I am using Laravel 6, my project is working fine, but when I enter wrong login details, I am getting an error.
These credentials do not match our records.
How I can modify this error message and provide my custom message if there's an error in the user name or password. I tried to find this message in LoginController and Laravel vendor folder, but I couldn't find it. Can anyone please tell me the exact location of that file where this error message is located?
You can change it in /resources/lang/en/auth.php.
return [
/*
|--------------------------------------------------------------------------
| Authentication Language Lines
|--------------------------------------------------------------------------
|
| The following language lines are used during authentication for various
| messages that we need to display to the user. You are free to modify
| these language lines according to your application's requirements.
|
*/
'failed' => 'These credentials do not match our records.',
'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',
];
You can find that on this location
resources/lang/en/auth.php
if you want someting custom and more specific check AuthenticatesUsers.php and override function sendFailedLoginResponse in LoginController.php
Related
I use laravel jetstream, and I would like to redirect user to a specific route /admin/produit after login.
change this line in RouteServiceProvider.php
public const HOME = '/';
to
public const HOME = '/admin/produit';
Laravel Fortify is what is used in Jetstream, you can change the default location of redirects after login in your config/fortify.php
/*
|--------------------------------------------------------------------------
| Home Path
|--------------------------------------------------------------------------
|
| Here you may configure the path where users will get redirected during
| authentication or password reset when the operations are successful
| and the user is authenticated. You are free to change this value.
|
*/
'home' => RouteServiceProvider::HOME,
Alternatively you can set this during runtime with Config::set("fortify.home").
Furthermore if you need really complex behavior you can change entire Fortify Reponse class:
https://talltips.novate.co.uk/laravel/laravel-8-conditional-login-redirects
I am not 100% expert with Laravel routes, so I am finding some issues trying to accomplish the following:
on each an every Nova page requested, I need to first verify that a token is obtained and valid on an external service (it expires every 30').
I have a controller handle managing that and working fine. My problem is that I don't hit the nail with adding this verification to a middleware.
In other words, before displaying any Nova view, I need to check that this token is not expired. If it is, I post a call and refresh it.
I've googled around and found no similar question/issue.
Anyone can give me an enlighting example?
Thanks in advance.
I found the place while looking at another post here.
What I was missing was to declare my token validator class in config/nova.php
Here:
`/*
|--------------------------------------------------------------------------
| Nova Route Middleware
|--------------------------------------------------------------------------
|
| These middleware will be assigned to every Nova route, giving you the
| chance to add your own middleware to this stack or override any of
| the existing middleware. Or, you can just stick with this stack.
|
*/
'middleware' => [
'web',
Authenticate::class,
DispatchServingNovaEvent::class,
BootTools::class,
Authorize::class,
HereShouldGoMyClass::class,
],`
i have a download file link like this:
Download file
ROUTES
Route::group(['middleware' => ['web','auth','Admin','active'], 'prefix' => 'admin'], function(){
// USERS
Route::resource('user','UserController');
Route::post('user/permissions/update','UserController#update_permission')->name('update_user_permissions');
// MODULI
Route::resource('module','ModuleController');
// MODULISITICA
Route::resource('modulistica','ModulisticaController');
Route::post('modulistica_cliente','ModulisticaController#update_client_module')->name('modulistica_post_cliente');
Route::post('modulistica_prodotto','ModulisticaController#update_product_module')->name('modulistica_post_prodotto');
Route::get('modulistica/download/cliente/{file}','ModulisticaController#download_cliente')->name('modulistica_download_cliente');
Route::get('modulistica/download/{file}','ModulisticaController#download_module')->name('modulistica_download_module');
Route::get('modulistica/download/prodotto/{file}','ModulisticaController#download_prodotto')->name('modulistica_download_prodotto');
// UTILITY
Route::post('utility/become/client','UtilityController#become_client')->name('utility_become_client');
Route::resource('loan','LoanController');
Route::get('area_download/document/{file}', function ($file){
$path_file = storage_path().'/app/public/documents/'.$file;
return response()->download($path_file, $file);
})->name('download_document');
});
ERROR
Arrival at the "https://mysite.it/admin/loan" view without problems. When I click on the GET link it redirects me to the LOGIN, but being my user logged in by login redirects me to "https://mysite.it/home".
I did some tests getting the following information:
Request does not arrive at route "area_download / document / {file}"
The request does not arrive at the 'Admin', 'active' middlewares.
So my conclusions are that the problem is in the middleware "Web" or "Auth" but I can not understand why. Place the entire group of routes, if it can be useful. If you need more on the routes, I can attach screenshots!
I would appreciate your help thank you!
If you just allow downloading a file without any authentication then,
You can try this :
Blade File
Download file
From this user can directly download the file. Just need to add file path in href and download attribute.
or else remove the middleware AUTH if you don't want to Authenticate the user.
And you want to authenticate the user then need route:list and middleware details.
I found the solution! the problem was that my get request was made this way.
https://mysite.it/admin/area_download/document/example.pdf
the final PDF extension creates system error. Avoiding the final extension such as:
https://mysite.it/admin/area_download/document/example.pdf/go
Problem solved!
I am using the Laravel 5 ResetsPasswords trait to implement password reset. In the file resources/views/emails/password.blade.php., I have the following code.
Click To Reset Password
I am using a queue to send the email to the user. When the user clicks the link received in email, I get something like below:
http://localhost/password/reset/2aafe5381baa67f9d1fe2f476c0f1395b21e71fafe181b2980fb838fc9e0b2fc
I was rather expecting:
http://localhost/oap/public/password/reset/2aafe5381baa67f9d1fe2f476c0f1395b21e71fafe181b2980fb838fc9e0b2fc
Why is oap/public/ not in the url? I have used the url() function in other views and they have worked just well except for this email view where I am using queue to send the message. When a queue is not used to send the message, the link is okay. Any idea how I can resolve this issue.
Use URL::to. Like,
Click To Reset Password
for the url helpers it will generate the full path for your inputs
{{ url('/password/reset/'.$token) }}
will generate
http://localhost/password/reset/2aafe5381baa67f9d1fe2f476c0f1395b21e71fafe181b2980fb838fc9e0b2fc
and
{{ url('/oap/public/password/reset/'.$token) }}
will generate
http://localhost/oap/public/password/reset/2aafe5381baa67f9d1fe2f476c0f1395b21e71fafe181b2980fb838fc9e0b2fc
you can also get around this
Route::get('oap/public/password/reset/{confirmcode}', ['as' => 'resetpassword', 'HomeController#resetmethod']);
then using this like that
{{route('resetpassword', ['confirmcode' => $token])}}
I'm building a multi-domain/multi-store ecommerce application in Laravel and would like to keep the user logged in when he or she changes from store to store.
But for as far as I know Laravel's Auth service saves the logged in user in the session and the sessions can't be accessed by other domains.
Is there a way (maybe a package) to achieve this, without leaving my application prone to possible security problems?
Thanks in advance!
Capture the session id Session::getId() in Domain A
send the captured session id via HTTP POST to Domain B
Access the sent session id in domain B $sessionid_from_domainA = $_POST['session_from_A']
Set session in domain B Session::setId($sessionid_from_domainA)
Start Session in domain B Session::start()
If you want to share the session between multiple subdomains in that case you have to set the domain name config/session.php has set the domain name.
Example: if you have new.example.com and test.example.com so you have to set the domain name as example.com
'domain' => env('SESSION_DOMAIN_URL','.example.com')
Solutions there worked for me, specifically setting the domain and then clearing my browser cookies & cache.
On domain A create an image like so <img src="https://DOMAINB.com/setcookie?id={{ Session::getId() }}" style="display:none;" />
On Domain B create a Route like so:
.
Route::get('setcookie', function(){
Session::setId($_GET['id']);
Session::start();
return 'Cookie created';
});`
Done, Now you should be able to get your user by $user = Auth::User;
I know this is not exactly what was asked for, but, for development and testing purposes, I did this:
In config/session.php, try changing this line
'path' => '/',
Into this
'path' => '/;SameSite=None; secure',
allowed me to authenticate from different domains.
Now, you should be able to write a simple middleware to prevent unwanted hosts. Something like this.
namespace App\Http\Middleware;
use Illuminate\Http\Request;
use Closure;
class TrustedHosts{
public function handle($request, Closure $next){
//$host = $request->getHost();
$host = $request->headers->get('origin');
$enviroment = env('APP_ENV');
if ( $enviroment == 'development' ) {
$trustedHosts = array('localhost', 'dev.mydomain.com');
}
else {
$trustedHosts = array('anotherdomain.com', 'mydomain.com');
}
$isHostTrusted = in_array($host, $trustedHosts);
if ( !$isHostTrusted ) return response("I'm a teapot", 418); //Or any other code and message that you prefer.
return $next($request);
}
}
And group it in the middleware group that includes the session stuff.
I am working on something like that too a single sign-on system, still working to find a solution, but here is a start http://laravel.io/forum/03-14-2014-multiple-domains-how-to-share-login
On laravel you can change the /app/config/session.php driver to cookie
Edit:
This is what I have done.
You can share cookie accross domains using pixel images.
For example when you login on domain1.com you want to create a cookie on domain2.com, right after login on domain1.com you need to have something like this
<img src="http://www.domain2.com/create-cookie?param=hash">
on domain2.com the route above:
will check first if a user is logged in
if its not logged in will read the hash (for example email address), check if there is a user with that email, and login it there, also set a cookie
You can manually set which domain the session cookies will be registered, and thus have them persist across different sites. Just edit config/session.php, in the following section:
<?php
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => null,
?>
You're still restricted to a single top-level domain, though. So you can have store1.shops.com and store2.shops.com sharing sessions, but not myshop.com and shopsmart.com.
If you need something in this format, you'll probably fare better by creating an authentication service, and using access tokens to validate the credentials. You might also give a look at services like OneLogin.
Based on this answer of Chirag Prajapati. Yo could use $_SERVER['HTTP_HOST'] in the env entry:
From /config/session.php
'domain' => env('SESSION_DOMAIN', $_SERVER['HTTP_HOST']),
Then from the app root: php artisan config:clear and don't keep attention to warning messages, just be sure at the end you have gotten Configuration cache cleared! By this way your app session will work fine on whatever domain you have.