I want to build in an expiry of passwords onto my website. I came across a very helpful document which is very good. However on my local PC this does not work, the reset of password does not appear.
But when I transfer all to the website, I get the error
Class app\Http\Requests\PasswordExpiredRequest does not exist
The class has been created and is in the correct path. Please assist, where have I missed something
Ensure the contents of app/Http/Requests/PasswordExpiredRequest.php are:
<?php
namespace App/Http/Requests;
class PasswordExpiredRequest extends FormRequest
{
public function authorize()
{
return true;
}
public function rules()
{
return [
'current_password' => 'required',
'password' => 'required|confirmed|min:6',
];
}
}
(the document forgot to mention adding the namespace to the file)
Related
In a Laravel project in the folder app/mail there is a file called WelcomeDogSchoolManager.php
In this file I can see the text that is being sent when a new user registers himself.
Within this file, I can see the following code:
#component('mail::button', ['url' => $passwordResetUrl])
Registreren
#endcomponent
Unfortunately, the developer left a mistake in the $passwordResetUrl (leaving it at "https://login..{domain}.nl" instead of the required "https://login.{domain}.nl"
This causes all my users being unable to register (unless they manipulate the URL).
Where in the Laravel Project can I search for the option to change the $passwordResetUrl?
I have no working knowledge of Laravel and am basically just searching through all the files on the server using Filezilla, trying to figure it all out. I got to this point, but have no idea how to proceed further. And since I have 7.200 files left, I don't think I will find it quickly :)
Any tips are appreciated!
PS. I have also found this code. Is this helpful?
$this->passwordResetUrl = url(route('password.reset', [ 'token' => $token, 'email' => $this->user->email, ], false));
Is this helpful?
Full code for the file below
<?php
namespace App\Mail;
use App\Models\DogSchool;
use App\Models\User;
use Illuminate\Bus\Queueable;
use Illuminate\Mail\Mailable;
use Illuminate\Queue\SerializesModels;
use Illuminate\Support\Facades\Password;
class WelcomeDogSchoolManager extends Mailable
{
use Queueable;
use SerializesModels;
public $subject = 'Welkom bij de Nederlandse Detectie Bond';
public string $passwordResetUrl;
/**
* Create a new message instance.
*
* #return void
*/
public function __construct(public User $user, public DogSchool $dogSchool)
{
$token = Password::getRepository()->create($user);
$this->passwordResetUrl = url(route('password.reset', [
'token' => $token,
'email' => $this->user->email,
], false));
}
/**
* Build the message.
*
* #return $this
*/
public function build()
{
return $this->markdown('emails.welcome_dog_school_manager');
}
}
this
url(route('password.reset', [ 'token' => $token, 'email' => $this->user->email, ], false));
will generate the correct url provided your APP_URL is correct.
In your question, you repeated the same url for the desired and actual so its hard to say exactly what is wrong.
I am trying to create a test for a feature I've written.
The logic is quite simple:
From the api.php I am calling the store method:
Route::group(['prefix' => '/study/{study}/bookmark_list'], function () {
...
Route::post('/{bookmarkList}/bookmark', 'BookmarkController#store');
...
});
thus I am injecting the study and the bookmark list.
My controller passes down the parameters
public function store(Study $study, BookmarkList $bookmarkList)
{
return $this->serve(CreateBookmarkFeature::class);
}
And I am using them in the Feature accordingly
'bookmark_list_id' => $request->bookmarkList->id,
class CreateBookmarkFeature extends Feature
{
public function handle(CreateBookmarkRequest $request)
{
//Call the appropriate job
$bookmark = $this->run(CreateBookmarkJob::class, [
'bookmark_list_id' => $request->bookmarkList->id,
'item_id' => $request->input('item_id'),
'type' => $request->input('type'),
'latest_update' => $request->input('latest_update'),
'notes' => $request->input('notes')
]);
//Return
return $this->run(RespondWithJsonJob::class, [
'data' => [
'bookmark' => $bookmark
]
]);
}
}
I am also using a custom request (CreateBookmarkRequest) which practically verifies if the user is authorised and imposes some rules on the input.
class CreateBookmarkRequest extends JsonRequest
{
/**
* Determine if the user is authorized to make this request.
*
* #return bool
*/
public function authorize()
{
return $this->getAuthorizedUser()->canAccessStudy($this->study->id);
}
/**
* Get the validation rules that apply to the request.
*
* #return array
*/
public function rules()
{
return [
"item_id" => ["integer", "required"],
"type" => [Rule::in(BookmarkType::getValues()), "required"],
"latest_update" => ['date_format:Y-m-d H:i:s', 'nullable'],
"text" => ["string", "nullable"]
];
}
}
Now, here comes the problem. I want to write a test for the feature that tests that the correct response is being returned (it would be good to verify the CreateBookmarkJob is called but not that important). The problem is that although I can mock the request, along with the input() method, I cannot mock the injected bookmarkList.
The rest of the functions are mocked properly and work as expected.
My test:
class CreateBookmarkFeatureTest extends TestCase
{
use WithoutMiddleware;
use DatabaseMigrations;
public function setUp(): void
{
parent::setUp();
// seed the database
$this->seed();
}
public function test_createbookmarkfeature()
{
//GIVEN
$mockRequest = $this->mock(CreateBookmarkRequest::class);
$mockRequest->shouldReceive('authorize')->once()->andReturnTrue();
$mockRequest->shouldReceive('rules')->once()->andReturnTrue();
$mockRequest->shouldReceive('input')->once()->with('item_id')->andReturn(1);
$mockRequest->shouldReceive('input')->once()->with('type')->andReturn("ADVOCATE");
$mockRequest->shouldReceive('input')->once()->with('latest_update')->andReturn(Carbon::now());
$mockRequest->shouldReceive('input')->once()->with('notes')->andReturn("acs");
$mockRequest->shouldReceive('bookmark_list->id')->once()->andReturn(1);
//WHEN
$response = $this->postJson('/api/recruitment_toolkit/study/1/bookmark_list/1/bookmark', [
"type"=> "ADVOCATE",
"item_id"=> "12",
"text"=> "My first bookmark"
]);
//THEN
$this->assertEquals("foo", $response['data'], "das");
}
One potential solution that I though would be to not mock the request, but this way I cannot find a way to mock the "returnAuthorisedUser" in the request.
Any ideas on how to mock the injected model would be appreciated, or otherwise any idea on how to properly test the feature in case I am approaching it wrong.
It is worth mentioning that I have separate unit tests for each of the jobs (CreateBookmarkJob and RespondWithJSONJob).
Thanks in advance
A feature test, by definition, will be imitating an end-user action. There's no need to mock the request class, you just make the request as a user would.
Assuming a Study with ID 1 and a BookmarkList with ID 1 have been created by your seeder, Laravel will inject appropriate dependencies via route model binding. If not, you should use a factory method to create models and then substitute the appropriate ID in the URL.
<?php
namespace Tests\Feature;
use Tests\TestCase;
class CreateBookmarkFeatureTest extends TestCase
{
use WithoutMiddleware;
use DatabaseMigrations;
public function setUp(): void
{
parent::setUp();
$this->seed();
}
public function TestCreateBookmarkFeature()
{
$url = '/api/recruitment_toolkit/study/1/bookmark_list/1/bookmark';
$data = [
"type"=> "ADVOCATE",
"item_id"=> "12",
"text"=> "My first bookmark"
];
$this->postJson($url, $data)
->assertStatus(200)
->assertJsonPath("some.path", "some expected value");
}
}
I agree with #miken32's response - that a feature should indeed imitate a user interaction - however the dependency injection via route model binding still did not work.
After spending some hours on it, I realised that the reason for it is that
use WithoutMiddleware;
disables all middleware, even the one responsible for route model binding, therefore the object models were not injected in the request.
The actual solution for this is that (for laravel >=7) we can define the middleware we want to disable, in this case:
$this->withoutMiddleware(\App\Http\Middleware\Authenticate::class);
Then we just use
$user = User::where('id',1)->first(); $this->actingAs($user);
And everything else works as expected.
DISCLAIMER: I am not implying that miken32's response was incorrect; it was definitely in the right direction - just adding this as a small detail.
I am building an application that is using a third party authentication database. I have created a custom composer package to "intercept" the POST request to /login. Everything is working great - I'm able to get a user object back and save it to my (laravel) database.
I am now at the point where I want to redirect to the home page and do "stuff". I would like to use Laravel's native Auth as much as possible if I can.
For example, on the home page I am doing this:
$foo = auth()->user()->foo->where('active', 1);
No surprise, since I am not using Laravel's native Auth method, auth()->user() is returning null. Once I have my user created/found in my database, is it possible to tie back into Laravel's auth() methods?
Thank you for any suggestions!
EDIT
Reading the documentation, this looks like the direction I need to go but I'm falling short understanding how to connect/register my custom package (I think)...
EDIT 2
I am going to keep updating this as I feel I make any progress in hopes that it will not only help me, but help others get a better picture of what I am trying to accomplish. Ultimately help others who may be trying to do the same.
I have updated my app/Providers/AuthServiceProviderAuthServiceProvider as such:
use My\Package\MyThirdPartyServiceProvider;
...
Auth::provider('foo', function ($app, array $config) {
// Return an instance of Illuminate\Contracts\Auth\UserProvider...
return new MyThirdPartyServiceProvider($app->make('foo.connection'));
});
I have also updated my config/auth file:
'providers' => [
'users' => [
'driver' => 'foo',
'model' => App\User::class,
]
As you mentioned the documentation suggests implementing a custom user provider. The following steps more or less describe how you'll tackle it in a bit more detail.
Create or edit a service provider
You can create a new service provider by running
php artisan make:provider CustomAuthServiceProvider
In the boot method of your service provider you'll have to configure our auth provider (which will be implemented in step 4).
public function boot()
{
Auth::provider('custom-auth', function ($app, array $config) {
return new CustomAuthProvider();
});
}
Update your auth.php configuration to use the serviceprovider we registered in step 2
'providers' => [
'users' => [
'driver' => 'custom-auth',
],
],
Create the CustomAuthProvider class itself and implement the UserProvider interface
class CustomAuthProvider implements UserProvider
{
public function retrieveById($identifier) {
// Retrieve a user by their unique identifier.
}
public function retrieveByToken($identifier, $token) {
// Retrieve a user by their unique identifier and "remember me" token.
}
public function updateRememberToken(Authenticatable $user, $token) {
// Update the "remember me" token for the given user in storage.
}
public function retrieveByCredentials(array $credentials) {
// Retrieve a user by the given credentials.
}
public function validateCredentials(Authenticatable $user, array $credentials) {
// Validate a user against the given credentials.
}
}
In my Laravel application, i have several policies working, but one will not work.
Controller
public function store(Project $project, CreateActionRequest $request)
{
$this->authorize('store', $project);
Action::create([
'name' => $request->name,
]);
return redirect()->route('projects.show', $project->id)->withSuccess('Massnahme erfolgreich gespeichert');
}
Policy
namespace App\Policies\Project;
use App\Models\Project\Project;
use App\Models\User;
use App\Models\Project\Action;
use Illuminate\Auth\Access\HandlesAuthorization;
class ActionPolicy
{
use HandlesAuthorization;
public function store(User $user, Project $project)
{
return $user->company_id === $project->company_id;
}
}
AuthServiceProvider
protected $policies = [
'App\Models\User' => 'App\Policies\CompanyAdmin\UserPolicy',
'App\Models\Company' => 'App\Policies\CompanyAdmin\CompanyPolicy',
'App\Models\Team' => 'App\Policies\CompanyAdmin\TeamPolicy',
'App\Models\Department' => 'App\Policies\CompanyAdmin\DepartmentPolicy',
'App\Models\Location' => 'App\Policies\CompanyAdmin\LocationPolicy',
'App\Models\Division' => 'App\Policies\CompanyAdmin\DivisionPolicy',
'App\Models\Costcenter' => 'App\Policies\CompanyAdmin\CostcenterPolicy',
'App\Models\Workplace' => 'App\Policies\CompanyAdmin\WorkplacePolicy',
'App\Models\Product' => 'App\Policies\CompanyAdmin\ProductPolicy',
'App\Models\Project\Action' => 'App\Policies\Project\ActionPolicy',
'App\Models\Project\Project' => 'App\Policies\Project\ProjectPolicy',
];
CreateActionRequest
namespace App\Http\Requests\Project;
use Illuminate\Foundation\Http\FormRequest;
class CreateActionRequest extends FormRequest
{
public function authorize()
{
return true;
}
public function rules()
{
return [
'name' => 'required|min:3',
];
}
}
All policies are working except ActionPolicy and ProjectPolicy.
I added in the policy a __construct() method to check if the policy is called. But ActionPolicy and ProjectPolicy are not working.
How can i search the error? I tried with dd() but i got only allways the message: This action is unauthorized
Since you are injecting CreateActionRequest instead of Request that means you are defining your own set of rules to authorize the FormRequest which comes inside of your method. Further it means that you gotta define a few rules which the "FormRequest" has to pass in order to EVEN reach your controller, this is a nice concept that I like about Laravel since the code is not centralized, but rather spread and every layer has it's own responsibility. Now, you don't have to call any method from your CreateActionRequest nor you have to write any code regarding that class in your controller, because Laravel runs authorize method by default before allowing the Request to reach your controller, before running authorizemethod in your CreateActionRequest it runs rules method which verifies that all the given fields pass the expressions you assigned them, so the execution is something like this CreateActionRequest => rules => authorize => IF(authorized) Controller ELSE Not authorized, hope that makes sense. In order to fix your code:
1.) Remove $this->authorize('store', $project);
This will allow you to pass not authorized error in case your name passes the truth test inside of rules method inside of your CreateActionRequest. If you wish to utilize your Action Policy you will need to hook up your custom Request(CreateActionRequest) with it and this is how:
public function authorize()
{
$store = $this->route('project');
//The above line will return Project object if your mapping is correct
//If it's not it will return the value you passed to your route for {project}
return $this->user() && $this->user()->can('store', $store);
}
EDIT:
Here is the link where you can see how to properly authorize and connect policy with CreateActionRequest
Do you have all your controller methods defined with the Request object last?
public function store(Project $project, CreateActionRequest $request)
The Request object should be the first parameter in the methods signature:
public function store(CreateActionRequest $request, Project $project)
Dependency Injection & Route Parameters
If your controller method is also expecting input from a route parameter you should list your route parameters after your other dependencies.
Most Laravel authorization mechanisms have identical method signatures allowing them to work across varying classes.
Anyone use Ardent in Laravel with the repository pattern and have it "auto-hydrate" relations on save? If so, do the rules need to be in the repository or can they be in a separate Validator service?
The basic idea of Ardent is autovalidation done in the model itself. However if you want to make your app as robust as possible it's better to use validation services. In the end you can use the service (or even pass it's internal $rules) wherever you wish so it's totally DRY.
EDIT:
Suppose you have such a validation service
namespace App\Services\Validators;
class UserValidator extends Validator {
/**
* Validation rules
*/
public static $rules = array(
'username' => array('required'),
'email' => array('required','email'),
'password' => array('required','min:12','confirmed'),
'password_confirmation' => array('required','min:12'),
);
}
in a repository you can do
public function store()
{
$v = new App\Services\Validators\UserValidator;
if($v->passes())
{
$this->user->create($input);
return true
}
return Redirect::back()->withInput()
->withErrors($v->getErrors());
}
in an Ardent model you can just modify the rules directly
Ardent::$rules = UserValidator::$rules
Check out Ardent docs and you might find this article on validation interesting, the code above is based on that article.