My application has an API that I consume from my JavaScript/Vue front end. Recently, I (unrelated) tried to unsecure Valet in order to share the site to perform webhook tests. I received a Brew 'Unable to determine linked PHP' error. Long story short I restored the symlink, updated composer dependencies and resecured Valet to ensure nothing was broken.
Upon loading my application, all calls to my Laravel Passport secured API are returning 401. My unit tests are all passing, so the non-javascript authentication is working.
Both the laravel_token and the x-csrf-token are being sent in the request header and I still have CreateFreshApiToken middleware in my Kernel.php.
Has anyone got any ideas as to where I can start to look to debug this?
If you've just recently upgraded to Laravel 5.6.30, this was a security patch with breaking changes.
Read upgrade notes here.
TL;DR
Call Laravel\Passport\Passport::withoutCookieSerialization() in your AppServiceProvider
Related
I have tried so many options I could think of or find online, user details are still persisted even after successful deletion of all the tokens!
I am using Laravel sanctum with Vue. The logout function I created works as expected when I use postman to make the request, but this is not the case when I make the request via axios from the browser. The tokens gets deleted quite alright but I still can access protected routes.
I have also tried
Auth::logout()
I have continued to try this using sanctum and web as guard.
Any help will be appreciated.
I've developing an update to an existing Laravel System (currently running Laravel 6 and PHP7.4), that runs on both EC2 and Laravel Vapor Setups, and have run into some very strange issues that only present themselves on Vapor Setups. These issues relate to Cookie Generation Failing and POST Routes being ignored when handling Routes.
Issue #1: Cookies No Longer Being Set
The first issue presents itself immediately upon loading the system up for the first time, no cookies are being saved, even though our .env is configured to do so:
SESSION_DRIVER=cookie
Without Cookies being generated, forms can't be processed and users cannot be marked as authenticated.
The system itself has had no changes made to it in areas that would touch core logic around Cookies, but none are now being generated. If we revert the codebase to the previous release without these changes, the system runs perfectly on the Laravel Vapor Setup, but runs without issue using both version of the code on the EC2 Setup.
Potentially Related: Redirecting users seems to be being done with JavaScript on the problematic Vapor Setup, whilst EC2 and Local Development Environments are managing to do so using headers. This indicates there's an issue somewhere in the code that's being used, but the areas that manage that code, as mentioned a few times, haven't been touched during development.
Issue #2: POST Routes Being Ignored
This might be a run on from the first issue above.
POST Routes are being completely ignored from our web.php file. I've tried submitting forms, I've tried using Insomnia to make requests to them, and have even tried setting up a route that would catch requests to any route that was using the POST method, and in each case they were being completely ignored by the system.
Submitting our login forms leads to a strange error being output:
Call to a member function can() on null (View: /var/task/resources/views/core/main/parts/headermenu.blade.php) (View: /var/task/resources/views/core/main/parts/headermenu.blade.php) (View: /var/task/resources/views/core/main/parts/headermenu.blade.php) (View: /var/task/resources/views/core/main/parts/headermenu.blade.php)
This error is strange because it should only be displayed after a user is authenticated, but submitting any details to the system gets this output, even blank details. I'm not sure how the user ends up on an authenticated page, as the POST route that handled authentication is being ignored, so no authentication logic is ever being run. I can, at least, confirm that the system is able to connect to the database to run verification logic, but the route that does so is never accessed because of this issue.
Honestly, I'm coming up blank on solutions to both of these issues, but they're blocking progress with this feature. Any and all guidance on where to look, or how to resolve the above would be most greatly appreciated.
I made my first laravel project using Breeze authentification (laravel 9.2).
Everything is ok in local, I can register and login users.
But unfortunately in production on my server, login form and register form don't work so well !
I made a second laravel project, with only authentification functionnality to check if the problem come from part of my app. But the problem repeats : nice in local, does'nt work in production... I don't understand why.
When I submit my new created user or login with an existing user, the form reloads without performing the action...
I have this 404 error in my network console :
POST https://www.prod-breeze.yannpollet.fr/register [HTTP/2 404 Not Found 411ms]
My route login or register exists of course, created automatically with breeze installation.
I read in some forum that Breeze doesn't support https, but i can't believe it.
Anyone has the same problem or know hot to resolve it ?
Upload an api made in Spring Boot to heroku, all the Gets methods are working correctly, but the Posts have a problem where only the first request I make works, after that it doesn't work anymore, only if I restart the application. What do I do?
I've gone through the entire page of documentation and as far as I can tell I have everything set up exactly as the documentation states. However, when I attempt to make a GET request to /api/users it always returns a 401 Unauthorized.
If I inspect the request, I see that the laravel_token is indeed being passed along with the request, as well as CSRF.
At this point, I'm not really sure why it's always failing to authenticate, but it's pretty frustrating and I'm sure it's something minor that I'm overlooking somehow.
I'm using Laravel 5.7.5.
Configuration steps done:
Ran php artisan passport:install
Added trait to User model
Added Passport::routes() to AuthServiceProvider::boot()
Changed API driver to passport in config/auth.php
Added CreateFreshApiToken::class to web middleware
After a lot of digging, I finally figured out what my issue was.
In version 5.6 and later of Laravel, cookies are no longer serialized/unserialized. However, Passport still expects that the cookies are serialized. Neither the documentation for Laravel or Passport point this out, and hopefully they'll get more in sync so this isn't an issue.
To fix this, you just need to add Passport::withoutCookieSerialization(); to app\Providers\AuthServiceProvider::boot()