For every request I found that 4 queries are fired to validate the user and the token. Among them one is to fetch the user (select * from user) based on the user id. This queries are fired by Passport/Laravel But what I want is to modify this query to add one status field check also to check if any user become invalid during the token validity period. If we only check with the id then if any user become inactive(By changing status then also we will not be able to stop the user as deleting the token for the user is not a good solution for me).
Queries Fired on every request by Passport Laravel:
select * from oauth_access_tokens where id = ?
select * from user where id = ? limit 1 ["2"]
select * from oauth_access_tokens where id = ?
select * from oauth_clients where id = ?
So, can anyone tell me how to change the 'select * from user where id' query in passport at time of Token validation.
You can add this method on your User model (or any model you're authenticating with passport)
...
public function findForPassport($username)
{
return $user = (new self)->where('email', $username)->where('is_active', 1)->first();
}
...
of course you can modify is_active by whichever column you are using (and/or any query constraint for that matter), as long as it returns Illuminate\Contracts\Auth\Authenticatable contract.
I wouldn't try and modify passports default behaviour as I have no idea what else it might impact both now and in future upgrades.
Your best bet might be to hook into the passport events and apply you business logic to a listener that is called when the events are fired
Related
I use laratrust as my user role, in the user role there are 1 = superadministrator, 2 = administrator, 3 = perusahaan, then I want to display the names of existing perusahaan in my view, which means calling user = role id 3, then how to call it? I also don't really understand eloquent relationships
You need to get users in this way
// This will return the users with 'superadministrator' role.
$users = User::whereRoleIs('superadministrator')->get();
check the documentation
I am using TokenGuard for all the database related requests through JQuery in Laravel 5.4
Once the user is logged in...I am fetching the user profile using below method.
public function ViewProfile() {
$user = \Auth::guard("api")->user();
$Data = [
"FirstName" => $user->FirstName,
"LastName" => $user->LastName
];
return \Response::json([
'Status' => true,
'Data' => $Data,
], 200);
}
Below is the POST method Url being sent to Server to fetch the data using above method
http://localhost:1234/public/api/v1/apiviewprofile?api_token=598bbba095bdd1598bbba095bf1
When I printed the select statements being issued on fetching the user details...I saw there were two select statements below.
[2017-08-10 02:37:05] local.INFO: select * from `tbluser` where `UserID` = ? limit 1
[2017-08-10 02:37:05] local.INFO: select * from `tbluser` where `api_token` = ? limit 1
Question
I can understand that when I send POST request using TokenGuard...it first validate token....so that time it goes to database. So second select statement is fine. But, where is Laravel 5.4 using first select statement?
The second statement is indeed run after you call ->user() on the guard returned from Auth::guard(), inside the guard's contained UserProvider implementation.
The first statement is unlikely to be triggered from the code that you provided. I suspect that it has something to do with some middleware that you have on the route using the ViewProfile() action.
Maybe the query is performed even before a redirect to that route, after you've successfully authenticated the user? (the first query is exactly a user authentication query).
Redirects can complete within a fraction of a second, and since the logs show the time in 1-second precision, it is impossible to tell how much time is exactly in between. Unless you are certain that no redirect takes place at all, it is hard to tell if these two queries execute within the same Laravel container lifecycle at all.
$account = Account::Find(1);
I use this code to get row in table which id is 1 when I return the value It become {"id":1,"0":1,"username":"Jack","1":"Jack","email":"jack#email.com","2":"email":"jack#email.com" } although I don't have attributes ("0","1","2")
Account is Eloquent model
find() returns instanse by ID. To get username, just use $account->username, to get email, use $account->email etc.
find() manual:
https://laravel.com/docs/5.1/eloquent#retrieving-single-models
I'm having problems to do a simple permission system on my Webapp. My DB has a table called "usuario" that has informations about the users of the system. One of these columns is called "privilegio" that has value '0' for administrators and 1 for regular users. An administrator has the power to Add and edit users on the system. Im trying to take this behavior querying my database with the cod of the logged user and getting its permission. If the user is not on the administrator group (privilegio=1) then the add/edit/delete buttons will be unset.
public function usuario() {
if($this->session->userdata('logged')){
$crud = new grocery_CRUD();
$crud->set_subject("Usuário");
$crud->set_theme('datatables');
$crud->set_table("usuario");
(...)
$crud->field_type('privilegio','dropdown',array('0'=>'Administrador','1'=>'Usuario'));
(...)
$this->db->select('privilegio');
$this->db->get('usuario');
$result = $this->db->where('cod_func',$this->session->userdata('cod_func'));
if(!$result){
$crud->unset_add();
$crud->unset_edit();
$crud->unset_delete();
}
(...)
The problem (and the question) is that this code only list the user that is logged on, not the others already registered on the system and stored on "usuario" table. I wonder that the list is been made by my query (what is not the behavior I would like) I hope you could undestand my doubt. Sorry for my bad english.
Thank you!
you're having trouble with the active record functions...
When you use the function
$this->db->get('usuario');
This translates to the query:
SELECT * FROM usuario
So try changing your code to something like this:
$this->db->select('privilegio');
$this->db->from('usuario');
$this->db->where('cod_func',$this->session->userdata('cod_func'));
$this->db->limit(1); //You're only expecting one result
$result = $this->db->get(); // Save the result to the variable result
//Edited for the comment, something like
$result = $result->first_row('array'); //Here I'm fetching only the first row into an array
$privilegio = $result['privilegio']; //Im saving the result from the query in the variable $privilegio
This translates to:
SELECT priviliegio FROM usuario WHERE cod_func = 'some_value' LIMIT 1;
Then you can do whatever you want with the $result variable, please refer to documentation to see what you can do...
Generating Query Results
I'm trying to query Facebook with the PHP Library and what I've read it shouldn't required a session key, or rather it shouldn't require one for my case, but my code below gives me the following error: "Session key invalid or no longer valid".
http://wiki.developers.facebook.com/index.php/Fql.query
"For example, querying the user table is like calling users.getInfo without a session key -- you can query only on a few fields."
$fb = new Facebook(FACEBOOK_KEY, FACEBOOK_SECRET);
$query = "SELECT uid,
name,
sex,
pic_square,
profile_url
FROM user WHERE name = 'some name' OR username = 'some name'";
$result = $fb->api_client->fql_query($query);
Any ideas?
/Thanks
I think that policy has changed and you cannot query user table without session.
You can try to query standard_user_info table. Think it doesn't need session.