I'm trying to build an authentication endpoint where a user's key is returned when they are authenticated using Laravel 5.6.
When testing on Postman using localhost:8000, I find that it accepts the request but fails to output anything. please click here to see the image .
Take a look at the AuthController below:
<?php
namespace App\Http\Controllers\Api;
use App\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use GuzzleHttp\Exception\GuzzleException;
use GuzzleHttp\Client;
use Hash;
class AuthController extends Controller
{
public function register(Request $request)
{
$request->validate([
'email' => 'required',
'name' => 'required',
'password' => 'required'
]);
$user = User::firstOrNew(['email' => $request->email]);
$user->name = $request->name;
$user->email = $request->email;
$user->password = bcrypt($request->password);
$user->save();
$http = new Client;
$response = $http->post(url('oauth/token'), [
'form_params' => [
'grant_type' => 'password',
'client_id' => '2',
'client_secret' =>'5G7yDJFNDsqzVNSJU85ff8DWW6EiKFLGXDDmMmt9',
'username' => $request->email,
'password' => $request->password,
'scope' => '',
],
]);
return response(['data'=>json_decode((string)$response->getBody(),true)]);
}
public function login(Request $request)
{
$request->validate([
'email' => 'required',
'password' => 'required'
]);
$user = User::where('email', $request->email)->first();
if (!$user) {
return response(['status' => 'error', 'message' => 'user not found']);
}
if (Hash::check($request->password, $user->password)) {
$http = new Client;
$response = $http->post(url('oauth/token'), [
'form_params' => [
'grant_type' => 'password',
'client_id' => '2',
'client_secret' => 'JhzSRlU6dnJxI1vb8MpWWksjaOo3AdyuL3Mm6ANf',
'username' => $request->email,
'password' => $request->password,
'scope' => '',
],
]);
}
}
}
this is the code of user model
<?php
namespace App;
use Laravel\Passport\HasApiTokens;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'name', 'email', 'password',
];
/**
* The attributes that should be hidden for arrays.
*
* #var array
*/
protected $hidden = [
'password', 'remember_token',
];
}
this is the code of api
<?php
use Illuminate\Http\Request;
Route::post('/register', 'Api\AuthController#register');
Route::post('/login', 'Api\AuthController#login');
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
The first thing in here is that, you may change your postman request as follows,
add Headers as follows.
add Body as form-data
Most importantly check your port is correct that the laravel server is running. Default port is port 8000. Then your url should formed as
http://localhost:8000/api/register (note that this url is only an example format)
Try to make above changes and give us what you've got. Think this may help.
Thanks
The issue is when using php artisan serve, it uses a PHP server which is single-threaded.
The web server runs only one single-threaded process, so PHP applications will stall if a request is blocked.
You can do this solution:
When making calls to itself the thread blocked waiting for its own reply. The solution is to either seperate the providing application and consuming application into their own instance or to run it on a multi-threaded webserver such as Apache or nginx.
Or if you are looking for a quick fix to test your updates - you can get this done by opening up two command prompts. The first would be running php artisan serve (locally my default port is 8000 and you would be running your site on http://localhost:8000). The second would run php artisan serve --port 8001.
Then you would update your post request to:
$response = $http->post('http://localhost:8001/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => '2',
'client_secret' =>'5G7yDJFNDsqzVNSJU85ff8DWW6EiKFLGXDDmMmt9',
'username' => $request->email,
'password' => $request->password,
'scope' => '',
],
]);
This should help during your testing until you are able to everything on server or a local virtual host.
Related
Hello Laravel Developers,
Today i'm facing some seriously but not at all issue related to testing in Laravel Framework.
See the following code example:
<?php
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\TokenRequest;
use App\Repositories\ExceptionRepository;
use GuzzleHttp\Client;
use Illuminate\Http\JsonResponse;
class TokenController extends Controller {
public function __invoke(TokenRequest $request) : JsonResponse
{
$http = new Client;
try {
$response = $http->post(env('OAUTH_DOMAIN', 'https://oauth.application.com') . '/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => env('PASSPORT_PASSWORD_CLIENT_ID'),
'client_secret' => env('PASSPORT_PASSWORD_CLIENT_SECRET'),
'username' => $request->input('email'),
'password' => $request->input('password'),
'scope' => '*',
],
]);
$token = json_decode((string) $response->getBody(), true);
return response()->json([
'message' => 'Token retrieved successfully.',
'token' => $token,
]);
} catch (Throwable $throwable) {
ExceptionRepository::emergency('Something went wrong.', $throwable);
return response()->json([
'message' => 'Token can\' be retrieved.',
'error' => 'Internal server error'
], 500);
}
}
}
This code seems fine but when you're testing you always get internal server error. The TestCase is the following:
<?php
use App\Models\User;
public function test_token()
{
$user = User::factory()->create()->first();
$response = $this->json('POST', '/api/token', [
'email' => $user->email,
'password' => 'password',
]);
$response->assertStatus(500);
}
My ideas about why this happens is because the enviroment variable OAUTH_DOMAIN is different of the right application URL when the code is running via PHPUnit.
In other hand when i try this controller i just need start two instances of artisan serve because when the framework do a internal request it keep frozen and stuck for infinite time. The OAUTH_DOMAIN variable is always the second port of the artisan instance.
Someone know how to face this issue?
I'm trying to test my login endpoint where a successful response would return the access_token among other things.
I'm using RefreshDatabase, so I changed the login method on the controller to retrieve the client_secret via a DB call. I tested with a dd() and I can confirm that the client_secret changes on each phpunit run in the terminal. The credentials are correct and the API endpoint works - just not when it's run via a test. For example, I have the passport tables set up on my mysql server and I can login successfully when running Postman. It's only when trying to run a test do I get a 401 error.
Here is my AuthTest
<?php
namespace Tests\Feature;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Foundation\Testing\WithFaker;
use Tests\TestCase;
class AuthTest extends TestCase
{
use RefreshDatabase;
/**
* #test
*/
public function a_user_receives_an_access_token()
{
\Artisan::call('passport:install');
$user = factory('App\User')->create();
$response = $this->json('POST', '/api/login', [
'username' => $user->email,
'password' => 'password'
]);
$response
->assertJson([
'access_token' => true
]);
}
}
routes/api.php
Route::post('login', 'AuthController#login');
AuthController#login:
public function login(Request $request) {
$http = new \GuzzleHttp\Client;
try {
$response = $http->post(config('services.passport.login_endpoint'), [
'form_params' => [
'grant_type' => 'password',
'client_id' => '2', //config('services.passport.client_id')
'client_secret' => DB::table('oauth_clients')->where('id', 2)->pluck('secret')[0], //config('services.passport.client_secret'),
'username' => $request->username,
'password' => $request->password
]
]);
return $response->getBody();
} catch (\GuzzleHttp\Exception\BadResponseException $e) {
if ($e->getCode() == 400 || $e->getCode() == 401) {
return response()
->json([
'status' => $e->getCode(),
'message' => 'Your email and/or password are incorrect',
'expanded' => $e->getMessage()
]);
}
return response()
->json([
'status' => $e->getCode(),
'message' => $e->getMessage()
]);
}
}
I took a look at this question and the accepted answer: How to test authentication via API with Laravel Passport?
I am unable to use the following
public function setUp() {
parent::setUp();
\Artisan::call('migrate',['-vvv' => true]);
\Artisan::call('passport:install',['-vvv' => true]);
\Artisan::call('db:seed',['-vvv' => true]);
}
This results in an error:
PHP Fatal error: Declaration of Tests\Feature\AuthTest::setUp() must be compatible with Illuminate\Foundation\Testing\TestCase::setUp()
Edit: I just added
public function setUp() :void {
parent::setUp();
\Artisan::call('migrate',['-vvv' => true]);
\Artisan::call('passport:install',['-vvv' => true]);
\Artisan::call('db:seed',['-vvv' => true]);
}
but the problem still persists
Edit again:
If I test the oauth route directly, it passes.
public function testOauthLogin() {
$oauth_client_id = 2;
$oauth_client = OAuthClient::findOrFail($oauth_client_id);
$user = factory('App\User')->create();
$body = [
'username' => $user->email,
'password' => 'password',
'client_id' => $oauth_client_id,
'client_secret' => $oauth_client->secret,
'grant_type' => 'password',
'scope' => '*'
];
$this->json('POST','/oauth/token',$body,['Accept' => 'application/json'])
->assertStatus(200)
->assertJsonStructure(['token_type','expires_in','access_token','refresh_token']);
}
But my custom endpoint that uses guzzle fails. I do not know why
Edit again:
I think the issue is with Guzzle, but I'm not sure. I found another implementation of what I'm trying to do, which is the following:
public function login(Request $request) {
$request->request->add([
'username' => $request->username,
'password' => $request->password,
'grant_type' => 'password',
'client_id' => $this->client->id,
'client_secret' => $this->client->secret,
'scope' => '*'
]);
$response = Route::dispatch(Request::create(
'oauth/token',
'POST'
));
}
The above works.
I'm using virtual test database for my testing. my API is working with postman. but creating problem when writing test. when I execute the test it shows a long list of error containing the following message below-
"message": "Client error: POST http://localhost/oauth/token resulted
in a 401 Unauthorized
response:\n{\"error\":\"invalid_client\",\"message\":\"Client
authentication failed\"}
here is my route-
Route::post('/v1/create', 'API\v1\UserController#register');
here is my controller
public function register(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
'password' => ['required', 'string', 'min:6', 'confirmed'],
]);
if ($validator->fails()) {
return response()->json(['error'=>$validator->errors()], 401);
}
$input = $request->all();
$input['password'] = bcrypt($input['password']);
$user = User::create($input);
$http=new Client;
$response=$http->post(url("/oauth/token"),[
'form_params'=>[
'grant_type' =>'password',
'client_id' =>$request->client_id,
'client_secret' =>$request->client_secret,
'password' =>$request->password,
'username' =>$request->email,
'scope' =>''
]
]);
// return response()->json(['success'=>$response], $this->successStatus);
return $response;
}
and here is my test-
<?php
namespace Tests\Feature\API\v1;
use Tests\TestCase;
use Illuminate\Foundation\Testing\WithFaker;
use Illuminate\Foundation\Testing\RefreshDatabase;
use App\User;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use PharIo\Manifest\Email;
class UserTest extends TestCase
{
use WithFaker;
use DatabaseMigrations;
public $mockConsoleOutput = false;
/** #test */
public function a_user_can_create_user(){
$user= factory(User::class)->create(); //create user
$login=$this->actingAs($user,'api'); //user login with api
//create password grant client
$this->artisan('passport:client', ['--password' =>true, '--no-interaction' => true, '--redirect_uri'=>'http://localhost', '--name'=>'test client']);
// fetch client for id and secret
$client = \DB::table('oauth_clients')->where('password_client', 1)->first();
// dd($client->getData());
$email=$this->faker->email();
$password=$this->faker->password;
$newUser=$this->json('POST','/api/v1/create',[
'grant_type' =>'password',
'client_id' => $client->id,
'client_secret' => $client->secret,
'name' => $this->faker->name(),
'email' => $email,
'password' => $password,
'password_confirmation' => $password,
'remember_token' => str_random(10),
]);
// ->assertJsonStructure(['access_token', 'refresh_token']);
dd($newUser);
// $this->assertDatabaseHas('users',['email'=>$email]);
// $newUser->assertJsonFragment(['token_type'=>'Bearer']);
}
}
please help me what am I missing
I've solved it by proxying the request. it was happening because- when I was calling the "oauth/token" endpoint with guzzle- that call was treated as real call and test was not working there. so this helped me a lot to solve the problem.
$tokenRequest = Request::create('oauth/token', 'POST',$request->toArray());
$response = Route::dispatch($tokenRequest);
I'm using laravel and I want to make auth register and checking by email and provider. Use email and provider because users can register if users login with social media (ex:facebook) have same email like users login with email. I can only make checking by email.
this is my Register Controller
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use Illuminate\Foundation\Auth\RegistersUsers;
class RegisterController extends Controller
{
public function __construct()
{
$this->middleware('guest');
}
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|string|max:255',
'username' => 'required|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:6|confirmed',
'provider' => 'unique:users',
]);
}
/**
* Create a new user instance after a valid registration.
*
* #param array $data
* #return \App\User
*/
protected function create(array $data)
{
// $prov = 'Email';
return User::create([
'name' => $data['name'],
'username' => $data['username'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
'provider' => 'Email',
]);
}
}
I set up Laravel Passport and currently I am trying to register user with a Post Route. I did create a RegisterController inside Controllers/Api/Auth.
Thus I created a clients table which looks excatly like a users table.
The client gets created if I call the route, but I do not get an access token nor a refresh token.
The route to my controller looks like this (routes/api):
Route::post('register', ['as' => 'register', 'uses' => 'Api\Auth\RegisterController#register']);
My Controller looks like this:
<?php
namespace App\Http\Controllers\Api\Auth;
use App\Client;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Route;
use Laravel\Passport\Client as PClient;
use Illuminate\Http\Request;
class RegisterController extends Controller
{
private $client;
public function __construct() {
$this->client = PClient::find(1);
}
public function register(Request $request)
{
$this->validate($request, [
'name' => 'required',
'email' => 'required|email|unique:users,email',
'password' => 'required|min:6|confirmed'
]);
$client_user = Client::create([
'name' => request('name'),
'email' => request('email'),
'password' => bcrypt(request('password'))
]);
$params = [
'grant_type' => 'password',
'client_id' => $this->client->id,
'client_secret' => $this->client->secret,
'username' => request('email'),
'password' => request('password'),
'scope' => '*'
];
$request->request->add($params);
$proxy = Request::create('oauth/token', 'POST');
return Route::dispatch($proxy);
}
}
This is my Client Model:
class Client extends Model implements AuthenticatableContract,
AuthorizableContract,
CanResetPasswordContract
{
use Authenticatable, Authorizable, CanResetPassword, HasApiTokens, Notifiable;
protected $table = 'clients';
protected $fillable = ['name', 'email', 'password'];
protected $hidden = ['password', 'remember_token'];
When I am trying to call it with Postman I get this error message:
I may be way off basis here but it looks as if you are creating your client with a password of "password" due to your bcrypt('password') call.
Should it not be bcrypt(request('password'))?
This would explain why your credentials are wrong in your request, because they are ; )
Ok I fixed it, the post route worked if I used the User Model instead of my Client model, so I guessed that there has to be something different.
After some research I have found out that one needs to add the model, in my case the client model to the providers array inside config/auth.php.
So first one needs to change the api guard like this:
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'passport',
'provider' => 'clients',
],
],
This way to api routes login and register only take action with my clients.
Now you need to a a new provider in this case a clients provider like this.
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'clients' => [
'driver' => 'eloquent',
'model' => App\Client::class
],
],
And voila I get an access token + refresh token if I call the route.