How to remove key from input? - laravel-5.6

I am passing JWT token in request object for verification. After verifying JWT, I want to remove the token key from input otherwise it reaches model and generates error.
One way is to use something like $request->except('token') but I have to write this everywhere.
Second way is to use a middleware to remove this key:
<?php
namespace App\Http\Middleware;
use Closure;
class InputCheck
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$request->request->remove('token');
return $next($request);
}
}
The above statement is not removing token. Can't find anything on how to remove key from $request. Middleware is working fine.

Try the except method in the middleware:
$response = $request->except(['token']);
return $next($response);
https://laravel.com/docs/5.6/requests#retrieving-input under Retrieving A Portion Of The Input Data

Related

Laravel 8: GET params can't be accessed in Middleware's Request's inputs

I have defined this route in the web.php route file:
Route::get('/middleware_test_user_project_change/{pro_id}/{projet_id}', function ($pro_id, $projet_id) {
return 'test';
})->middleware('user.project.change');
I have defined this handle function in my middleware (which I've added into the kernel with the following entry: 'user.project.change' => \App\Http\Middleware\CheckUserProposition::class):
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use App\Models\User;
class CheckUserProposition
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle(Request $request, Closure $next)
{
$projet_id = $request->input('projet_id');
$pro_id = $request->input('pro_id');
return $next($request);
}
}
However, both $projet_id and $pro_id return NULL when I access the following URL: https://XYZ/middleware_test_user_project_change/1/1
As I've correctly set up the middleware and the routes parameters (which are, finally, GET variables), why can't I use them in my middleware as request inputs?
Route parameters are not part of the 'inputs'. They are a separate thing; this is why you don't see them when you get all the inputs with $request->all().
If you want a route parameter you should probably explicitly ask for it:
$request->route('projet_id');
$request->route()->parameter('projet_id');

Assigning middleware inside a Middleware handle function in Laravel

I want to know If it is possible to assign a middleware or execute a middleware in handle function of another middleware
<?php
namespace App\Http\Middleware;
use Closure;
class AuthTypeMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
if($request->header('auth_type') === "api") {
// execute the auth:api middleware here
}
else {
// execute the auth middleware here
}
}
}
I know we can achieve this by creating different route groups with prefix but still I wanted to know if their any possibility of getting this work

This expression(terminate) is used for which purpose?

My terminate middleware as below:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Log;
class ExampleMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next, $role)
{
if ($role == null) {
return redirect('/deneme');
}
return $next($request);
}
public function terminate($request, $response)
{
sleep(4);//what is the purpose in this section(What this means is that anyone who has used this way?)
}
}
What is the purpose of the terminate function, what is it and when should it be used?
Sometimes a middleware may need to do some work after the HTTP response has been prepared. For example, the "session" middleware included with Laravel writes the session data to storage after the response has been fully prepared. If you define a terminate method on your middleware, it will automatically be called after the response is ready to be sent to the browser.
Terminable Middleware

New registered user to be redirected to the password reset screen

I'm quite new to Laravel and have been stumped on a problem for 2 days - I'd be grateful for some guidance.
I'm using the default out-of-the-box User authentication system with Laravel 5.3. A new user is created automatically behind the scenes by an existing Admin user - I will in time hide the user registration page. I have also successfully set up middleware to check if a user is newly registered (by looking for a null 'last_logged_in_date' that I've added to the migration).
All I want to happen is for a new registered user to be redirected to the password reset screen that ships with Laravel (again, in time I will create a dedicated page). I would like this to happen within the middleware file. So far, my middleware looks like this:
<?php
namespace App\Http\Middleware;
use Closure;
use App\Http\Controllers\Auth;
class CheckIfNewUser
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$user = $request->user();
if (! is_null($user->last_logged_in_date )) {
return $next($request);
}
// This is where I'm stuck!!!
}
}
I'm not sure what code to enter at the location indicated by the comments above. I've tried sendResetLinkEmail($request); etc and have imported what I though were the correct classes but I always end up with a Call to undefined function App\Http\Middleware\sendResetLinkEmail() message irregardless of what I 'use' at the top of my class.
Where am I going wrong? Thanks!
Well that happens because you have not defined your sendResetLinkEmail($request) function yet. You can do it like this, or you can create a new class with that and then call the class.
Call the trait SendsPasswordResetEmails and then access it with $this since traits are not classes and you cannot access their members directly.
<?php
namespace App\Http\Middleware;
use Closure;
use App\Http\Controllers\Auth;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
class CheckIfNewUser
{
use SendsPasswordResetEmails;
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$user = $request->user();
if (! is_null($user->last_logged_in_date )) {
return $next($request);
}
// This is where I'm stuck!!!
//EDIT
//return $this->SendsPasswordResetEmails->sendResetLinkEmail($request);
return $this->sendResetLinkEmail($request);
}
}

Laravel Middleware access protected values

i wrote my own User-Role System, but i dont know how to implement the verification in my middleware routes.
The middleware class is calling on every request.
I recive the $request->user() but i can not access the attributes to verify if the user has the correct permissions.
My middleware controller looks like this:
namespace App\Http\Middleware;
use Closure;
use Activation;
use Cartalyst\Sentinel\Laravel\Facades\Sentinel;
class AccountMiddleware
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
$user = Sentinel::findByCredentials([
'login' => $request->user()->attributes['email']
);
...
return $next($request);
}
}
It doesnt work.
If I trie to dump the $request->user() i can see all properties but there are protected.
What do i need to change, to make it work?
Accessing Eloquent model properties is done via accessors, in this case via the __get magic method. So you don't need to access them through the $attributes property array, all you need is this:
$request->user()->email;
The above will return the user email because the Illuminate\Database\Eloquent\Model::__get method already fetches the specified attribute automatically.
If you like, you can even define your own Accessors or Mutators to modify attribute values when reading or writing them to the database.

Resources