So, I've just built my website authentication system using laravel fortify, however, I'm finding a problem on how to implement the remember me option. I could use some help. if there's a built-in method in fortify it would be even better.
I am using laravel 8 and fortify 1.6
According to this issue https://github.com/laravel/fortify/issues/17
Taylor suggests that you shouldn't use the Auth::attempt method in Fortify::authenticateUsing method as it will essentially be logging in twice.
You should use Auth::validate.
Btw, if you have an input (checkbox) named "remember" it will still be passed along.
Hope this helps someone, because I spent hours trying to get to the bottom of how to use remember with Fortify::authenticateUsing.
So, after surfing in the whole fortify assets xD, I found that it accepts a second parameter in the attempt method which is rememberMe option as a "remember" post data name. So u just have to set the remember me checkbox name to "remember" and its gonna work like magic.
Related
Okay, so I know about middleware hence the "From Controller" specification in the title but basically, the issue I have is this, I have a SaaS app that I'm adding a gifting feature i.e give someone a plan as a gift and so I need to force login on a regular user while allowing either way on one gifting the plan to make it easier. Makes sense? Anyway, for that reason, I cannot use the auth middleware since I have, and want, only 1 checkout page.
So, how can I force login from my Checkout Controller like the way the auth middleware does it on routes?
Since I haven't gotten a suggestion, I'll post the workaround I came up with and the potential solution I simply have no time to study up on at present:
Likely solution:
Use Auth::guard('guard name here') and you can learn more about this here.
My workaround:
I created another route pointing to the same controller function but one is going through middleware('auth') while the other isn't. Practical example below.
Route::get('checkout/summary', [CheckoutController::class, 'summary'])->middleware('auth')->name('summary');
Route::get('checkout/gift-a-sub', [CheckoutController::class, 'summary'])->name('gift-a-sub');
With this, I only require one page to prevent complications while forcing authentication for regular users while those just opting to gift a plan aren't required to do so and all I have to do then is save the data based on a flag created at the Pricing page.
I'm new to Vue and I trying to change my old laravel application to SPA, I watch this tutorial and on it, the instructor stores the user data in window.user to make it available on all components. but it can easily be changed and honestly, I think it is the worst idea ever.
is there any better solution for ACL in the front end?
please help me out.
by the way, I'm using laravel 5.7 and previously I've used Laratrust for ACL purpose.
this is tutorial's link
https://www.youtube.com/watch?v=sW6MStdkFJE&list=PLB4AdipoHpxaHDLIaMdtro1eXnQtl_UvE&index=45
Before you read the title and vote as duplicate, hear me out. I haven't been able to find another example of what I am after.
I have a Laravel 5.5 application that uses the built in Laravel Auth class for user management.
If a user tries to perform an action I want to stop/allow the action based on the user's level.
I have gone through the docs and found that I can write my own custom validation rules by implementing the \Illuminate\Contracts\Validation\Rule interface and call it in the controller but I want to, basically, pass the validator the user level and the level required and validate from that.
Can someone please point me in the right direction to do so?
I dont think the form validation is the best way to make what you want. If you want to restrict actions depending on user permission (here level), you have to create the levels and then check for it before try to validate the form.
I recommend you tu use the Authorization part of Laravel which is well explained in the doc
I have followed this tutorial to create a component in Joomla 2.5.19. I have modified the code a bit to suit my needs. I have changed
$response = $auth->authenticate($credentials, $options);
to
JFactory::getApplication()->logout(null, $options);
$authorized = JFactory::getApplication()->login($credentials, $options);
But this call to login changes user's password. Does any one have any clue, why it is behaving like this.
Note: I have also installed latest version of JomSocial.
Thanks,
The password itself is not changing, what is happening is that the method hashing of the password prior to storing in the the database has changed. Users with existing passwords with the old hashing have their hashing changed when they login. If you use the JUser API with your authentication system this will work seamlessly, you would only know that it happens if you look in the database.
I only briefly reviewed the link you posted with the tutorial, and from first glance this is not the correct way to achieve external authentication in Joomla. You should write an authentication plugin which hooks into core events and seamlessly integrated with the framework.
Although you could most definitely make this approach "work," in the long run, by working against the framework; maintaining the code could become more and more difficult.
The link below is for Joomla 3.2, but the concepts apply. I would recommend reverse engineering existing core authentication plugins.
If you choose to continue with the component approach check out the com_users login controller and model for his they handle login posts. Both should have relevant methods.
http://docs.joomla.org/J3.2:Creating_an_Authentication_Plugin_for_Joomla
I figured it out with the help of Elin...
Turned out to be a rehash... In Joomla 2.5.19, (libraries/joomla/user/helper.php) JUserHelper::verifyPassword() is actually rehashing and updating the password in database.
Thank you #Elin. Can you submit you comment as answer so I can accept it :)
I wrote a plugin for joomla that adds custom fields to the user/register component. There are 3 different registration forms for different user groups.
The plugin acts on onUserAfterSave() and works fine, but there is one problem. When there is an error in the original user component, for example: "the username has already been taken" the form is redirected and neither onUserAfterSave() or onUserBeforeSave() is ever called.
I want to change that redirection, but without changing the core, but since neither plugin events are called, im not sure how to. Can you guys help me? Maybe I am missing something!
Is it possible to maybe override the save() function?
THANKS
I had same problem many times, so i can share a solution i use myself. If you don't want to edit Joomla core files, you can do the following:
Create your own template override of registration view.
Duplicate the components/com_users/controllers/registration.php file and lets say name it registration2.php
In your registration form override change hidden input's "task" value from registration.register to registration2.register
Feel free to override registration2.php classes how you like.
It's totally Joomla update proof, so you can update your joomla version witht worrying about errors.
I think you might need to do the checks that joomla is doing in your plugin and redirect in your plugin itself in the case that it wont pass. I see your predicament and I don't know a better way but I would pick a different event to run it on maybe even after page load and then on UI event in javascript.
The only clean way to extend the user registration/profile is to create a profile plugin like this one
https://github.com/joomla/joomla-cms/blob/master/plugins/user/profile/profile.php
You can extend com_users forms in backend and frontend.