Develop Reference

Laravel Telescope is not working in production with Laravel Voyager. How to secure /telescope/* routes in Laravel 7?

I'm using Laravel with Auth, Auth UI, Voyager admin panel, Telescope. Everything works fine untill I change APP_ENV=local to APP_ENV=production in .env file. When I change the .env file to production then I get the below error. screen shot of my issue is here.
Trying to get property 'name' of non-object
Basically I want to protect /telescope/*routes in production. But before doing that I am getting this error.
I read the same issue in github similar issue github link. I think the answer is present in the link but im unable to digest it as im a newbie.
Any help to fix this, and protecting telescope routes in production is much appreciated. I tried to create a Policy and give read permissions to the user via policy. But somehow im not able to fix it.

ok: its too easy - the only thing you have to do is:
php artisan make:policy -m User UserPolicy
thats it.

You can pass the array of email into the gate method in the TelescopeServiceProvider.php
Gate::define('viewTelescope', function ($user) {
return in_array($user->email, [
'username#domain.com'
]);
});
This will block everyone except the mentioned email of logged-in user.

Laravel Dusk auth issues with Laravel Passport

Can't test applications with Laravel Dusk if the app uses Laravel Passport for authentication. It's always 404 and if you stop the test with ->stop() it starts working.
The app is located: localhost:3000
and all requests are proxied to api.example.test
I've tried to authenticate the user inside the test:
$this->actingAs(User::find(1), 'api');
$browser->loginAs(User::find(1));
Passport::actingAs($this->user);
But still the same.
That's not the only problem, I think the main issue is also that I can't log in with Dusk by filling out the form and click "login"
$browser->visit('/login')
->type('#email', 'john#doe.com')
->type('#password', 'password')
->click('#login-button')
->waitForLocation('/');
But again, if you stop the test with ->stop() you can manually click the button and it will log you in.
Is Laravel Dusk useless if your app does not use basic auth?

Solved.
The problem was that my Dusk .env file had APP_URL=localhost:3000 where the front-end is located, but my APIs .env file had APP_URL=api.exmaple.com and that's why in my AuthController, I issued the token from env('APP_URL').'/oauth/token' <- which resulted in Dusk env to localhost:3000/oauth/token which is ofc 404
I changed that to env('API_URL') and added that value to my both .env files.

Api auth middleware is not working on serve

I have a Laravel 5.5 application
I am able to login with API but unable to access routes with "auth:api" middleware.
Sending headers like
1 . Accept = application/json
2 . Authorization = Bearer eyJ0eXAi.....xxxxxxxx
In api.php
Route::middleware('auth:api')->group(function(){
Route::post('user', 'Api\Auth\PassportController#getDetails');
}
This working on local but not on server.
Checked error_log file and laravel.log file. But no luck.
Don't know whats wrong.
Please help me to solve this issue.

After hours of searching and moving many lines of code:
php artisan config:clear
Works for me!
Idea from: https://github.com/laravel/passport/issues/452

Laravel Passport Password Reset API route

I'm all set up with Passport in 5.5 and have the auto generated Auth\ForgotPasswordController and Auth\ResetPasswordController controllers.
However whereas /oauth/token was provided magically for me, there don't appear to be such routes for password reset when using the API.
What should my API routes look like?
Currently I've experimented with
Route::group(['prefix' => 'password'], function () {
Route::post('/email', 'Auth\ForgotPasswordController#sendResetLinkEmail');
Route::post('/reset', 'Auth\ResetPasswordController#reset');
});
but I found these in the vendor files when looking at the traits and aren't sure if this is the correct way.
The /password/email route also fails with "message": "Route [password.reset] not defined."

since you don't see any route other then 2 custom, therefore i am assumin you havn't run artisan auth command. First run that. it will add lot of routes in ur project.
Then set api driver to passport.

Laravel Socialite InvalidStateException in AbstractProvider.php line 200

I'm building a web app in my local system (Ubuntu-14.04 64Bit) using laravel 5.3. I used Socialite to signin from social networks. I configured G+, Facebook, GitHug. I'm using Chromium as my default browser. Finally the problem is i'm getting
InvalidStateException in AbstractProvider.php line 200
frequently. i tried
php artisan cache:clear
php artisan config:clear
composer dump-autoload
these are helping to solve the issue temporarily, again the problem raising.
please help me in this issue..

I have the same issue and I've read a lot about this, that depend if the URL where you are at the moment of the login request has www. at the beginning or not.
Into config\services.php, if you have the redirect set as http://sitename.tld/callback/facebook the oauth works if you send the login request from sitename.tld, while if you try from www.sitename.tld you get the exception.
I haven't yet understood how to have it working with and without www at the beginning.

If the AbstractProvider.php line 200 fires the exception when the state of the user is not present means that the User cannot be created.
First check your code when you get the details from the provider(facebook, github) if you create a user and you return it.
If you have managed and logged in your app and you deleted the user from the user table remember to delete also the data from the socialite account table.

I was getting that exception because 'state' wasn't saved in session. But I was using asPopup method - Socialite::driver('facebook')->asPopup()->redirect(); so I saved session then - $request->session()->save();. So I solved this issue.
or try
session()->put('state', $request->input('state'));
$user = Socialite::driver('facebook')->user();
it works

I have same issue and solved in 3 steps;
add request on the top
use Illuminate\Http\Request;
Pass request object to function
public function handleProviderCallback(Request $request)
{
try {
$user = Socialite::driver('facebook')->user();
} catch (Exception $e) {
throw new Exception;
}
}
Clear cache.
php artisan cache:clear

I had the same error but my solution was a little different. I am posting here just in case someone else keeps hitting this post like I did for a possible answer.
I develop on Ubuntu 18.04 desktop since it is a server with a GUI. Socialite works great locally but as soon as I pushed/pulled the changes through git to the server, it quit.
I was running traces by recording what was sent to and from google. I "dd($_GET)" to get a raw dump before Socialite had a chance to get the info so I knew what was stored and ready for use. All info was there but Socialite didn't seem to "see" it. That is when I reasoned it was my apache2 header configuration interfering with the cookies/session data.
I had set header security in my apache2 configs. One of the settings was
Header always edit Set-Cookie ^(.*) "$1;HttpOnly;Secure;SameSite=Strict"
This setting was interfering with the cookie information that socialite needed. I removed that setting from my apache2 header config(by commenting out) and restarted Apache. Finally I removed all sessions in storage/framework/session/* and cleared them from my browser just to be sure. That worked for me.
After I got it working, one by one enabled and tested each of the following settings to have the framework secure what header info it can:
SESSION_SECURE_COOKIE=true
in my .env file
'http_only' => true, and
'same_site' => 'lax'(setting to "strict" did not seem to work)
in my config/session.php file.
Now it is back to testing security and tweaking things back if need be.