Laravel - GET request download logout automaticlly - laravel

i have a download file link like this:
Download file
ROUTES
Route::group(['middleware' => ['web','auth','Admin','active'], 'prefix' => 'admin'], function(){
// USERS
Route::resource('user','UserController');
Route::post('user/permissions/update','UserController#update_permission')->name('update_user_permissions');
// MODULI
Route::resource('module','ModuleController');
// MODULISITICA
Route::resource('modulistica','ModulisticaController');
Route::post('modulistica_cliente','ModulisticaController#update_client_module')->name('modulistica_post_cliente');
Route::post('modulistica_prodotto','ModulisticaController#update_product_module')->name('modulistica_post_prodotto');
Route::get('modulistica/download/cliente/{file}','ModulisticaController#download_cliente')->name('modulistica_download_cliente');
Route::get('modulistica/download/{file}','ModulisticaController#download_module')->name('modulistica_download_module');
Route::get('modulistica/download/prodotto/{file}','ModulisticaController#download_prodotto')->name('modulistica_download_prodotto');
// UTILITY
Route::post('utility/become/client','UtilityController#become_client')->name('utility_become_client');
Route::resource('loan','LoanController');
Route::get('area_download/document/{file}', function ($file){
$path_file = storage_path().'/app/public/documents/'.$file;
return response()->download($path_file, $file);
})->name('download_document');
});
ERROR
Arrival at the "https://mysite.it/admin/loan" view without problems. When I click on the GET link it redirects me to the LOGIN, but being my user logged in by login redirects me to "https://mysite.it/home".
I did some tests getting the following information:
Request does not arrive at route "area_download / document / {file}"
The request does not arrive at the 'Admin', 'active' middlewares.
So my conclusions are that the problem is in the middleware "Web" or "Auth" but I can not understand why. Place the entire group of routes, if it can be useful. If you need more on the routes, I can attach screenshots!
I would appreciate your help thank you!

If you just allow downloading a file without any authentication then,
You can try this :
Blade File
Download file
From this user can directly download the file. Just need to add file path in href and download attribute.
or else remove the middleware AUTH if you don't want to Authenticate the user.
And you want to authenticate the user then need route:list and middleware details.

I found the solution! the problem was that my get request was made this way.
https://mysite.it/admin/area_download/document/example.pdf
the final PDF extension creates system error. Avoiding the final extension such as:
https://mysite.it/admin/area_download/document/example.pdf/go
Problem solved!

Related

sharedwithexpose.com - laravel redirects to local host

I am using sharedwithexpose.com. It seems to work well. localhost/login goes to my login page, as does subdomain.us-1.sharedwithexpose.com/login. however, when I actually login, using subdomain.us-1.sharedwithexpose.com/login the computer returns "419 Page Expired" and the url is changed to localhost/login.
will changing the value of the APP_ENV variable prevent the web.php routes file from changing the url back to localhost from subdomain.us-1.sharedwithexpose.com?
My routes are defined in web.php like
Route::middleware(['auth', 'verified'])->get('/home', function () {
return view('home');
})->name('home');
That is the landing page after you login. My APP_ENV=local.
thanks.
rbd
First of all, you may try with browser refresh (Ctrl/cmd + Shift + r).
Then check you have included #crsf in login form. like check this out
and then check in .env file you have APP_URL="http://subdomain.us-1.sharedwithexpose.com" or APP_URL="https://subdomain.us-1.sharedwithexpose.com"

Laravel File Downloads do not require Auth once you download them and logout

My team and I ran into a strange Laravel bug that we cannot find a good solution for after searching for a couple hours and trying various fixes. We have tested this in laravel 5.7, 5.8, and even updated to laravel 6 to see if it would help and we have the same result.
The issue:
We implemented a download route so we can easily download files from our storage folder. We wrapped this route behind some Middleware including the user access level and the Auth Middleware. Everything seems to work great, users can click the links in the application and easily download the files and you can even directly put the links in the URL to download the files. The issue came up when we were testing where you do not need to be logged in to download files. We have tracked the issue down to a certain path outlined below.
Login to application. (Prior to login you cannot download files by putting them in browser, get 403 like we expected)
Download any files you wish, we will call the specific file downloaded, "File#1".
Logout of application.
At this point there should be no auth. You cannot access any pages or any files that you did not just download in your previous session. However... if you try to put the path of one of the files you just downloaded such as "File#1".. The file downloads to the client even though there should be auth on it. This seems like the auth is somehow saving to the download itself and skipping all auth. Any other file that was not downloaded can not be downloaded until you log in to the application like expected.
Code below:
Logout Method:
public function logout(Request $request)
{
$this->guard()->logout();
$request->session()->flush();
return redirect('/');
}
Route:
Route::get('/download/{file}', array(
'as' => 'download',
'uses' => 'GeneratePDFController#download'
))->where('file', '.*')->middleware('auth');
Middleware:
public function handle($request, Closure $next)
{
abort(403, 'Unauthorized action.');
if (!Auth::check()) {
abort(403, 'Unauthorized action.');
}
return $next($request);
}
Download Controller:
public function download($file)
{
return response()->download(storage_path('app/public/' . $file));
}
If we clear the cache on our browsers it fixes the issues until you login and download a new file. Also after logout you are completely blocked from every other route(even the ones that only require auth) until you log back in. The previously download files seem to be the only things breaking this rule. Our file names are complex enough where this is not a major security risk since they are only available for the current user session, but I do not feel comfortable leaving this behavior in place.
Any ideas? Thanks in advance everyone, I'll try to keep up a bit later in case anyone responds.
You should be able to set "don't cache me!" headers along with the download:
return response()
->withHeaders([
'Cache-Control' => 'no-cache, no-store, must-revalidate',
'Pragma' => 'no-cache',
'Expires' => '0'
])
->download(storage_path('app/public/' . $file));

Laravel Passport Password Reset API route

I'm all set up with Passport in 5.5 and have the auto generated Auth\ForgotPasswordController and Auth\ResetPasswordController controllers.
However whereas /oauth/token was provided magically for me, there don't appear to be such routes for password reset when using the API.
What should my API routes look like?
Currently I've experimented with
Route::group(['prefix' => 'password'], function () {
Route::post('/email', 'Auth\ForgotPasswordController#sendResetLinkEmail');
Route::post('/reset', 'Auth\ResetPasswordController#reset');
});
but I found these in the vendor files when looking at the traits and aren't sure if this is the correct way.
The /password/email route also fails with "message": "Route [password.reset] not defined."
since you don't see any route other then 2 custom, therefore i am assumin you havn't run artisan auth command. First run that. it will add lot of routes in ur project.
Then set api driver to passport.

POST controller for all routes in Laravel 5

I have callback button in header of my webpage, so user can send me message from every page.
How to make route for this? Something like that:
Route::post('{*}', 'PostController#callback');
It would be better if you do it via ajax.
Use middleware so you can check every request for certain post-data.
I would do it like this: create a file called MessageMiddleware.php in the directory App\Http\Middleware\
<?php namespace App\Http\Middleware;
use Closure;
class MessageMiddleware {
public function handle($request, Closure $next) {
if(isset($_POST['internal_message'])) {
// Do something so the message reaches you (db, email, whatever)
}
return $next($request);
}
}
?>
This is just a very basic version but should give you an idea.
You will not have to register any routes for this and the middleware will work for all urls the middleware is registered for.
If you want a middleware to be run during every HTTP request to your application, simply list the middleware class App\Http\Middlware\MessageMiddleware in the $middleware property of your app/Http/Kernel.php class.
The official Laravel documentation for Middlware is very extensive and does certainly not only cover authentication middleware.
Doing some try and check I found that the most simple route allows sending callback request from every page!!!
Route::get('/', ['as' => 'home', 'uses' => 'HomeController#index']);
Route::post('/', ['as' => 'callback', 'uses' => 'PostController#callback']);
But I don't know why. If someone know why please tell me, because I really want to know the background.
I was also trying to do it using middleware as I was advised. It was also working solution. Messages were sending from every page, but with message I got 403 error code in console every time. And of course I was trying to get rid of that.
With this simple solution it works without any errors in console.

Laravel 4 - changing resource root routing path

In a Laravel 4 installation, Using Jeffrey Way's Laravel 4 Generators, I set up a 'tweet' resource, using the scaffolding command from his example:
php artisan generate:scaffold tweet --fields="author:string, body:text"
This generated the model, view, controller, migration and routing information for the tweet type. After migrating the database, visiting http://localhost:8000/tweets works fine, and shows the expected content.
The contents of the routes.php file at this point is:
Route::resource('tweets', 'TweetsController');
Now I would like to move the url for tweets up one level into admin/tweets, so the above url should become: http://localhost:8000/admin/tweets. Please note that I am not treating 'Admin' as a resource, but instead just want to add it for hypothetical organizational purposes.
Changing the routes.php file to:
Route::resource('admin/tweets', 'TweetsController');
Does not work, and displays the following error:
Unable to generate a URL for the named route "tweets.create" as such route does not exist.
Similarly when using the following:
Route::group(array('prefix' => 'admin'), function() {
Route::resource('tweets', 'TweetsController');
});
As was suggested in this stackoverflow question.
Using php artisan routes reveals that the named routes also now have admin prefixed to them, turning tweets.create into admin.tweets.create.
Why is the error saying that it cannot find tweets.create? shouldn't that automatically be resolved (judging by the routes table), to use admin.tweets.create?
How can I change my routing so that this error no longer occurs?
I just tested with new resource controller and it works fine for me.
The problem is not with the Route, its with the named routes used in your application.
check your view files there are link to route like link_to_route('tweets.create', 'Add new tweet'), this is creating the error because when you add admin as prefix tweets.create doesn't exists so change it to admin.tweets.create every where, in your controller also where ever named route is used.

Resources