The token generated by soft-deleted user not working, Is there any way to use the token of soft-deleted users ?
If you want to get the user that has been softDeleted. You must use the withTrashed method. So if you want to find the softDeleted user with a token you must write something like this code below:
$user = User::whereToken($token)->withTrashed()->first();
Related
Why does auth()->user() returns different logged in user?
Tried debugging it..
dd(auth()->user())
I'm using AuthenticatesUsers trait in my LoginController
use
dd(Auth::user()); and if u want any particular field data
use
dd(Auth::user()->field_name);
How Can I Bind userType with jwt token??
because in the frontend needs to do some operations with type of user(hide some menus if userType is different)
in laravel.. Does it possible?
The way Laravel (and you most likely using https://github.com/tymondesigns/jwt-auth), is that the JWT should probably not carry user types or really other kind of user information than maybe a name or an id. After the token is generated, you are supposed to query another endpoint that will return the user information that you are looking for.
So essentially, what you want is 2 routes, let's say:
POST /auth/login
POST /auth/me
To the first route, you are supposed to provide the username and password, to which you'll get a token if credentials are correct. Then, you take the token you were just given, and call the second endpoint, which will return all user information you might want or need. You don't specify which kind of frontend you are using, but here's an example with Nuxt.js's Auth module: https://auth.nuxtjs.org/providers/laravel-jwt/
I am developing a Laravel application. I am now customising the password reset feature. There is an issue with retrieving the password reset token back from the database because the token string is changed when it is saved in the database from when it is generated.
I explicitly generate the password reset token like this
$token = app('auth.password.broker')->createToken($user)
Then, I tried to retrieve the password reset by using that token like this.
$password_reset = DB::table('password_resets')
->where('token', request('token'))
->first();
I cannot retrieve it. It always return null. Because the token value is different from when it was generated as in the screenshots below.
Why is that happening and how can I fix it?
The token gets hashed before it's stored in the database. It gets hashed in the DatabaseTokenRepository on line 110: 'token' => $this->hasher->make($token).
You won't be able to query by token. You would only be able to check a plain token value against a hashed value with the check method in the HashManager class, for example.
Base on Passport
your code should be something like this
$token = app('auth.password.broker')->createToken($user)->accessToken
all my fellow friends, i have a question.
Route::group([
'middleware' => ['ensure.role:store', 'auth:api']
]
For simplification,
i have two roles : ADMIN and STORE
I have created a middleware that will validate user role, and if the user role is correct, then will allow the user to access the route.
It works fine.
I tried using ADMIN Jwt Token to access STORE routes, and rightfully i am kicked out, and vice versa.
But now, if i modify the token, lets say i add a string to any part of the token, and try to access any route, actually i am allowed to.
I tried var_dump and print something on the related middleware, and here are my observation.
1. If the token is VALID as one of the user role, then
the var_dump is executed, (means the middleware is executed)
2. if the token is INVALID as in i add / modify the original
token, then the var_dump is not executed, and so are the
others route middleware.
I am wondering what causes this behavior, and what could be the fix for this issue, as i need to throw 401 unauthenticated in any token invalid case.
Thank you
I figured it out.
After series of testing and reading, i found out that after laravel 5.3 and above, constructor is called before middleware. And because in my constructor i am using an user object before i am authenticated by the middleware, i encountered constructor error, because user is null.
Of course it is a bad practice to use user object in the construct, however due to the convenience of usage, i still decided to use it.
It sounds complex to use closure based middleware as alternative solution
So i use a workaround to do it.
I create a helper function that return me true if there is an user object or return abort(401); if there is no user object, then add this one line to all the constructors.
$this->checkAccess = EnsureRoleUtil::check('admin');
After that, i just do my next constructor as normally
public function __construct() {
$this->checkAccess = EnsureRoleUtil::check('admin');
$this->user = Auth::user();
$this->categoryM = new CategoryManager($this->user);
}
However, to be noted, it is not a good practice, it is just a hack / workaround.
I am trying to auto-login user on step-2 of registration steps. After successful insert into db i am using Auth::loginUsingId($user_id) to auto-login user using ajax.
I am always submitting CSRF token on each steps.
Now the problem is after successful login CSRF token get generated and Auth::user() gets blank on step 3
Also before and after login CSRF is different.
First of all, csrf token is required when using non-GET request, so if in your case using GET request seems reasonable you can use it.
Otherwise, in step 2 you should return new CSRF token for example like this:
Auth::loginUsingId($user_id);
return response()->json(['csrf_token' => csrf_token()];
and then in step 3 use this new token you got from Step 2 response.
You may try this method Auth::User()->id;
You can try Auth::id() to get the current user's id.
If you want all the details about logged in user then you can use Auth::user().
By Auth::user() you can access all details about the user.
You can also log in from the controller by passing user id Auth::login($user_id)
And if you user Auth::loginUsingId() then you have to pass user id and true status for remember the details.
Like :Auth:loginUsingId(user_id, true)
For Example :
Get User's Id : Auth::id()
Get User's Name : Auth::user()->name
Get User's email : Auth::user()->email
etc....
Seems like its not an issue of CSRF at all.
When you create a new user, Like
$user = new App\User;
$user->username = $request->username;
...
...
$user->save();
Auth::loginUsingId($user->id);
Then place dd(Auth::user()->id); to check that user is logged in or not.
Let us know.