Email verification after registration using jwt auth on flutter - laravel

I have successfully coded the registration function and its working but I don't know how to send email confirmation link after registration successful. Because I am using JWT Auth for for login and sign up from flutter app with Laravel API.
My login code is:
public function loginapi(Request $request)
{
$input = $request->only('email', 'password');
$email = $request->email;
$jwt_token = null;
if (!$jwt_token = JWTAuth::attempt($input)) {
return response()->json([
'success' => false,
'message' => 'Invalid Email or Password',
]);
}
// get the user
$user = getuserbyemail($email);
$user_ver_status = $user->email_verified_at;
$verified;
if($user_ver_status != null || $user_ver_status != ''){
$verified = true;
}
else{
$verified = false;
}
return response()->json([
'success' => true,
'varified' => $verified,
'token' => $jwt_token,
'users' => $user
]);
}
My Registration Code is:
public function registerapi(Request $request)
{
$sponsor = $request->sponsor;
$username = $request->username;
$email = $request->email;
//$phone = $request->phone;
$password = $request->password;
$getemail = getuserbyemail($email);
$getusern = getuserbyusername($username);
//$getphone = getuserbyphone($phone);
$getSponsor = getuserbySponsor($sponsor);
if($getSponsor == null ||$getSponsor == ''){
return response()->json([
'success' => false,
'message' => 'Sponsor user dose not found...!',
], 401);
}
else if($getemail != null){
return response()->json([
'success' => false,
'message' => 'Email is already existed...!',
], 401);
}
else if($getusern != null){
return response()->json([
'success' => false,
'message' => 'Username is already existed...!',
], 401);
}
else{
$insertuser = insertUser($getSponsor->id, $username, $email, $password);
if($insertuser == "true"){
return response()->json([
'success' => true,
'message' => 'Your account has been registerd successfully...!',
]);
}
else if($insertuser == "false"){
return response()->json([
'success' => false,
'message' => 'There is an error while regestring your account...!',
]);
}
else{
return response()->json([
'success' => false,
'message' => 'There is an UnKnown error while regestring your account...!',
]);
}
}
}
This is my insertUser() Function:
function insertUser(string $sponsor, string $username, string $email, string $password){
$time_now = date("Y-m-d H:i:s");
$updated_at = $time_now;
$created_at = $time_now;
$sponsor_id = $sponsor;
$user_name = $username;
$user_email = $email;
//$user_phone = $phone;
$user_password = $password;
$createUser = User::create([
'sponsor_id' => $sponsor,
'user_name' => $user_name,
'email' => $user_email,
'phone' => null,
'earning' => 0,
'balance' => 0,
'city' => null,
'country' => null,
'image' => null,
'status' => 1,
'password' => Hash::make($user_password),
]);
if($createUser){
return "true";
}
else{
return "false";
}
}
It is registering successful but not sending the verification link on email. How can I achieve that?
Update the question:
I am using Laravel 8 version

Related

Laravel Sanctum check if user has tokens

I'm trying to log in the user and If this user has any token in the personal_access_tokens table remove them and create a new one. I tried it, but this throws me an error saying Call to a member function currentAccessToken() on null
Here is my code I used in my login method,
$request->validate([
'email' => 'required | email',
'password' => 'required'
]);
$user = User::where('email', $request->email)->first();
if (!$user){
return response(['payback' => 'Account not found']);
} else if(!Hash::check($request->password, $user->password)){
return response(['payback' => 'Incorrect Credentials']);
}
if($request->user()->currentAccessToken()){
$request->user()->currentAccessToken()->delete();
} else {
return response(['payback' => 'Not Has Tokens']);
}
$token = $user->createToken('ribluma_access_token')->plainTextToken;
I tried a solution that works,
$request->validate([
'email' => 'required | email',
'password' => 'required'
]);
$user = User::where('email', $request->email)->first();
if (!$user) {
return response(['payback' => 'Account not found']);
} else if (!Hash::check($request->password, $user->password)) {
return response(['payback' => 'Incorrect Credentials']);
}
if (count(DB::table('personal_access_tokens')->where('tokenable_id', $user->id)->get()) > 0) {
DB::table('personal_access_tokens')->where('tokenable_id', $user->id)->delete();
}
$token = $user->createToken('ribluma_access_token')->plainTextToken;
$response = [
'user' => $user,
'token' => $token
];
return $response;
This is the exact thing I want to do. But there should be a better way I guess. Really appreciate it if somebody could help thanks.
if(auth('sanctum')->check()){
auth()->user()->tokens()->delete();
}
$token = $user->createToken('ribluma_access_token')->plainTextToken;
try this code for login
$request->validate([
'email' => 'required | email',
'password' => 'required'
]);
$user = User::where('email', $request->email)->first();
if (!$user || !Hash::check($request->password, $user->password)) {
return response(
'message' => ['These credentials do not match our records.']
,404);
}
if(auth('sanctum')->check()){
auth()->user()->tokens()->delete();
}
$token = $user->createToken('ribluma_access_token')->plainTextToken;

Auth::attempt value always false

I have some problem when I want to make login, I got an issue for my Auth::attempt always false value, Is am I got something wrong in my code?
Controller :
public function register(Request $register)
{
$validator = Validator::make($register->all(), [
'name' => 'required',
'email' => 'required|email',
'password' => 'required',
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
} else {
$name = $register->input('name');
$email = $register->input('email');
$pwd = $register->input('password');
$c_pwd = $register->input('c_password');
// Crypting password & c_password to md5
$md5_pwd = md5($pwd);
$md5_c_pwd = md5($c_pwd);
// Salt password & c_password
$password = crypt($md5_pwd, "asd");
$c_password = crypt($md5_c_pwd, "asd");
$data = new User();
if ($password == $c_password) {
$user = User::create([
'name' => $name,
'email' => $email,
'password' => $password,
]);
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user
]);
} else {
return response()->json(['error' => "Password doesn't match"], 401);
}
}
}
public function login()
{
$email = request('email');
$pwd = request('password');
$md5 = md5($pwd);
$password = crypt($md5, "asd");
if (Auth::attempt(['email' => $email, 'password' => $password])) {
$user = Auth::user();
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user
]);
} else {
return response()->json([
'success' => false,
'message' => 'Invalid Email or Password',
], 401);
}
}
I assume you messed up with Laravel Default Password Hashing System
public function register(Request $register)
{
$validator = Validator::make($register->all(), [
'name' => 'required',
'email' => 'required|email',
'password' => 'required',
'c_password' => 'required|same:password',
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
} else {
$name = $register->input('name');
$email = $register->input('email');
$pwd = $register->input('password');
$c_pwd = $register->input('c_password');
// $data = new User();
$user = User::create([
'name' => $name,
'email' => $email,
'password' => bcrypt($password . 'salt'),
]);
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user
]);
}
}
public function login()
{
$email = request('email');
$pwd = request('password');
if (Auth::attempt(['email' => $email, 'password' => $password . 'salt'])) {
$user = Auth::user();
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user
]);
} else {
return response()->json([
'success' => false,
'message' => 'Invalid Email or Password',
], 401);
}
}
Try this code. I don't know what happened to your code about the password you tried to encrypt it in attempt.
public function login(LoginRequest $request) {
if(!Auth::attempt([
'email' => $request->email,
'password' => $request->password,
'active' => true
])) {
return response()->json('Email or Password is incorrect', 500);
}
$this->user = Auth::user()->load('roles');
return $this->createUserAccessTokenResponse();
}
protected function createUserAccessTokenResponse() {
return response()->json([
'status' => 'success',
'data' => [
'token' => $this->user->createToken($this->user->name)->accessToken,
'user' => $this->user
],
], 200);
}
your problem is that laravel by default hashes the password. so when you do Auth::attempt it's going to hash the password you provided. And the result is what you get, it will always false.
Instead, you need to Other Authentication Methods.
Auth::login($user);
// Login and "remember" the given user...
Auth::login($user, true);
Above is the easiest way to fix your code.
It's recommended to hash your password rather than encrypting the password.
Hashing password in laravel is also
Hash::make($password);
And then you can use Auth::attempt to log in your user.
Laravel Auth uses the bcrypt hashing when saving password via model you may use either of the 2 method
$account->password = bcrypt("YOUR_PASSWORD"); or $account->password = Hash::make("YOUR_PASSWORD");
Then if you're dealing with the auth attempt function, just simply call the method like this
if($account = Auth::attemp(['email' => "YOUR_EMAIL#DOMAIN.COM", 'password' => "YOUR_PASSWORD"])){
//success login, do your extra job here
}else{
//invalid credentials here
}
Instead of using md5 or crypt use \Hash::make() it is much secure
I refactored your code and it does the same thing
You only need to rename your c_password to password_confirmation
Source
Below code does the same thing that your code do
public function register(Request $register)
{
$this->validate($register, [
'name' => 'required',
'email' => 'required|email',
'password' => 'required|confirmed',
]);
$user = User::create([
'name' => $register->input('name'),
'email' => $register->input('email'),
'password' => $register->input('password'),
]);
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user,
]);
}
public function login(Request $request)
{
$request->merge(['password' => \Hash::make($request->input('password'))]);
if (Auth::attempt($request->only(['email', 'password']))) {
$user = Auth::user();
$success['token'] = $user->createToken('SSOApp')->accessToken;
return response()->json([
'success' => true,
'token' => $success,
'user' => $user,
]);
}
return response()->json([
'success' => false,
'message' => 'Invalid Email or Password',
], 401);
}
when you hashing password using crypt it has a key to unlock it that's why there is a decrypt but when you use Hash::make() it doesn't have a key to break or unlock it, it will check it's algorithm to see if given password is matching the algorithm that already exists in the database that's why crypt is not safe and Hash::make is much much more safe

Throw error message if user is not active using Laravel

I have field status in my users table and O want to check if status is 0 then user should not login and if 1 user should be able to login.
Here is my login code (controller is lengthy, please avoid some irrelevant code):
public function fdLogin(Request $request)
{
$credentials = $request->only('email', 'password');
$rules = [
'email' => 'required|email',
'password' => 'required',
];
$validator = Validator::make($credentials, $rules);
if ($validator->fails()) {
return response()->json([
'status' => false,
'message' => __('messages.validation_errors'),
'errors' => $validator->messages()
]);
}
$token = "";
try {
// if Request has latitude and longitude
$latFrom = $longFrom = $givenSpeciality = "";
$locationTag = false;
if ($request->has('lat') && $request->has('long') && $request->has('specialityKey') && !empty($request->lat) && !empty($request->long) && !empty($request->specialityKey)) {
$latFrom = $request->lat;
$longFrom = $request->long;
$givenSpeciality = $request->specialityKey;
$locationTag = true;
}
if (!Auth::attempt($credentials)) {
return response()->json(array('status' => false, 'message' => 'Invalid username or password', 'errors' => array('Invalid username or password')));
}
$speciality = DB::table('specialities')
->join('user_facility', 'specialities.id', 'user_facility.speciality_id')
->where('user_facility.user_id', Auth::user()->id)
->select('specialities.name', 'specialities.id')->first();
$types = [];
if (!empty($speciality)) {
$types = $speciality;
}
$customClaims = ['exp' => Carbon::now()->addYear()->timestamp, 'specialityType' => $types];
if (!$token = JWTAuth::claims($customClaims)->attempt($credentials)) {
return response()->json([
'status' => false,
'message' => 'We can`t find an account with this credentials.'
], 401);
}
} catch (JWTException $e) {
// Something went wrong with JWT Auth.
return response()->json([
'status' => false,
'message' => 'Failed to login, please try again.'
], 500);
}
$withInFacility['logged_in_facility'] = array();
$currentUser = Auth::user();
$user_id = $currentUser->id;
if ($locationTag) {
$userWithFacilities = $currentUser->load('facilities.facilityLocation', 'facilities.speciality.avaliableSpeciality');
$locations = array();
if (isset($userWithFacilities['facilities']) && count($userWithFacilities['facilities'])) {
foreach ($userWithFacilities['facilities'] as $facility) {
$faci = $facility->toArray();
if (!empty($faci['facility_location']) && $faci['facility_location'] > 0) {
$demo = $faci['facility_location'];
}
if (isset($faci['speciality']) && count($faci['speciality']) > 0) {
$speciality = $faci['speciality'];
if (isset($speciality['avaliable_speciality']) && count($speciality['avaliable_speciality']) > 0) {
$avaliable_speciality = $speciality['avaliable_speciality'];
$demo['avaliable'] = $avaliable_speciality['specialty_key'];
}
}
$locations[] = $demo;
}
if (count($locations)) {
foreach ($locations as $location) {
$distance = self::distance($latFrom, $longFrom, $location['lat'], $location['long']);
// if distance is less than 100 meter ''ll eligible to login else Log him out
if ($distance < config('constants.facility_radius')) {
if ($location['avaliable'] == $givenSpeciality) {
$withInFacility['logged_in_facility'] = $location;
$withInFacility['logged_in_facility']['radius'] = config('constants.facility_radius');
}
}
}
// if distance is less than 100 meter ''ll eligible to login else Log him out
if (empty($withInFacility['logged_in_facility'])) {
JWTAuth::setToken($token)->invalidate();
return response()->json(['status' => false, 'message' => 'Your are not in facility OR Your speciality did not matched with facility', 'errors' => '']);
}
} else {
return response(['status' => false, 'message' => 'Your Facility did not have any location , please ask for administrator', 'data' => null]);
}
} else {
return response(['status' => false, 'message' => 'You did not have any facility , please ask for administrator', 'data' => null]);
}
}
$currentUser->basicInfo = $this->userBasicInfo->where('user_id', $user_id)->first();
$is_super_admin = DB::table('users')->select('users.is_super_admin')->where('id', $user_id)->first();
$specialitiesAndRoles = DB::table('user_facility')
->leftjoin('roles', 'user_facility.role_id', 'roles.id')
->leftjoin('specialities', 'user_facility.speciality_id', '=', 'specialities.id')
->leftjoin('available_specialties', 'specialities.available_specialties_id', '=', 'available_specialties.id')
->where('user_facility.user_id', $user_id)
->select('user_facility.facility_id', 'user_facility.speciality_id', 'user_facility.is_facility_supervisor', 'user_facility.priv_key', 'user_facility.role_id', 'specialities.name', 'available_specialties.id', 'available_specialties.specialty_key')
->get();
$superadmin = $is_super_admin->is_super_admin;
$specialities = (object)$specialitiesAndRoles;
$sp = $specialitiesAndRoles->toArray();
$specialty_key = "";
if (!empty($sp)) {
$specialty_key = $sp[0]->specialty_key;
}
$fac_privs = array();
if (!empty($sp)) {
foreach ($sp as $s) {
$s = (array)$s;
$s['priv_list'] = Helpers::get_checked_privs($s);
$fac_privs[] = $s;
}
}
if (count($withInFacility['logged_in_facility'])) {
$withInFacilityObj = (object)$withInFacility['logged_in_facility'];
} else {
$withInFacilityObj = NULL;
}
$response = ['is_super_admin' => $superadmin, 'facilities' => $fac_privs, 'logged_in_facility' => $withInFacilityObj];
if ($superadmin == 1) {
$response['priv_ist'] = Helpers::get_priv_list();
}
$speciality = $this->speciality;
if ($speciality) {
$user = DB::table('verify_users')->where('user_id', $user_id)->first();
DB::table('verify_users')->insert([
'token' => $token,
'user_id' => $user_id,
]);
if ($specialty_key == 'medical_doctor') {
$md_db = DB::connection('doctorDB');
$user = $md_db->table('auth_token')->where('user_id', $user_id)->first();
if ($user) {
$md_db->table('auth_token')->where('id', $user->id)->update([
'token' => $token,
'isValid' => 1,
]);
} else {
$md_db->table('auth_token')->insert([
'token' => $token,
'isValid' => 1,
'user_id' => $user_id
]);
}
}
}
$user_data = $this->GetUserInfo();
unset($currentUser['facilities']);
return response()->json([
'status' => true,
'message' => 'Login successfully',
'data' => [
'token' => $token,
'userData' => $currentUser,
'userInfo' => $user_data,
'privileges' => $response,
]
]);
}
This is my whole controller of login I am not using Laravel built-in authentication, I have created my own login based on my project requirement, and I want to implement this functionality.
I don't know why you are not checking when you get the user info. I am not sure what is your purpose but may be this code will help you.
$currentUser = Auth::user();
if($currentUser->status == 0){
Auth::logout();
return response()->json([
'status' => false,
'message' => 'Failed to login, Access forbidden.',
], 403);
}

Laravel cookie return null

I was created auth api, i using cookie for identify the authenticated user, but the cookie always return null. I already search the answer on google, but the problem dont solved
Check my code
AuthController.php
<?php
namespace App\Http\Controllers\API;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Hash;
use App\User;
use App\Token;
class AuthController extends Controller
{
protected $email;
protected $token;
function loginAction(Request $data) {
$this->email = $data->email;
$validatorMsg = [
'email.required' => 'Email tidak boleh kosong',
'email.email' => 'Masukan email yang valid',
'email.exists' => 'Email tidak cocok dengan akun manapun',
'password.required' => 'Password tidak boleh kosong'
];
$validator = Validator::make($data->all(), [
'email' => 'required|email|exists:users,email',
'password' => 'required'
], $validatorMsg);
if ($validator->fails()) {
return response()->json([
'type' => 'error',
'message' => $validator->errors()
], 422);
}
$find = User::where('email', $this->email)->first();
if (Hash::check($data->password, $find->password)) {
$this->generateToken();
return response()->json([
'type' => 'success',
'message' => 'Authentication successfully',
'auth_token' => $this->token
], 200);
} else {
return response()->json([
'type' => 'error',
'message' => [
'password' => 'Password tidak sesuai dengan akun terkait'
]
], 401);
}
}
function registerAction(Request $data) {
$validatorMsg = [
'name.required' => 'Nama tidak boleh kosong',
'email.required' => 'Email tidak boleh kosong',
'email.email' => 'Masukan alamat email yang valid',
'email.unique' => 'Alamat email sudah terdaftar',
'password.required' => 'Password tidak boleh kosong',
'password.min' => 'Password harus lebih dari 6 karakter',
'password_confirmation.required' => 'Password belum di konfirmasi',
'password_confirmation.same' => 'Password tidak sama dengan password konfirmasi'
];
$validator = Validator::make($data->all(), [
'name' => 'required',
'email' => 'required|email|unique:users,email',
'password' => 'required|min:6',
'password_confirmation' => 'required|same:password'
], $validatorMsg);
if ($validator->fails()) {
return response()->json([
'type' => 'error',
'message' => $validator->errors(),
], 422);
}
$this->email = $data->email;
$user = new User;
$user->name = $data->name;
$user->email = $data->email;
$user->password = Hash::make($data->password);
$user->save();
$this->generateToken();
return response()->json([
'type' => 'success',
'message' => 'Register succesfully',
'auth_token' => $this->token
], 200);
}
function generateToken() {
$this->token = str_random(50);
cookie('auth_token', $this->token, 1440);
$UID = User::where('email', $this->email)->first()->id;
$find = Token::where('user_id', $UID)->first();
if ($find != null) {
$token = Token::where('user_id', $UID)->first();
$token->auth_token = $this->token;
$token->save();
} else {
$token = new Token;
$token->user_id = $UID;
$token->auth_token = $this->token;
$token->save();
}
}
}
The controller show if user succesfully authentication this controller generate the cookie
RequireAuth.php (Middleware)
<?php
namespace App\Http\Middleware;
use Illuminate\Support\Facades\Cookie;
use Closure;
use App\Token;
class RequireAuth
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
// cookie('auth_token', 'wkwkand', 1440);
$authToken = Cookie::get('auth_token');
$find = Token::where('auth_token', $authToken)->first();
dd($authToken);
if ($find != null) {
return redirect('/available');
}
return $next($request);
}
}
The middleware to verify user has auth_token or not, but i already set the cookie. And i check dd() the cookie got null value
You aren't passing the cookie to response.
Generating Cookie Instances
This cookie will not be sent back to the client unless it is attached to a response
instance
Check it here: https://laravel.com/docs/5.6/requests#cookies
Try this quick fix:
function registerAction(Request $data) {
$validatorMsg = [
'name.required' => 'Nama tidak boleh kosong',
'email.required' => 'Email tidak boleh kosong',
'email.email' => 'Masukan alamat email yang valid',
'email.unique' => 'Alamat email sudah terdaftar',
'password.required' => 'Password tidak boleh kosong',
'password.min' => 'Password harus lebih dari 6 karakter',
'password_confirmation.required' => 'Password belum di konfirmasi',
'password_confirmation.same' => 'Password tidak sama dengan password konfirmasi'
];
$validator = Validator::make($data->all(), [
'name' => 'required',
'email' => 'required|email|unique:users,email',
'password' => 'required|min:6',
'password_confirmation' => 'required|same:password'
], $validatorMsg);
if ($validator->fails()) {
return response()->json([
'type' => 'error',
'message' => $validator->errors(),
], 422);
}
$this->email = $data->email;
$user = new User;
$user->name = $data->name;
$user->email = $data->email;
$user->password = Hash::make($data->password);
$user->save();
$cookie = $this->generateToken();
return response()->json([
'type' => 'success',
'message' => 'Register succesfully',
'auth_token' => $this->token
], 200)->cookie($cookie);
}
function generateToken() {
$this->token = str_random(50);
$cookie = cookie('auth_token', $this->token, 1440);
$UID = User::where('email', $this->email)->first()->id;
$find = Token::where('user_id', $UID)->first();
if (!$find) {
$token = Token::where('user_id', $UID)->first();
$token->auth_token = $this->token;
$token->save();
} else {
$token = new Token;
$token->user_id = $UID;
$token->auth_token = $this->token;
$token->save();
}
return $cookie;
}

Web services in laravel 4.2

I have created my API for logging users into my application, but then it responds with the else part as the response
{"error":true,"message":"Check your username or password"}
below is my controller
public function getLogin()
{
$user = array(
'username' => Input::get('username'),
'password' => Input::get('password')
);
if (Auth::attempt($user))
{
$user = User::find(Auth::user()->id);
$role = $user->roles;
if ($role[0]->name == 'Customer')
{
return Response::json(['error' => false, 'message' => 'Customer Logged in successfully', "user"=>$user]);
}
else
{
return Response::json(['error'=>true, 'message'=>'Check your login details']);
}
}
else
{
return Response::json(['error' => true, 'message' => 'Check your username or password']);
}
}

Resources