Can I install entrust 5.2 with laravel version 5.4 to assign roles and permissions to the users???? I installed and tried. But I can not able to assign roles. I am getting error status 403. Can Anyone help?
An error 403 is an unauthorized action response, which in all likeliness has nothing to do with Entrust, and more so to do with your routes and current authorization rules. Can you verify you have access to the routes you are trying to send requests to? It does not need to involve the Entrust package, simply making GET or POST requests through a basic form will do.
Related
I am using Nuxt.js, Laravel, and Laravel Sanctum for API development learning projects. Now, I have been stuck with this error for a few days. I know that Laravel Sanctum will handle everything on config/cors.php with some changes like I said at Nuxt.js - No 'Access-Control-Allow-Origin' header is present on the requested resource
Then,
Why I am facing this CORS error? Does anyone know something?
Please guide me, it will be helpful for me.
This may or may not help.... but I suffered the same issue not locally, not on test, but on my PROD deployment of a project. What solved it for me is CHOWN'ing the entire Laravel project to 'www-data' . When my user was the owner of the Laravel project I kept getting "No 'Access-Control-Allow-Origin' header is present on the requested resource." like you. After CHOWN'ing it to'www-data' it worked as usual.
I can't tell you why this is the case besides something with PHP being represented as the "www-data" user or something like that ( I'm not that smart ). But hope this helps!
EDIT: my project is React <-> Laravel, my Cors.php was configured correctly the entire time.
I am using Laravel Sanctum for making authentication. I don't have any SPA application and I want to have Laravel Sanctum for having default authentication.
I have followed the documentation but I've got 419 error code.
If you try to logging to system with Cookie Base application you should add CSRF to your application. And you do not have to use Laravel/Sanctum package if you will not separate your application parts with wildcards. Just use sessions instead of it.
My application has an API that I consume from my JavaScript/Vue front end. Recently, I (unrelated) tried to unsecure Valet in order to share the site to perform webhook tests. I received a Brew 'Unable to determine linked PHP' error. Long story short I restored the symlink, updated composer dependencies and resecured Valet to ensure nothing was broken.
Upon loading my application, all calls to my Laravel Passport secured API are returning 401. My unit tests are all passing, so the non-javascript authentication is working.
Both the laravel_token and the x-csrf-token are being sent in the request header and I still have CreateFreshApiToken middleware in my Kernel.php.
Has anyone got any ideas as to where I can start to look to debug this?
If you've just recently upgraded to Laravel 5.6.30, this was a security patch with breaking changes.
Read upgrade notes here.
TL;DR
Call Laravel\Passport\Passport::withoutCookieSerialization() in your AppServiceProvider
Suddenly my application stopped working when trying to access endpoints protected by auth:api middleware in the Laravel 5.6.35 back-end using Passport 7.0.1.
The issue is that it is generating when I register and log-in.
return Response::json([
'token' => $user->createToken('foobar')->accessToken,
'user' => $user
], HTTPResponse::$HTTP_OK);
Insomnia rest will then show the following when accessing the routes belonging to the auth:api middleware.
"message": "Unauthenticated."
It was working until an hour ago, and it stopped after I refreshed the database. I dropped and created a new one, registered a test user and attempted to access and endpoint passing the token as Bearer token and Accept header to application/json. I've done it like this many times, always running php artisan passport:install --force after each refresh.
I don't know how to solve it. I saw where it was failing in TokenGuard.php file, but what to do? Why has it suddenly stopped?
The reason of the issue was because I was setting another field as the primary key of users table, and it was causing an error in the Passport's auto-generated tables.
you must reinstall the passport after refreshed the database.Then only Token will generate
php artisan passport:install
In case you are using Apache Server, Add this line to your httpd.conf file.
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
I have a react app that fetch datas from laravel api defined like so in routes/api.php:
// this is default route provided by laravel out of the box
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
// ItemController provides an index methods that list items with json
Route::resource('items', 'Api\ItemController', array('except' => array('create','edit')));
// this is to store new users
Route::resource('users', 'Api\UserController', array('only' => array('store')));
for example http://example.com/api/items returns the data as intended but it's really insecure since anyone could access it through postman.
How to make those routes only accessible inside the app?
As I'm new to it I don't understand if I need to set up api_token and how?
Do I need to setup Passport?
Is is related to auth:api middleware?
It may sounds really basic but any help or tutorial suggestions would be greatly appreciated
EDIT
End up with a classic session auth. Moved routes inside web.php. Pass csrf token in ajax request. Actually i didn't need a RESTful API. You only need token auth when your API is stateless.
As you are using Laravel 5.4 you can use Passport, but I haven't implemented yet, but i implemented lucadegasperi/oauth2-server-laravel for one of my laravel projects and it was developed in Laravel 5.1
Here is the link to github repository
lucadegasperi/oauth2-server-laravel
Here is the link to the documentation Exrensive Documentation
Just add the package to the composer json and run composer update,the package will get installed to your application , once installed add the providers array class and aliases array class as mentioned in the Laravel 5 installation part of the documentation,
you have to do a small tweak in order to work perfectly cut csrf from $middleware array and paste it into $routeMiddleware array and again run php artisan vendor:publish after publishing the migrations will be created and run the migration php artisan migrate
if you only want to secure api routes for each client like ios, android and web you can implement Client Credentials Grant, or if you need to every user with oauth the you can implement Authorization Server with the Password Grant or some other.,
Never use the client id or other credentials, generating access token in the form, but add it some where in helper and attach it in the request to the api,
Hope this answer helps you.
You could use JWT it's pretty easy to get it to work. You basically generate a token by requesting Username/Password and passing that token in every request that requires authentication, your URL would look like http://example.com/api/items?token=SOME-TOKEN. without a proper token, he doesn't have access do this endpoint.
As for
How to make those routes only accessible inside the app?
If you mean only your app can use these requests, you can't. Basically the API doesn't know who is sending these requests, he can only check if what you are giving is correct and proceed with it if everything is in order. I'd suggest you to have a look at this question