How to generate access_token without username and password - laravel-5

I am trying to make an API with Passport. If a user tries to login or signs up with Socialite, find user than generate access_token then redirect to the frontend with access_token in URL parameters.
I tried to register and login than generate access_token with user email and the default password, which is not suitable for security.
try {
$serviceUser = Socialite::driver($service)->stateless()->user();
} catch (\Exception $e) {
return redirect(config('app.client_url').'/auth/social-callback?error=Unable to login using '.$service.'. Please try again'.'&origin=login');
}
$email = $serviceUser->getEmail();
$name = $serviceUser->getName();
$user = $this->getExistingUser($serviceUser, $email, $service);
$newUser = false;
if (!$user) {
$newUser = true;
$user = new User;
$user->name = $name;
$user->email = $email;
$user->username = Str::random(10);
if ($service === 'facebook') {
$user->image = $serviceUser->avatar;
}
$user->verify = true;
$user->save();
}
if ($this->needsToCreateSocial($user, $service)) {
Social::create([
'user_id' => $user->id,
'social_id' => $serviceUser->getId(),
'service' => $service
]);
}
$http = new Client;
$response = $http->post(config('app.url').'/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => '2',
'client_secret' => 'oBKWxgF2fDvrxwA05ciapwy4JYKaHxzhGzr6D24X',
'username' => $email,
'password' => 'gebdandi',
'scope' => '',
],
]);
$body = json_decode((string) $response->getBody(), true);
$accessToken = $body['access_token'];
return redirect(config('app.client_url').'/social-callback?token='.$accessToken.'&origin='.($newUser ? 'register' : 'login'));
I can't find any solution in the documentation.

after reading all documentation i found solution in this documentation
i did like this
edit authserviceprovider like this
public function boot()
{
$this->registerPolicies();
Passport::routes();
Passport::personalAccessClientId(1);
Passport::tokensExpireIn(now()->addDays(15));
Passport::refreshTokensExpireIn(now()->addDays(30));
}
added code in controller like this
$accessToken = $user->createToken('access_token')->accessToken;
thanks for laravel Team for provide good documentation

Related

Verify Token is Token Laravel Passport

I was recently updating from laravel's sanctum to passport; and there is this one test that bothers me a lot.
In sanctum there is this method under the PersonalAccessToken model that finds the token and returns the token if it exists.
I don't seem to find anything like that in the docs or online.
I'm validating the test by asserting that $user->tokens is not empty... yet I wish to validate that the token I'm returning from my login controller is indeed a token; not just the creation;
Thnx in advance...
Login Test
public function user_can_login()
{
//$this->withoutExceptionHandling();
$user = User::factory()->create();
$url = route('api.v1.auth.login', [
'email' => $user->email,
'password' => 'password'
]);
$res = $this->jsonApi()
->post($url)
->assertStatus(200);
$token = $res->json(['access_token']);
$this->assertNotEmpty($user->tokens);
}
Login method in authcontroller
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
]);
$credentials = $request->only(['email', 'password']);
if (Auth::attempt($credentials)) {
$user = Auth::user();
$access_token = $user->createToken('laravel-api.local')->accessToken;
return response()->json(['access_token' => $access_token], 200);
} else {
return response()->json(['error' => 'Unauthorized'], 401);
}
}
pues:dont know why im writing the code, but just for ref of what i'm doing
https://laracasts.com/discuss/channels/testing/how-do-i-create-a-route-while-testing
solution is quite simple... you'll find it here... I had an issue when I tried that before hand and it seems to be with the use of the Route::name('name') method and the route('name') function threw a server error. but if you call the path directly it should work...
any who... authController and login method stay the same but the test changes to...
public function setUp(): void
{
parent::setUp();
Route::middleware('auth:api')
->get('/test-route', function (Request $request) {
return $request->user();
});
$clientRepository = new ClientRepository();
$client = $clientRepository->createPersonalAccessClient(
null,
'Personal Access Client Test',
'/'
);
DB::table('oauth_personal_access_clients')->insert([
'client_id' => $client->id,
'created_at' => date('Y-m-d'),
'updated_at' => date('Y-m-d'),
]);
}
/** #test */
public function user_can_login_with_correct_credentials()
{
//$this->withoutExceptionHandling();
$user = User::factory()->create();
$url = route('api.v1.auth.login', [
'email' => $user->email,
'password' => 'password',
'device_name' => $user->name . ' test Device'
]);
$res = $this->jsonApi()
->post($url)
->assertStatus(200);
$token = $res->json(['access_token']);
$this->jsonApi()
->withHeader('Authorization', 'Bearer ' . $token)
->get('/test-route')
->assertStatus(200);
}

Laravel: Auth Midleware returns 401 (Unauthorized)

I have an issue with authenticating a user. This is the Authentication method in my controller:
public function authenticate(Request $request){
$user = User::where('username', $request->username)->first();
$user_model = new User;
$return_credentials = [
'message' => "User does not exist.",
'status' => false,
'user_details' => ""
];
if(!empty($user) && !is_null($user)){
$remember = Str::random(60);
if(\Auth::attempt(['username' => $request->username, 'password' => $request->password, 'verified' => '1'], $remember)){
$user = \Auth::user();
$token_result = $user->createToken('Personal Access Token');
$token = $token_result->token;
$token->expires_at = Carbon::now()->addWeeks(1);
$return_credentials['message'] = "User Successfully Logged in.";
$return_credentials['status'] = true;
$token->save();
}else{
$return_credentials['message'] = "User Failed to Log in.";
$return_credentials['status'] = false;
}
}
$return_credentials['user_details'] = $user;
return response()->json($return_credentials);
}
Every time I access a route using(this middleware):
Route::group(['middleware' => 'auth:api'], function() {
Route::get('user', '\App\Http\Controllers\UserController#verifyUserLoggedIn');
});
It returns:
GET http://..../api/auth/user 401 (Unauthorized)
Q: Am I missing a step or anything?
Add auth:api in your app\Http\kernel.php :
'api' => [
'throttle:60,1',
'bindings',
'auth:api',
],

Laravel passport create token doesnt work on plesk server

I use passport in my laravel project to authenticate users by api. API work correctly on my local host. But after i deploy it on Plesk server token doesnt create. Always show Server Error.
public function login(Request $request) {
$validator = Validator::make($request->all(),[
'email' => 'required',
'password' => 'required',
]);
if($validator->fails()) {
return response()->json(["validation errors" => $validator->errors()]);
}
$email = $request->email;
$password = $request->password;
error_log($password);
$user = DB::table("users")->where([["email", "=", $email]])->first();
if(is_null($user)) {
return response()->json(["success" => false, "message" => "User doesn't exist"]);
}
if(Auth::attempt(['email' => request('email'), 'password' => request('password')])) {
$user = Auth::user();
$token = $user->createToken('token')->accessToken;
$success['success'] = true;
$success['user'] = $user;
$success['message'] = "Success! you are logged in successfully";
$success['token'] = $token;
return response()->json(['success' => $success ], 200);
} else {
return response()->json(['error' => 'Unauthorised'], 401);
}
}
$token = $user->createToken('token')->accessToken;
This line throw error
Problem was in my AuthServiceProvider
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
'Medicare\Model' => 'Medicare\Policies\ModelPolicy',
];
public function boot()
{
$this->registerPolicies();
Passport::routes();
//
}
}
After i commented 'Medicare\Model' => 'Medicare\Policies\ModelPolicy' everything works fine.

Laravel socialite with passport unsupported grant type

I am trying to generate a bearer token with access and refresh tokens after user authenticates with socialite.
public function handleProviderCallback($provider, EmailConfirmationMailer $mailer)
{
$user = Socialite::driver($provider)->user();
if(User::where('email', '=', $user->getEmail())->exists()){
$exist_user = User::where('email', '=', $user->getEmail())->first();
Auth::loginUsingId($exist_user->id);
$http = new GuzzleHttp\Client;
$response = $http->post('http://localhost:8000/oauth/token', [
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => 'the-refresh-token',
'client_id' => 1,
'client_secret' => 'c4ojSmOjl04QrshdSXlOmbKUOIxm6zqyhND34AT0',
'scope' => '',
],
]);
return json_decode((string) $response->getBody(), true);
}else{
//create new user here
}
}
I got the error from vendor\laravel\socialite\src\Two\AbstractProvider.php
user function, message is "".
public function user()
{
if ($this->hasInvalidState()) {
throw new InvalidStateException;//here is the highlighted
}
$response = $this->getAccessTokenResponse($this->getCode());
$user = $this->mapUserToObject($this->getUserByToken(
$token = Arr::get($response, 'access_token')
));
return $user->setToken($token)
->setRefreshToken(Arr::get($response, 'refresh_token'))
->setExpiresIn(Arr::get($response, 'expires_in'));
}
What is the best practice for this situation? Any help is greatly appreciated.
resorted to generate accessToken with no refreshToken:
public function handleProviderCallback($provider)
{
$user = Socialite::driver($provider)->user();
if(User::where('email', '=', $user->getEmail())->exists()){
$existUser = User::where('email', '=', $user->getEmail())->first();
Auth::login($existUser,true);
//remove existing tokens from user
$tokenResult = $existUser->createToken('Personal Access Token');
return \response()->json([
'token_type' => 'Bearer',
'expires_in' => $tokenResult->token->expires_at->diffInSeconds(Carbon::now()),
'access_token' => $tokenResult->accessToken,
'info' => 'Existing user'
]);
}else{
//create new user entry
}
}

How to get and validate application/json data in Laravel?

I send data from client to server in application/json content type.
Then I try to take this information in server side like as:
public function register(Request $request)
{
$data = $request->json()->all();
var_dump($data); die();
}
It returns me empty array()
Also I tried to validate incoming POST using this:
$validator = Validator::make($request->json()->all(), []);
How to get and validate application/json data in Laravel?
I get POST data like as:
dd($_POST);
array:1 [▼
"application/json" => "{"id":6,"unique_code":null,"name":"О","secondname":"П","lastname":"Валерьевич","datebirth":"14/10/1991 00:00:00","taxcode":"4545","gender":"1","created_at":null,"file":"C:\\db\\tests\\22-07-2017\\MMM1.TXT","orders":{"profession":"Директор","pacient_id":null,"payment":"1","kind_work":"1,2","factory_name":"FALKO","factory_edrpou":"2020","factory_departament":"IT","status_pass":"1","office_address":"Kiev","unique_code":"0","enterprise_id":"12","status":null},"http_code":null}"
]
I have an api I post json to. I have an api end point where I post this json
{
"email":"youremail#triumworks.com",
"phone": "phone",
"name": "name",
"password": "password"
}
The corresponding controller that handles the request looks like
public function create_account(Request $request){
$data = json_decode(file_get_contents('php://input'));
$response = new Responseobject;
$array_data = (array)$data;
$validator = Validator::make($array_data, [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:6',
'phone' => 'required|string|min:12|max:12|unique:users',
]);
if($validator->fails()){
$response->status = $response::status_failed;
$response->code = $response::code_failed;
foreach ($validator->errors()->getMessages() as $item) {
array_push($response->messages, $item);
}
}
else{
$api_token = str_random(60);
$user = new User();
$user->api_token = $api_token;
$user->name = $data->name;
$user->email = $data->email;
$user->phone = $data->phone;
$user->password = bcrypt($data->password);
if($user->save()){
$response->status = $response::status_ok;
$response->code = $response::code_ok;
$response->result = $user;
}
}
return Response::json(
$response
);
}
This does the same thing as the one above.
public function create_account(Request $request){
$response = new Responseobject();
$validator = Validator::make($request->json()->all(), [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:6',
'phone' => 'required|string|min:12|max:12|unique:users',
]);
if($validator->fails()){
$response->status = $response::status_failed;
$response->code = $response::code_failed;
foreach ($validator->errors()->getMessages() as $item) {
array_push($response->messages, $item);
}
}
else{
$api_token = str_random(60);
$user = new User();
$user->api_token = $api_token;
$user->name = $data->name;
$user->email = $data->email;
$user->phone = $data->phone;
$user->password = bcrypt($data->password);
if($user->save()){
$response->status = $response::status_ok;
$response->code = $response::code_ok;
$response->result = $user;
}
}
return Response::json(
$response
);
}
The posted data will end up in the request body parameter bag. You get the data either via $request->all() or $request->request->all().
So the Validator looks like this:
$validator = Validator::make($request->all(), []);
Dive deeper:
Or you can use the validate() method in your controllers. Which look like this:
$this->validate($request->all(), []);
Read more about this in the Laravel docs.
To make things even more complicator, you don't even need to inject the Request instance to your controller. You can use the request() helper function. The register method then looks like this:
public function register()
{
$this->validate(request()->all(), [
'email' => 'required|email',
'password' => 'required|min:6|confirmed',
]);
}

Resources