I'm using Hash::make to hash the customer id in my laravel api controller. But when I return the Hashed customer id I get wrong characters. Here is my code:
$key=Hash::make($input['key']);
$createnewkey=DB::table('customers')->where('custid', $input['custid'])
->update(array("key"=>$key));
return ["STATUS"=>1, "KEY"->$key];
I got for example : Av$#wqe#!3aferty10/2YyAU .... and that's saved in the database.
But the request response is : Av$#wqe#!3aferty10/\2YyAU the \ or / is always replaced with /\ that will corrupt my hash code compare
Laravel Hash use the password_hash function of the PHP. This function will generate the base64 encoded string. Which has the / in its character list. So if you will pass that in the URL your URL will get corrupted.
Instead, you can use hashids to encrypt the keys which are passed in URls.
This is the hashids port for laravel : https://github.com/vinkla/laravel-hashids
Related
I am new to Laravel and working on existing code.
I want to pass some values in url in format of URL/val1/val2/val3.
Every thing is working perfect if all values with normal string or number
but if any value has special character like slash / or \ it shows errors.
eg.
working :- URL/abc/pqr/xys
but if val3 = 22/06 ;url is URL/val1/val2/22/06 error shows 404 not found
If I encoded val3 using javaScript's function encodeURIComponent()
val3=22%2F06 and url become URL/val1/val2/22%2F06 shows Object not found!
// My current route web.php is:-
Route::get('/export/{name}/{status}/{search}', 'ReportController#export')->name('export');
//routes.php
Route::get('view/{slashData?}', 'ExampleController#getData')
->where('slashData', '(.*)');
Your route accept only 3 params. But you pass four params.
Route::get('/export/{name}/{status}/{search}', 'ReportController#export')->name('export');
You must change your val3=22-06. Don't use / as value of your param.
Eg.
URL/val1/val2/22-06
You need to use regex expression for that situation:
Route::get('/export/{name}/{status}/{search}', 'ReportController#export')->name('export')->where(['search' => "[\w\/]+"]);
I am creating an API endpoint which contains a file upload field and a few string fields. My goal is to allow clients to clear values on those string fields, i.e. the DB should persist these values as null.
However, due to the fact that the request may contain files, the client should be setting the Content-type header to multipart/form-data. This implies that client cannot send a representation of "null", but can only send an empty string to indicate the intent of clearing the value for a given string field.
Is there a way for grape-api library to know that when it is receiving a multipart request it should be able to nullify blank string values in the params, or is there a better approach to what I am trying to achieve?
Grape.configure do |config|
config.param_builder = Grape::Extensions::Hashie::Mash::ParamBuilder
end
you can override the param builder. extend the default one and override the build_params method or monkey patch it.
params.transform_values {|v| v.eql?('') ? nil : v }
While integrating OLA Money API, when I hit url with all parameter am getting error
"Hash Code mismatched"
The main problem is when we send generated hash code through url, then last 2 characters of hash key == are changed into %3D%3D. Could you please give me solution of this.
Both Hash key are given below:
Generated Hash Key before URL-------------------------------------------------------------------------
eyJjb21tYW5kIjoiZGViaXQiLCJhY2Nlc3NUb2tlbiI6IjN1NDFwODJ1VDEiLCJ1bmlxdWVJZCI6IjEyMzQ1Nk9MNTY0Nzg4OSIsImNvbW1lbnRzIjoib2RldFgiLCJ1ZGYiOiI4dkJkZiIsImhhc2giOiJjODkzZTFjMWViZTQ1MTliMTUzOGE1NTEyNTUzMzRjNGRlNjZiNWRiNDQ4OWI1MTdlN2MxN2RhYzM4YWMwNTA3MGY1ZDQ3MDBiNjRlMTUyMTUyYzg5NWVlYzFhMDYyMGYzMTFlNzkyMDYzNzk5OThjZDQ2ZGE0ZDkxMzRiYzEzZSIsInJldHVyblVybCI6Imh0dHA6Ly93d3cucnVwbGVlZGV2bG9wbWVudC5jb20vc2VydmljZS93ZWJzZXJ2aWNlc192MDMvb2xhbW9uZXkvb2xhUmVzcG9uc2UucGhwIiwibm90aWZpY2F0aW9uVXJsIjoiaHR0cDovL3d3dy5ydXBsZWVkZXZsb3BtZW50LmNvbS9zZXJ2aWNlL3dlYnNlcnZpY2VzX3YwMy9vbGFtb25leS9vbGFOb3RpZnkucGhwIiwiYW1vdW50IjoxLCJjdXJyZW5jeSI6IklOUiIsImNvdXBvbkNvZGUiOiIifQ==
Generated Hash Key in URL--------------------------------------------------------------------------------
eyJjb21tYW5kIjoiZGViaXQiLCJhY2Nlc3NUb2tlbiI6IjN1NDFwODJ1VDEiLCJ1bmlxdWVJZCI6IjEyMzQ1Nk9MNTY0Nzg4OSIsImNvbW1lbnRzIjoib2RldFgiLCJ1ZGYiOiI4dkJkZiIsImhhc2giOiJjODkzZTFjMWViZTQ1MTliMTUzOGE1NTEyNTUzMzRjNGRlNjZiNWRiNDQ4OWI1MTdlN2MxN2RhYzM4YWMwNTA3MGY1ZDQ3MDBiNjRlMTUyMTUyYzg5NWVlYzFhMDYyMGYzMTFlNzkyMDYzNzk5OThjZDQ2ZGE0ZDkxMzRiYzEzZSIsInJldHVyblVybCI6Imh0dHA6Ly93d3cucnVwbGVlZGV2bG9wbWVudC5jb20vc2VydmljZS93ZWJzZXJ2aWNlc192MDMvb2xhbW9uZXkvb2xhUmVzcG9uc2UucGhwIiwibm90aWZpY2F0aW9uVXJsIjoiaHR0cDovL3d3dy5ydXBsZWVkZXZsb3BtZW50LmNvbS9zZXJ2aWNlL3dlYnNlcnZpY2VzX3YwMy9vbGFtb25leS9vbGFOb3RpZnkucGhwIiwiYW1vdW50IjoxLCJjdXJyZW5jeSI6IklOUiIsImNvdXBvbkNvZGUiOiIifQ%3D%3D
I look forward to solution from you,
Issue here is - one of the Hash is getting URL encoded. Easiest way is to URL decode both the strings and then match. Here:
require 'uri'
h1 = "eyJjb21tYW5kIjoiZGViaXQiLCJhY2Nlc3NUb2tlbiI6IjN1NDFwODJ1VDEiLCJ1bmlxdWVJZCI6IjEyMzQ1Nk9MNTY0Nzg4OSIsImNvbW1lbnRzIjoib2RldFgiLCJ1ZGYiOiI4dkJkZiIsImhhc2giOiJjODkzZTFjMWViZTQ1MTliMTUzOGE1NTEyNTUzMzRjNGRlNjZiNWRiNDQ4OWI1MTdlN2MxN2RhYzM4YWMwNTA3MGY1ZDQ3MDBiNjRlMTUyMTUyYzg5NWVlYzFhMDYyMGYzMTFlNzkyMDYzNzk5OThjZDQ2ZGE0ZDkxMzRiYzEzZSIsInJldHVyblVybCI6Imh0dHA6Ly93d3cucnVwbGVlZGV2bG9wbWVudC5jb20vc2VydmljZS93ZWJzZXJ2aWNlc192MDMvb2xhbW9uZXkvb2xhUmVzcG9uc2UucGhwIiwibm90aWZpY2F0aW9uVXJsIjoiaHR0cDovL3d3dy5ydXBsZWVkZXZsb3BtZW50LmNvbS9zZXJ2aWNlL3dlYnNlcnZpY2VzX3YwMy9vbGFtb25leS9vbGFOb3RpZnkucGhwIiwiYW1vdW50IjoxLCJjdXJyZW5jeSI6IklOUiIsImNvdXBvbkNvZGUiOiIifQ=="
h2 = "eyJjb21tYW5kIjoiZGViaXQiLCJhY2Nlc3NUb2tlbiI6IjN1NDFwODJ1VDEiLCJ1bmlxdWVJZCI6IjEyMzQ1Nk9MNTY0Nzg4OSIsImNvbW1lbnRzIjoib2RldFgiLCJ1ZGYiOiI4dkJkZiIsImhhc2giOiJjODkzZTFjMWViZTQ1MTliMTUzOGE1NTEyNTUzMzRjNGRlNjZiNWRiNDQ4OWI1MTdlN2MxN2RhYzM4YWMwNTA3MGY1ZDQ3MDBiNjRlMTUyMTUyYzg5NWVlYzFhMDYyMGYzMTFlNzkyMDYzNzk5OThjZDQ2ZGE0ZDkxMzRiYzEzZSIsInJldHVyblVybCI6Imh0dHA6Ly93d3cucnVwbGVlZGV2bG9wbWVudC5jb20vc2VydmljZS93ZWJzZXJ2aWNlc192MDMvb2xhbW9uZXkvb2xhUmVzcG9uc2UucGhwIiwibm90aWZpY2F0aW9uVXJsIjoiaHR0cDovL3d3dy5ydXBsZWVkZXZsb3BtZW50LmNvbS9zZXJ2aWNlL3dlYnNlcnZpY2VzX3YwMy9vbGFtb25leS9vbGFOb3RpZnkucGhwIiwiYW1vdW50IjoxLCJjdXJyZW5jeSI6IklOUiIsImNvdXBvbkNvZGUiOiIifQ%3D%3D"
h1 == h2
# => false
URI.unescape(h1) == URI.unescape(h2)
# => true
I'm looking into different solutions regarding storing passwords in Database. After reading a lot I think i will end up with PBKDF2.
Although I'm a little bit confused regarding if I should input salt to my PBKDF2 function and store the salt in a column and the PBKDF2'd password in another column.
I'm also using CodeIgniter and found a library for PBKDF2 (https://github.com/HashemQolami/CodeIgniter-PBKDF2-Library) Which claims I don't need to store the salt separately.
Register user by using $pbkdf2['hash'] as user's password which has
been recommended; no need to store user's salt separately.
https://github.com/HashemQolami/CodeIgniter-PBKDF2-Library#step-2
So if I'm assuming correct all I need is to provide a password into the function and the function take care of the rest?
I'm the creator of CodeIgniter PBKDF2 Library. Just found this topic on SO, and I decide to clarify how this library works.
Here is the sample code from the doc:
# Load pbkdf2 library into your controller
$this->load->library('pbkdf2');
# Get password, which has been sent via POST method
$password = $this->input->post('password');
# Encrypt the given password using a random generated salt
$pbkdf2 = $this->pbkdf2->encrypt($password);
The encrypt() method, returns an array which has 3 keys: salt, password, hash.
The value of hash is the concatenation of salt and password.
This feature lets the user to choose how to use this library, whether to work with salt and password or hash (salt + password).
The syntax of encrypt() method:
encrypt( string $password [, mixed $good_hash = NULL [, bool $object_output = FALSE]] )
The function uses the given $good_hash as the salt to generate the encrypted password. And it uses a random generated salt if the $good_hash parameter is not given.
So, If you have stored the salt separately, you could pass it to the function as the second parameter to encrypt the given password:
$pbkdf2 = $this->pbkdf2->encrypt($password, $salt);
On the other hand, If you have stored the concatenation of salt and password into database, you could pass that to the function as the second parameter, too:
$pbkdf2 = $this->pbkdf2->encrypt($password, $hash);
The function will break the given $hash automatically to fetch the salt.
So, you could store the concatenation of salt and password in a column (64 characters by default) and then encrypt the new given password by using old stored one.
Putting all together
In the following, I'll show you how to work with this library to register/login the user, without storing the salt and the password separately.
Registering the user:
$this->load->library('pbkdf2');
$password = $this->input->post('password');
$pbkdf2 = $this->pbkdf2->encrypt($password);
# Store $pbkdf2['hash'] into User table as the user's password
Logging in the user:
$this->load->library('pbkdf2');
$username = $this->input->post('username', TRUE);
$password = $this->input->post('password');
# Fetch the stored user's password from the database
$user_password = $this->user_model->get_password_by($username);
# Check whether the User exists
if ($user_password)
{
# Encrypt the new given password by using the old one:
$pbkdf2 = $this->pbkdf2->encrypt($password, $user_password);
# Check whether the new generated password matches the old one
if ($pbkdf2['hash'] === $user_password) {
# Log in the user ...
} else {
# Show an error...
}
} else {
# Show an error...
}
Is it possible to add cookie like
key[index]=value
Here is my code
options[:headers][:cookies] = {:cookie_key => 'cookie_value'}
resource[options[:path]].get(options[:headers])
This code works fine but when I try something like
options[:headers][:cookies] = {:cookie_key => {} }
I get /../../util.rb:16:in 'unescape': undefined method 'tr' for #<Hash:0x0000000195f7d0> (NoMethodError)
Cookies basically can only store strings (for each first-level key).
In order to store hash in cookies values, you need serialize/deserialize the data, for example, with JSON
cookies[:i_need_to_store_hash] = hsh.to_json
and than
i_need_to_get_my_hash_back = JSON.parse(cookies[:i_need_to_store_hash])
but remember that cookies very limited in size (4096 bytes)