I am using jrean/laravel-user-verification on Laravel 5.6, one issue is that it doesn't verify users if the user is logged in. Only if the user is logged out does the link actually verify the user.
I can't see anything mentioned about this in the docs, and seems backwards as you can't resend verification email if the user isn't logged in either.
Any advice?
$this->middleware('guest', ['except' => ['getVerification', 'getVerificationError']]);
In construct
Related
I would like to know how to impersonate user without using a package in Laravel/Vue application. I'm using Passport for authentification.
From my understanding and how I think it might work is that I test if the master password is entered and then the admin user is automatically redirected to the user account which is taken from the email which is also entered but I cannot understand how exactly this should be done. Any help would be appreciated. Thanks!
I want to be able to disable certain users in my laravel 7 app. I therefore created a column "active" in the "Users" table and when set to active = 0 the user isn't able to login anymore.
The issue I have is the "Remember Me" function, since already logged in users still have access to the app after I disabled their accounts, because they don't have to pass the login form.
Will deleting the "remember_token" in the "Users" table have any effect on this? I tried this with a user (deleted the users remember_token in table) but it had no immediate effect, since autologin still worked after that. But maybe I'm missing something here.
Additional Info: I'm using Laravel Passport for authentication.
I decided to go with the middleware solution, as I didn't want to reduce the overall SESSION_LIFETIME.
I created an extra middleware called "VerifyUserState", because I didn't succeed in reading the users "active" value via Auth::user() or $this->auth inside of the authenticate/handle function in Authenticated.php middleware.
I followed this tutorial to achieve this:
https://www.itechempires.com/2019/08/how-to-create-configure-and-use-custom-middleware-in-laravel-5-8/
Now it works as needed.
I have a laravel+vuejs project. I want to change the password of logged in user but does not know how to change the password with api token also how to get user id in vue component. Please tell me how to change the password of logged in user. Thanks in advance!
I am adding a Login with Facebook button to my Larvel web app. Users can already register using an email and a password, So what I need to do is to give the users the ability to Login with Facebook, without having to register using Facebook from the beginning. I have already accomplished this, but I facing a security issue.
The authentication flow goes like this once a user cliks the Login with Facebook button:
Redirect users to facebook -> Users enter their email and password -> Facebook returns the user object back -> If the email returned with the user object exists in my database, log the email owner in.
Mostly you have already noticed the problem, but if not, consider this case:
If a user registers with their email in my application, and happens to not have a facebook account associated with that email, then anyone can register a new facebook account with that email, and then just simply log in into my application (Because that email exists in my database!!)
I have been googling this for quite a while now, and it seems like there's no one mentioning this problem, I am assuming this is because I might just be doing it the wrong way!, or maybe it's just done this way! Not really sure.
So, I am seeking guidance, how is this done right?
I am using TweetSharp for user login in my asp.net mvc web app. All works fine but after login I need to save the user data in my DB as well. I cant find email from TwitterUser object after loging. How can i get user's email once the user is authenticated?
thanks
You cannot. The Twitter API doesn't return email addresses for users.
Take a look at the users/show documentation to see all the information you can retrieve.
If your app is whitelisted, you can now retrieve the email as part of verify_credentials https://dev.twitter.com/rest/reference/get/account/verify_credentials