Laravel Authentication Reset - laravel

I'm having difficulty how do I get the user id based on the token generated by laravel? I'm not very familiar with framewrok can anyone help me?
class ForgotPasswordController extends Controller
{
use SendsPasswordResetEmails;
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('guest');
}
}
ResetPasswordController
class ResetPasswordController extends Controller
{
use ResetsPasswords;
protected $redirectTo = '/login';
public function __construct()
{
$this->middleware('guest');
}
protected function guard()
{
return Auth::guard('user');
}
public function broker()
{
return Password::broker('users');
}
public function showResetForm(Request $request, $token = null)
{
var_dump($request->email);
var_dump( $request->token);
return view('auth.passwords.reset')->with(
['token' => $token, 'email' => $request->email]
);
}
}
how to update password? I only have the token received by email?

Check this steps so you can understand better how laravel auth works.
Generate the auth scaffolding with: php artisan make:auth
Run the created migrations:php artisan migrate
Check your route list with php artisan route:list, you can see that routes were created too when you ran make:auth command.
Take note of the controllers and methods the Auth routes are calling.
Go to the routes web.php file. See the Auth::routes();, this generate the default Laravel Auth routes, if you don't need em all, comment or delete this line and add the required Lines.
If you took note of the controllers and methods, you can see what's been called on each route. In this particular case, i think you'd be looking for ResetPasswordController which uses ResetsPasswords from vendor/laravel/framework/src/Illuminate/Foundation/Auth/ResetsPasswords.php there you can see the resets method this is what you'll have to override on your ResetPasswordController.

Related

how to change redirect after auth Email verification in laravel 8?

I have 2 condition after successful registration with email verification.
If the new user is select plan from home page, redirects to registration page submits the form. then will get Email verfication link, and after email verified I want to redirect directly to checkout. Plan id will be saving session , so I can get all the details of plan.
If the new user is not select plan from home page, then he can sign up and redirects to dashboard
But in laravel after email verfication always redirects to home page. But I dont want to redirect to home page again.
How can be this done? Wher can do the coding part?
Verification Controller
use VerifiesEmails;
/**
* Where to redirect users after verification.
*
* #var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('auth');
$this->middleware('signed')->only('verify');
$this->middleware('throttle:6,1')->only('verify', 'resend');
}
protected function verified(Request $request)
{
$request->session()->flash('alert','Your Email is verfied');
}
Routes
public function emailVerification()
{
return function () {
$this->get('email/verify', 'Auth\VerificationController#show')->name('verification.notice');
$this->get('email/verify/{id}/{hash}', 'Auth\VerificationController#verify')->name('verification.verify');
$this->post('email/resend', 'Auth\VerificationController#resend')->name('verification.resend');
};
}
Add a method called redirectTo(). It will be called if it exists.
public function redirectTo()
{
// put your routing logic here
}
The function should return a string of the url to go to.
The best option that worked for me in Laravel 9* was to define a new public constant in the RouteServiceProvider right under or above the HOME
e.g
Location: app\Providers\RouteServiceProvider
public const SUB = '/account/subscription';
Then go to VerificationController
Location: app\Http\Controllers\Auth\VerificationController
and change
protected $redirectTo = RouteServiceProvider::HOME;
to
protected $redirectTo = RouteServiceProvider::SUB;
If you are using Fortify, I think the more Laravel way to solve this, is to create a Response handler.
Laravel will, when an email is verified, generate a VerifyEmailResponse. So to modify that logic, you would create a class and make that the singleton.
<?php
namespace App\Http\Responses;
use Laravel\Fortify\Contracts\VerifyEmailResponse as VerifyEmailResponseContract;
class VerifyEmailResponse implements VerifyEmailResponseContract
{
public function toResponse($request)
{
// Your custom logic returning redirect(), \Illuminate\Routing\Redirector or \Illuminate\Http\RedirectResponse
}
}
And in your FortifyServiceProvider class:
use Laravel\Fortify\Contracts\VerifyEmailResponse as VerifyEmailResponseContract;
public function boot()
{
// logic
$this->app->singleton(VerifyEmailResponseContract::class, VerifyEmailResponse::class);
// logic
}
Couple approaches from what I can see...
In your controller actions where you are routing them to
Auth\VerificationController#verify do the check to make sure a flag
isn't already set, set the flag if it isn't set, put your redirect
after that logic. So it would be something like this for a route...
return redirect()->route('route.name', [$veriYouWantToSendAlong]);
Or to a static page with errors.
return redirect()->route('page/name')->withErrors(['Some error here']);
In your Laravel auth controller should be a protected $redirectTo = '/home'; action you can change that to dashboard or wherever you'd like to send them after log in.
Maybe add this in the Routes/web.php.
And change the /dashboard to whatever you like :).
Route::get('/email/verify/{id}/{hash}', function (EmailVerificationRequest $request) {
$request->fulfill();
return redirect('/dashboard');
})->middleware(['auth', 'signed'])->name('verification.verify');

Login and verify user - Call to a member function getKey() on null

I am trying to create a custom verification flow, where as soon as a user clicks the verification link, it logs him in and also verifies him, instead of first making him log in and only then the verification link works.
I built a custom notification URL in my CustomVerificationNotification, including the registered user_id, to login him later:
protected function verificationUrl($notifiable)
{
if (static::$createUrlCallback) {
return call_user_func(static::$createUrlCallback, $notifiable);
}
return URL::temporarySignedRoute(
'verification.custom-verify',
Carbon::now()->addMinutes(Config::get('auth.verification.expire', 60)),
[
'id' => $notifiable->getKey(),
'hash' => sha1($notifiable->getEmailForVerification()),
'user_id' => $this->user->id
]
);
}
Then in my web.php I added this route:
Route::get('/email/verify/{id}/{hash}/{user_id}','Auth\CustomVerifyController#login_and_verify')->name('verification.custom-verify');
Then in my CustomVerifyController:
public function login_and_verify(EmailVerificationRequest $request)
{
//..
}
But I get Call to a member function getKey() on null. And I can't edit EmailVerificationRequest, so what can I do? Is it possible to somehow call Auth::login($user); before calling the EmailVerificationRequest? (Because I have the user_id from the route)
I tried to follow the best answer from this post as well: How to Verify Email Without Asking the User to Login to Laravel
But I'm not sure then how to trigger the verify() method from the web.php and send the $request when I'm first calling the verify_and_login method
First you need verify that the URL is signed by adding the middleware signed
You don't want that anoyone having the url /email/verify/{id}/{hash}/{user_id} able to access this ressource without the signature.
web.php
Route::get('/email/verify/{id}/{hash}/{user_id}','Auth\CustomVerifyController#login_and_verify')
->middleware('signed')
->name('verification.custom-verify');
Then you need to verify that the hash correspond the user_id and for that you can use a Request or a Middleware. I think the Request fits better since Laravel already uses a Request for this.
CustomEmailVerificationRequest.php
<?php
namespace App\Http\Requests;
use Illuminate\Auth\Events\Verified;
use Illuminate\Foundation\Http\FormRequest;
class EmailVerificationRequest extends FormRequest
{
public function authorize()
{
$user = User::findOrFail($this->route('id'));
if (! hash_equals((string) $this->route('hash'), sha1($user->getEmailForVerification()))) {
return false;
}
return true;
}
}
Finally you need to login with the user and set is email as verified
CustomVerifyController.php
public function login_and_verify(CustomEmailVerificationRequest $request)
{
$user = User::findOrFail($this->route('id'));
Auth::login($user);
$user->markEmailAsVerified();
event(new Verified($user));
...
}
[Edit to add addition feature from comments]
In order to have a middleware that verify the signed URL and resend automatically the verification email, you need to build a custom middleware.
ValidateSignatureAndResendEmailVerification.php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Routing\Exceptions\InvalidSignatureException;
use URL;
class ValidateSignatureAndResendEmailVerification
{
public function handle($request, Closure $next, $relative = null)
{
if(! URL::hasCorrectSignature($request, $relative !== 'relative')( {
throw new InvalidSignatureException;
}
if (URL::signatureHasNotExpired()) {
return $next($request);
}
return redirect()->route('resend-email-confirmation');
}
}
Then you need to add the middleware to Kernel.php
Kernel.php
protected $routeMiddleware = [
...
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'signed.email' => \App\Http\Middleware\ValidateSignatureAndResendEmailVerification::class,
...
];
Then, don't forget to update your route with the new middleware
web.php
Route::get('/email/verify/{id}/{hash}/{user_id}','Auth\CustomVerifyController#login_and_verify')
->middleware('signed.email')
->name('verification.custom-verify');

Use Auth in AppServiceProvider

I need the ID of the user who is logged in to get a photo in the profile table, here I am trying to use View but only in the index function that gets $profile, I want all files in the view to have $profile
public function index(){
$profil = Profil_user::where('user_id',$auth)->first();
View::share('profil', $profil);
return view('user.index');
}
I have also tried AppServiceProvider but I get an error in the form of a null value if I don't log in, is there a solution to my problem?
public function boot(){
$auth = Auth::user();
dd($auth);
}
exist several way to pass a variable to all views. I explain some ways.
1. use middleware for all routes that you need to pass variable to those:
create middleware (I named it RootMiddleware)
php artisan make:middleware RootMiddleware
go to app/Http/Middleware/RootMiddleware.php and do following example code:
public function handle($request, Closure $next) {
if(auth()->check()) {
$authUser = auth()->user();
$profil = Profil_user::where('user_id',$authUser->id)->first();
view()->share([
'profil', $profil
]);
}
return $next($request);
}
then must register this middleware in app/Http/Kernel.php and put this line 'root' => RootMiddleware::class, to protected $routeMiddleware array.
then use this middleware of routes or routes group, for example:
Route::group(['middleware' => 'root'], function (){
// your routes that need to $profil, of course it can be used for all routers(because in handle function in RootMiddleware you set if
});
or set for single root:
Route::get('/profile', 'ProfileController#profile')->name('profile')->middleware('RootMiddleware');
2. other way that you pass variable to all views with view composer
go to app/Http and create Composers folder and inside it create ProfileComposer.php, inside ProfileComposer.php like this:
<?php
namespace App\Http\View\Composers;
use Illuminate\View\View;
class ProfileComposer
{
public function __construct()
{
}
public function compose(View $view)
{
$profil = Profil_user::where('user_id', auth()->id)->first();
$view->with([
'profil' => $profil
]);
}
}
now it's time create your service provider class, I named it ComposerServiceProvider
write this command in terminal : php artisan make:provider ComposerServiceProvider
after get Provider created successfully. message go to config/app.php and register your provider with put this \App\Providers\ComposerServiceProvider::class to providers array.
now go to app/Providers/ComposerServiceProvider.php and do like following:
namespace App\Providers;
use App\Http\View\Composers\ProfileComposer;
use Illuminate\Support\Facades\View;
use Illuminate\Support\ServiceProvider;
class ComposerServiceProvider extends ServiceProvider
{
/**
* Bootstrap the application services.
*
* #return void
*/
public function boot()
{
View::composer(
'*' , ProfileComposer::class // is better in your case use write your views that want to send $profil variable to those
);
/* for certain some view */
//View::composer(
// ['profile', 'dashboard'] , ProfileComposer::class
//);
/* for single view */
//View::composer(
// 'app.user.profile' , ProfileComposer::class
//);
}
/**
* Register the application services.
*
* #return void
*/
public function register()
{
}
}
3. is possible that without create a service provider share your variable in AppServiceProvider, go to app/Provider/AppServiceProvider.php and do as follows:
// Using class based composers...
View::composer(
'profile', 'App\Http\View\Composers\ProfileComposer'
);
// Using Closure based composers...
View::composer('dashboard', function ($view) {
//
});
I hope be useful
you can use this
view()->composer('*', function($view)
{
if (Auth::check()) {
$view->with('currentUser', Auth::user());
}else {
$view->with('currentUser', null);
}
});

How to perform addition action on login in Laravel 5.8?

In Laravel 5.8 the Auth\LoginController is just:
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* #var string
*/
protected $redirectTo = '/my-team';
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
}
On login I want to perform some custom actions for the user, but I can't figure out where I can place this code. The documentation doesn't seem to help.
Is there a method I can overwrite/extend with my own?
Laravel 5.2 used to have a login() method in the Auth controller where I could just write additional code.
You can override the login() method in LoginController. As you said, in Laravel 5.8 the login() method doesn't exist, but you can define it yourself. The newly defined login() method will override the default one and then you can do whatever extra you want to after or before the user signs in. Here is a snippet from Laracasts:
public function login(Request $request)
{
$this->validateLogin($request);
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if(Auth::attempt(['email' => $request->email, 'password' => $request->password, 'is_activated' => 1])) {
// return redirect()->intended('dashboard');
} else {
$this->incrementLoginAttempts($request);
return response()->json([
'error' => 'This account is not activated.'
], 401);
}
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
Just go through it and see what has been done there. In short, you can modify the login() method to do whatever you want before or after a user signs in.
There are two functions provided by the AuthenticatesUsers trait. You can customize those in the login controller.
Login Form
public function showLoginForm()
{
return view('auth.login');
}
Handle Login
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
You can place these two functions in the login controller and make changes as you want.
The best place to add your custom actions is to override authenticated method in your LoginController
protected function authenticated(Request $request, $user)
{
// Your code
}
Just go to where the Illuminate\Foundation\Auth\AuthenticatesUsers trait is located and you will find all the methods you want
it's located in :
vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers
Or you can overwrite it in the LoginController to do what ever you want

Laravel 5.3 Middleware Request Merge Not Return Any Value

All my code is working on Laravel 5.2. Now I try to upgrade to Laravel 5.3 it breaks on middleware.
// Verify Middleware
public function handle($request, Closure $next)
{
// I already make sure the data is exists
$user = User::find('abc');
if (!$user) {
return responseHandler()->unauthorized('Unauthorized');
}
$request->merge(['user_id' => $user->id, 'device' => $device]);
return $next($request);
}
// User Controller
public function __construct(Request $request)
{
var_dump($request->all());
$this->user_id = $request->user_id;
$this->device = $request->device;
}
public function getProfile(Request $request)
{
$data = User::find($this->user_id);
$result = Fractal::item($data, new UserTransformer)->getArray();
return responseHandler()->success(0, $result, 'user');
}
The problem is $this->user_id is always null. But if I request from getProfile function it return correctly.
var_dump result only the login info. it not received any merge request from middleware
On Laravel 5.2 this code is working properly. Any solution?.
Reference-: https://www.laravel.com/docs/5.3/upgrade#upgrade-5.3.0
Session In The Constructor
In previous versions of Laravel, you could access session variables or the authenticated user in your controller's constructor. This was never intended to be an explicit feature of the framework. In Laravel 5.3, you can't access the session or authenticated user in your controller's constructor because the middleware has not run yet.
As an alternative, you may define a Closure based middleware directly in your controller's constructor. Before using this feature, make sure that your application is running Laravel 5.3.4 or above:
<?php
namespace App\Http\Controllers;
use App\User;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
class ProjectController extends Controller
{
/**
* All of the current user's projects.
*/
protected $projects;
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware(function ($request, $next) {
$this->projects = Auth::user()->projects;
return $next($request);
});
}
}
Of course, you may also access the request session data or authenticated user by type-hinting the Illuminate\Http\Request class on your controller action:
It seems you can't access the session data in Controller constructor because the middleware not run yet.
Refer laravel change log here
you can't access the session or authenticated user in your
controller's constructor because the middleware has not run yet.
In your case you can call session with request object
public function getProfile(Request $request)
{
$data = User::find($request->session()->get('user_id'));
$result = Fractal::item($data, new UserTransformer)->getArray();
return responseHandler()->success(0, $result, 'user');
}

Resources