I'm currently having trouble with the password reset mail created by make:auth in Laravel 5.6. My app is hosted on Heroku. In my local environment everything works fine. I have set the right values in the config vars in Heroku, same in my local .env file:
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=myMail#gmail.com
MAIL_PASSWORD=bla
MAIL_ENCRYPTION=tls
I have read here that I have to hard-code the values inside app/mail.php instead of referencing the .env file because Heroku wouldn't recognize/understand this reference
'password' => env('MAIL_PASSWORD')
But then my data would be visible inside the GitHub repo.
What am I doing wrong here?
EDIT:
The accepted answer is the way to go, one should use an Add-On for sending mails in Heroku. Still I found a way to make it work with gmail after setting up sendgrid ;)
- Use `Port 465 with ssl` as encryption.
- Allow `less secure apps` access to my account.
- Visit `http://www.google.com/accounts/DisplayUnlockCaptcha` and sign in with your Gmail username and password.
After these steps, it worked.
Maybe this is helpful for others.
EDIT2:
I migrated Laravel from version 5.x to 8 and I ran into problems again, so I had to change my approach again with gmail.
I had to:
- Allow `less secure apps` access to my account.
- Enable two step verification and create an App Password like in the accepted answer of this question: https://stackoverflow.com/questions/42558903/expected-response-code-250-but-got-code-535-with-message-535-5-7-8-username
- Change Port back to 587 and tls again
- Visit `http://www.google.com/accounts/DisplayUnlockCaptcha` and sign in with your Gmail username and password.
Don't use Gmail in production¹.
Gmail isn't designed to act as an SMTP gateway for your application. Instead, use one of the many mail addons that Heroku recommends. Mailgun and SendGrid are both very popular options, but there are lots of others.
These tools are designed to send mail for applications. They'll be a lot less likely to reject your mail and, when configured properly, make it a lot less likely for your mail to get caught in spam filters. Most of them have walkthroughs for setting things up, and I encourage you to follow them. Make sure not to skip the SPF and DKIM anti-spam features.
I have read here that I have to hard-code the values inside app/mail.php instead of referencing the .env file because Heroku wouldn't recognize/understand this reference
'password' => env('MAIL_PASSWORD')
This is incorrect.
You say that you've set config variables on Heroku, and that populates the environment. The .env file is just a convenient local workaround for doing the same thing. Whichever mail addon you choose will automatically set one or more environment variables for you, and you should use those in your code.
¹You probably shouldn't be using it in development, either, but it's less of a problem there. I urge you to use something like Mailtrap (cloud) or Mailcatcher (local) instead.
Related
So I am trying to setup AWS SES for my application mails which is hosted at Laravel Vapor.
Current setup is something like this:
ENV FILE
MAIL_MAILER=ses
AWS_ACCESS_KEY_ID="my_iam_access_key"
AWS_SECRET_ACCESS_KEY="my_iam_secret_access_key"
AWS_DEFAULT_REGION=us-east-1 (I have left this one as it was previously filled)
At my LARAVEL VAPOR DASHBOARD
MAIL_DRIVER=ses
MAIL_MAILER=ses
MAIL_FROM_NAME="Name I Want"
MAIL_FROM_ADDRESS="Email I Want"
Since this is my first time of working with AWS I have followed few articles on how to do this setup but none seems to be working.
After all this setup, when I try to reset my password (which includes sending email), I get this error:
I have also made new IAM user (just in case there was issue with old keys) but it did not help and I have also verified my email at "Verified identities".
I'm currently having trouble with the password reset mail created by make:auth in Laravel 5.6. My app is hosted on Heroku. In my local environment everything works fine. I have set the right values in the config vars in Heroku, same in my local .env file:
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=myMail#gmail.com
MAIL_PASSWORD=bla
MAIL_ENCRYPTION=tls
I have read here that I have to hard-code the values inside app/mail.php instead of referencing the .env file because Heroku wouldn't recognize/understand this reference
'password' => env('MAIL_PASSWORD')
But then my data would be visible inside the GitHub repo.
What am I doing wrong here?
EDIT:
The accepted answer is the way to go, one should use an Add-On for sending mails in Heroku. Still I found a way to make it work with gmail after setting up sendgrid ;)
- Use `Port 465 with ssl` as encryption.
- Allow `less secure apps` access to my account.
- Visit `http://www.google.com/accounts/DisplayUnlockCaptcha` and sign in with your Gmail username and password.
After these steps, it worked.
Maybe this is helpful for others.
EDIT2:
I migrated Laravel from version 5.x to 8 and I ran into problems again, so I had to change my approach again with gmail.
I had to:
- Allow `less secure apps` access to my account.
- Enable two step verification and create an App Password like in the accepted answer of this question: https://stackoverflow.com/questions/42558903/expected-response-code-250-but-got-code-535-with-message-535-5-7-8-username
- Change Port back to 587 and tls again
- Visit `http://www.google.com/accounts/DisplayUnlockCaptcha` and sign in with your Gmail username and password.
Don't use Gmail in production¹.
Gmail isn't designed to act as an SMTP gateway for your application. Instead, use one of the many mail addons that Heroku recommends. Mailgun and SendGrid are both very popular options, but there are lots of others.
These tools are designed to send mail for applications. They'll be a lot less likely to reject your mail and, when configured properly, make it a lot less likely for your mail to get caught in spam filters. Most of them have walkthroughs for setting things up, and I encourage you to follow them. Make sure not to skip the SPF and DKIM anti-spam features.
I have read here that I have to hard-code the values inside app/mail.php instead of referencing the .env file because Heroku wouldn't recognize/understand this reference
'password' => env('MAIL_PASSWORD')
This is incorrect.
You say that you've set config variables on Heroku, and that populates the environment. The .env file is just a convenient local workaround for doing the same thing. Whichever mail addon you choose will automatically set one or more environment variables for you, and you should use those in your code.
¹You probably shouldn't be using it in development, either, but it's less of a problem there. I urge you to use something like Mailtrap (cloud) or Mailcatcher (local) instead.
I am new to laravel passport and i am figuring out how laravel passport works
Question 1
Why save the personal access client id and secret in .env according to the docs here? if the id and secret is created by executing this command php artisan passport:client --personal and stored in the database
Question 2
According to docs, it is said to save it in .env file. which application is it saved in? the passport application or the frontend javascript application. I have 2 different projects one is the laravel passport(backend) and the other is the nuxtjs(frontend)
Answer 1
You should never hardcode secrets; that is one of the most basic security best practices. The reason behind that is that when you push your code into any remote(usually Github), you let anybody see that secret.
Even if your repository is private, you may not want all members to have access to it or if you decide to make it public you won't want to worry about secrets being leaked. So it's best to not include them in the code.
More about your oAuth secret key here.
Answer 2
It is not loaded to any application by default. What you're doing is just saving the information to a file called .env. You then have to configure one of your applications to load environmental variables from it, probably using a library(how laravel does it, how you can load .env files in nuxt.js.
In your case, the Nuxt app does not need to have access to that secret so there is no need to load it there.
Note that you will have to use .gitignore or an equivelant to your source-control system in order to prevent the .env file from being uploaded to a remote and avoid the problems of answer 1.
I was able to send mail (ordering process) a few months ago on my website and then today, I got an error message like that on Laravel.
I use mailgun 0$ per month plan. I tried to register a new domain today for another website mailing process on Mailgun. Please help me if you ever faced one like that. It was okay till last month and then I found out today. I didn't edit anything on my hosting for sure. : (
My .env file looks like this.
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailgun.org
MAIL_PORT=587
MAIL_USERNAME=mailaddress
MAIL_PASSWORD=passwords
Mailgun has probably made some changes. If you log into Mailgun and reset the SMTP password and use the new password in your config file. In my case this solved the problem.
The server, Ubuntu 16.04, with Nginx webserver.
I am running 2 virtual hosts, both have Laravel apps running. One is Laravel 5.1, the other is 5.4.
I have the same contact us form under both Laravel instances. The sendmail function on the controller is the same for both (I know I need to refactor this functionality off of the controller :-) ) Both have the same config/mail.php settings. .env is the same on both, other than the username and password. Both gmail accounts have insecure applications enabled / allowed.
The one running under Laravel 5.1 works perfectly. The one under 5.4 gives a timeout error when trying to connect to gmail.
Any ideas on what the fix should be?
The solution appears to be related to the Gmail password. The client insisted on an easily remembered password. I changed to a more complex password, and everything worked.
I did read a post that said that Google does not like automated accesses with insecure passwords. Sorry, I cannot reference that post - can't find it again.
Apparently, the solution is to use a secure password. I merely added special characters to the client's desired password.
I hope this helps someone else.