Method : GET
And when the abode link is call, it reaches a controller that does
public function attemptDeploy($site_api)
{
$script = 'nohup setsid php ~/scripts/deploy.php ' . $site_api. ' > /dev/null 2>&1 &';
exec($script);
return response('Deploy running.', 200);
}
Note that when i call this link manually either form browser or console everything works perfectly except from bitbucket's webhook. How can i solve this issue?
I was in the same situation. Bitbucket trims the body of the response and I couldn't see the error given by my server.
I've looked into the logs storage/logs/laravel.log and saw TokenMismatchException. Webhooks being API calls they don't store cookies or sessions so CSRF from Laravel breaks.
You need to add an exception from CSRF for the bitbucket deploy route. You can add this exception in app/Http/Middleware/VerifyCsrfToken.php. For example if your link is www.your_site.com/bit_deploy you will have:
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* #var array
*/
protected $except = [
'bit_deploy'
];
}
Hope that this helps you ... as I've lost 3 hours on this.
PS: at the time of writing this answer, bitbucket webhooks performs POST calls (not GET)