Laravel 8 auth Attempting and Failed events not firing as expected - laravel

I'm at a loss here... I'm using Laravel 8 with the jetstream inertia stack. I've setup event listeners in my EventServiceProvider to log various authentication events but the events don't seem to fire as expected. Login and Logout both work as expected, but I can't figure out the logic behind Attempting and Failed. Attempting only seems to fire when I successfully login. If I pass an invalid email/password it never fires. And I can't seem to figure out when Failed ever fires. All I want to accomplish is logging attempts to login to my system, even if they are providing invalid credentials.
Here's my EventServiceProvider. All the listeners are very simple with just a line to log a message in the handle() method.
protected $listen = [
\Illuminate\Auth\Events\Attempting::class => [
\App\Listeners\Auth\LogAttemptingLogin::class
],
\Illuminate\Auth\Events\Login::class => [
\App\Listeners\Auth\LogSuccessfulLogin::class,
],
\Illuminate\Auth\Events\Logout::class => [
\App\Listeners\Auth\LogSuccessfulLogout::class,
],
\Illuminate\Auth\Events\Failed::class => [
\App\Listeners\Auth\LogFailedLogin::class,
]
];

I'm experiencing the same issues with exact same stack. It feels like LogFailedLogin not triggering is a bug or something.
I opened an issue as I'm having an hunch that it has to do with Fortify: https://github.com/laravel/fortify/issues/145.
Edit: It's a confirmed bug at the time of writing.

Related

Load test Laravel application with jmeter

I am trying to load test a Laravel application, however I'm stuck at the very beginning. I am attempting a login with a POST request, but I'm always getting response code: 419. I have googled and asked around a bit to no avail.
So far, I have extracted the xsrf token from the GET request and am trying to append it as a header to the POST request. I'm not sure if I'm doing it correctly, however.
That's what my header manager looks like, I looked at the post request through dev tools when doing it manually and I tried to replicate it.
I really can't tell what I'm doing wrong. I don't think I can fix this by using a different tool.
For web routes you need to Disable CSRF, or put csrf on the jmeter.
For API routes you need to disable rate limiter. Just go to app/Http/Kernel.php and comment throttle:60,1 line
protected $middlewareGroups = [
...
'api' => [
// 'throttle:60,1',
],
];
Maybe you should disable these on test environment only, in most cases in the production these feature is needed.

Change default Laravel "Server error" message

I've noticed that in production mode with my debug mode set to false that most of my functions that have a try/catch will return the Laravel default "Server error" message.
I've been trying to hunt this message down with little luck, how can I customise this generic message returned from functions within my Laravel app whilst debug is turned off?
If you're referring to a very generic HTTP 500 error, it's a blade file in the framework.
If you want to display your own error for 5XX errors and such, you can override them by creating a blade file with the name of the error you want to override. For example:
resources/views/errors/500.blade.php
{{ __('Uh oh. Something has gone wrong behind the scenes.');
Now when a 500 error is encountered, your blade error will be displayed rather than the default Laravel 500 error.
You can create files for the common errors too obviously.
Update
The default messages for HTTPExceptions in Laravel are provided by the Symfony Response class found in the Symfony\Component\HttpFoundation directory.
When it comes to providing error messages in APIs, most will send the default HTTP status code in the headers and then supply a human error message in the response body.
For your example you might do something like:
return response()->json([
'errors' => [
[
'status' => 500,
'title' => 'Internal server error',
'message' => 'A more detailed error message to show the end user'
],
]
], 500);
You would then be responsible for consuming the error response and showing the end user the human readable error rather than the default generic Internal server error.
You might find some of the JSON API examples useful.
In my case, my Model extends Authenticable.
I changed it to Model and imported Eloquence.

Laravel Spark - Notifications stuck & Stripe nagging for publishing key that exists

Just curious if anyone else is facing this issue with Laravel Spark where the notifications are intermittently stuck in loading and if there's a simple fix for it?
Ie:
Also, I'm receiving this Stripe error in my error console whenever I attempt to subscribe on my production environment, I am using the correct test credentials in the environment file:
Uncaught Error: You did not set a valid publishable key. Call Stripe.setPublishableKey() with your publishable key. For more info, see https://stripe.com/docs/stripe.js
at Function.b.validateKey ((index):3)
at Function.b.create ((index):2)
at Function.c.createToken ((index):2)
at o.subscribe (app.js:27)
at click (eval at pa (app.js:67), <anonymous>:3:52019)
at e (app.js:67)
at HTMLButtonElement.t._withTask.t._withTask (app.js:67)
In my .env file I have (I have put x's in for the purpose of this question, the env file has the real keys):
STRIPE_MODEL=App\User
STRIPE_KEY=pk_test_Nq6IKWIFjSaBFngxxxxxxxxx
STRIPE_SECRET=sk_test_T9lwCHZACcty5JUxxxxxxxxx
app/services.php and app/services-stripe.php both have these settings:
'stripe' => [
'model' => App\User::class,
'key' => env('STRIPE_KEY'),
'secret' => env('STRIPE_SECRET'),
],
Any assistance is appreciated, thanks guys.
I had the same situation with the notifications. Apparently there's some kind of conflict with font awesome's spinner. I removed the icon completely and it's working now. Same with invitations, when I send an invitation, the text on the button changes but the spinner never hides.

Mystery! Case of laravel auth.login event not being 'heard'

I'm working on my first laravel project and I've started making user accounts for initial folks to have a look.
In EventServiceProvider.php, I listen for logins (and the UpdateLoginInfo updates the users' logins count and last login date) like so:
protected $listen = [
'auth.login' => [
'App\Events\UpdateLoginInfo',
],
];
It's been working fine from the get-go, but yesterday I had a new user log in (and she even took actions in the app), but mysteriously the login count/date was never updated on the way in!
I've confirmed that it works for me with her account, in chrome, firefox, and IE... Papertrail doesn't have any clues- where else should I be looking for clues, or to try to reproduce it? Is it something browsers/settings can interfere with?

Paypal's IPN Simulator using Laravel 5

I'm about to go mental with this problem, I'm implementing an IPN system in my app and started doing tests now using Paypal's IPN Simulator.
When I try to send an IPN simulation, it just gives the following error:
We're sorry, but there's an HTTP error. Please try again.
First thought - Paypal's service was down - Tested wrong since if I create a blank page and send an IPN message to http://myDNS.com/blankpage.php it is able to send it.
Second thought - Problem with routes - which I think it's not the problem either:
Here's my IPN Listener at the PurchaseController.php:
public function completed()
{
//FAHIM's Paypal IPN Listener
$ipn = new PaypalIPNListener();
$ipn->use_sandbox = true;
$verified = $ipn->processIpn();
$report = $ipn->getTextReport();
Log::info("-----new payment-----");
Log::info($report);
if ($verified) {
if($_POST['address_status'] == 'confirmed'){
//sucess
}
}
}
In routes.php :
Route::post('purchase/completed/', array('as' => 'purchase.completed', 'uses' => 'PurchaseController#completed'));
Is there any known problems associated with IPN Simulator and Laravel?
Thank you in advance.
Looks like I found the answer!
The problem was that a tokenMismatchException was being thrown whenever Paypal tried to send the POST information.
For people with the same problem, here's the solution:
Add an exception into the VerifyCsrfToken.php Middleware, so that the exception URI won't need the CsrfToken verification:
In my case, it looks something like this:
protected $except = [
'purchase/completed'
];
I'm working with Laravel 5, so please keep in mind that it might be slightly different in lower versions.

Resources