Laravel Dusk auth issues with Laravel Passport - laravel

Can't test applications with Laravel Dusk if the app uses Laravel Passport for authentication. It's always 404 and if you stop the test with ->stop() it starts working.
The app is located: localhost:3000
and all requests are proxied to api.example.test
I've tried to authenticate the user inside the test:
$this->actingAs(User::find(1), 'api');
$browser->loginAs(User::find(1));
Passport::actingAs($this->user);
But still the same.
That's not the only problem, I think the main issue is also that I can't log in with Dusk by filling out the form and click "login"
$browser->visit('/login')
->type('#email', 'john#doe.com')
->type('#password', 'password')
->click('#login-button')
->waitForLocation('/');
But again, if you stop the test with ->stop() you can manually click the button and it will log you in.
Is Laravel Dusk useless if your app does not use basic auth?

Solved.
The problem was that my Dusk .env file had APP_URL=localhost:3000 where the front-end is located, but my APIs .env file had APP_URL=api.exmaple.com and that's why in my AuthController, I issued the token from env('APP_URL').'/oauth/token' <- which resulted in Dusk env to localhost:3000/oauth/token which is ofc 404
I changed that to env('API_URL') and added that value to my both .env files.

Related

Laravel Sanctum SPA Auth - Unauthenticated After Successfully Login

I have an application with Laravel and Vue.js for the separate folder which one is for the backend and another is the frontend and I have successfully configured all following the Laravel sanctum documentation and also protecting the route API and I am able to successfully log in and register but after successfully Login it's showing me "Unauthenticated " when I try to fetch the authenticated user. I am using localhost as a default. can anyone give me some suggestions
.env file I have also set it
SESSION_DRIVER=cookie
SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost:8000
Thanks
Unfortunately, I have found the solution
#localhost
SESSION_DRIVER=cookie
SANCTUM_STATEFUL_DOMAINS=localhost:8080,127.0.0.1:8080,localhost:3000,127.0.0.1:3000
SESSION_DOMAIN=localhost
localhost:8080 for frontend server the port might be changing sometimes like localhost:8081 localhost:3000 so make sure you put the correct URL
#Live Server
SANCTUM_STATEFUL_DOMAINS=*.yourdomain.com
SESSION_DOMAIN=.yourdomain.com
I have also figure out sometimes I was right but the Laravel cache gives me the wrong result so you have to clean the Laravel cache and also browser cache. you can follow the below code to make a route function in web.php
Route::get('/clear', function() {
Artisan::call('cache:clear');
Artisan::call('config:clear');
Artisan::call('config:cache');
Artisan::call('view:clear');
return "Cleared!";
});
Hope it will works
Thanks

Laravel Telescope is not working in production with Laravel Voyager. How to secure /telescope/* routes in Laravel 7?

I'm using Laravel with Auth, Auth UI, Voyager admin panel, Telescope. Everything works fine untill I change APP_ENV=local to APP_ENV=production in .env file. When I change the .env file to production then I get the below error. screen shot of my issue is here.
Trying to get property 'name' of non-object
Basically I want to protect /telescope/*routes in production. But before doing that I am getting this error.
I read the same issue in github similar issue github link. I think the answer is present in the link but im unable to digest it as im a newbie.
Any help to fix this, and protecting telescope routes in production is much appreciated. I tried to create a Policy and give read permissions to the user via policy. But somehow im not able to fix it.
ok: its too easy - the only thing you have to do is:
php artisan make:policy -m User UserPolicy
thats it.
You can pass the array of email into the gate method in the TelescopeServiceProvider.php
Gate::define('viewTelescope', function ($user) {
return in_array($user->email, [
'username#domain.com'
]);
});
This will block everyone except the mentioned email of logged-in user.

Laravel auth nothing happen when trying to login with default laravel auth page

I have previously transferred laravel from server to another by copying the laravel project folder, now when i try to login using default laravel auth page , if i enter wrong auth value i get error auth.failed
but when i enter a valid auth value the page refresh but nothing happen.
I notice from browser view source the value of CSRF token is changing one i enter the valid auth value
I tried to delete the session files /storage/framework/sessions
and tried
php artisan view:clear
php aritsan cache:clear
but nothing happen.
How can i fix this issue.
Use Laravel Debugbar for easily debugging such kind of cases.
It's good, simple and sweet ^
I fixed the issue.
In the previous server i was using SSL for my domain so the cookies setting in /config/session.php was true:-
'secure' => env('SESSION_SECURE_COOKIE', true),
Since, the current new server i am not using https when i open my website, so i set the value to false
'secure' => env('SESSION_SECURE_COOKIE', false),
Now everything working fine.

Laravel & PHPUnit: Getting 500 when unit testing "Passport" restricted route

I have a Laravel 5.3 app.
Inside my api.php file, there's a route for posting an answer within a poll.
Route::group(['middleware' => 'auth:api'], function () {
Route::post('/poll/answer', 'API\PollsController#createAnswer');
});
The route is part of a group, restricted by the auth:api middleware, using Laravel's Passport engine.
When calling this route from Postman or any other tool to test APIs, I get 401 which is ok because I'm not attaching the token.
But when unit testing this call using PHPUnit, it returns 500. I have no idea why.
$this->postJson('api/poll/answer');
I'm probably missing a configuration or setup instruction.
Any ideas?
The 500 error was occurring because I forgot to add an app key to the .env.testing file.
It got solved after adding that.

Laravel Socialite InvalidStateException in AbstractProvider.php line 200

I'm building a web app in my local system (Ubuntu-14.04 64Bit) using laravel 5.3. I used Socialite to signin from social networks. I configured G+, Facebook, GitHug. I'm using Chromium as my default browser. Finally the problem is i'm getting
InvalidStateException in AbstractProvider.php line 200
frequently. i tried
php artisan cache:clear
php artisan config:clear
composer dump-autoload
these are helping to solve the issue temporarily, again the problem raising.
please help me in this issue..
I have the same issue and I've read a lot about this, that depend if the URL where you are at the moment of the login request has www. at the beginning or not.
Into config\services.php, if you have the redirect set as http://sitename.tld/callback/facebook the oauth works if you send the login request from sitename.tld, while if you try from www.sitename.tld you get the exception.
I haven't yet understood how to have it working with and without www at the beginning.
If the AbstractProvider.php line 200 fires the exception when the state of the user is not present means that the User cannot be created.
First check your code when you get the details from the provider(facebook, github) if you create a user and you return it.
If you have managed and logged in your app and you deleted the user from the user table remember to delete also the data from the socialite account table.
I was getting that exception because 'state' wasn't saved in session. But I was using asPopup method - Socialite::driver('facebook')->asPopup()->redirect(); so I saved session then - $request->session()->save();. So I solved this issue.
or try
session()->put('state', $request->input('state'));
$user = Socialite::driver('facebook')->user();
it works
I have same issue and solved in 3 steps;
add request on the top
use Illuminate\Http\Request;
Pass request object to function
public function handleProviderCallback(Request $request)
{
try {
$user = Socialite::driver('facebook')->user();
} catch (Exception $e) {
throw new Exception;
}
}
Clear cache.
php artisan cache:clear
I had the same error but my solution was a little different. I am posting here just in case someone else keeps hitting this post like I did for a possible answer.
I develop on Ubuntu 18.04 desktop since it is a server with a GUI. Socialite works great locally but as soon as I pushed/pulled the changes through git to the server, it quit.
I was running traces by recording what was sent to and from google. I "dd($_GET)" to get a raw dump before Socialite had a chance to get the info so I knew what was stored and ready for use. All info was there but Socialite didn't seem to "see" it. That is when I reasoned it was my apache2 header configuration interfering with the cookies/session data.
I had set header security in my apache2 configs. One of the settings was
Header always edit Set-Cookie ^(.*) "$1;HttpOnly;Secure;SameSite=Strict"
This setting was interfering with the cookie information that socialite needed. I removed that setting from my apache2 header config(by commenting out) and restarted Apache. Finally I removed all sessions in storage/framework/session/* and cleared them from my browser just to be sure. That worked for me.
After I got it working, one by one enabled and tested each of the following settings to have the framework secure what header info it can:
SESSION_SECURE_COOKIE=true
in my .env file
'http_only' => true, and
'same_site' => 'lax'(setting to "strict" did not seem to work)
in my config/session.php file.
Now it is back to testing security and tweaking things back if need be.

Resources