i want to send authenticate user data to props vue. then i tried this:
:user="{{ Auth::user() }}" but got an errors.
Did you try to convert the user object to JSON
:user="{{ json_encode(Auth::user()) }}"
Actually, there is one tini tiny mistake here! You are using {{ Auth::user() }} which is JSON or Array! If you want to store User's ID in user Attribute, you have to use {{ Auth::user()->id }}.
If you want to Authenticate user first, you can use if Condition! For example,
#if(Auth::user())
// Your Markup Code
#endif
Let me know if it helps!
Use It like this
<post-comment user="{{ Auth::user() }}"></post-comment>
Using : is reserved for data binding for properties from data object aka Vue App Model / State.
I guess you are using this into Laravel Blade.
Dynamic Props - https://v2.vuejs.org/v2/guide/components.html#Dynamic-Props
However your way would works only If Auth::user() method return the Boolean (true/false).Otherwise It would throw an error in Browser Console.
Related
For example, I have a link to an other post like this in my template
My post
I want to be able to use the post object within the route helper to use the id.
Is there any syntax for this use case?
Or is there an other way of doing this?
Actually I had similar problems to solve this kind of cases. Your question related with Vue exactly, but the method below you can use for your case as well. Anyway you can't execute JS and PHP at the same time, cuz they're working at different sides. But as I also liked to have all routes with their aliases, I thought this approach.. You can imitate something like this:
Route::get('/', 'PostController#all')->name('all'); // all posts page
Route::get('post', 'PostController#all')->name('all_page'); // THIS IS THE THING (one additional route), WHICH WILL TAKE RESPONSIBILITY ON CASE, WHEN post_id WILL BE EMPTY
Route::get('post/{post_id}', 'PostController#post')->name('post');
This method will allow you to use the 1st and 3rd routes as normally, and as mixed too in the different places on your app like this:
{{ route('post.all') }}
{{ route('post', ['post' => $post_id]) }}
{{ route('post') }}/#{{ post.id }}
In scripts you can implement the approach like this:
let someUrl = "{{ route('post') }}/" + postObj.id;
In the view you can implement the method like this:
My post #{{ post.id }}
Currently, my solution to display an encoded ID is like that:
<p v-text='"Reservation code: "+ #json($orderJson).id'></p> //R. code: wYeyjo6l42
But I would prefer to use it like:
<p>#json($orderJson->id)</p> //but returns: 8 (not encoded)
How can I get the transformed attributes?
p.S. Yes I know it's used for API, but I'm even using it to handle objects to Vue via Blade.
Well, I dug up in the code and found out you can use resolve().
So one solution would be:
<p>Reservation code: {{ $orderJson->resolve()['id'] }}</p>
Not entirely confident I have understood security in Laravel forms enough. For example, if a form contains
<input type="hidden" name="user_id">
then obviously a hacker could change the value before submitting an update.
While I have looked here at CSRF, I've not fully understood if this is enough protection?
E.g. Taking the above, if I go to a site and open a form to edit a record I'm permitted to view but not change, and maliciously alter the "user_id", is it enough that the form is protected with {{ csrf_field() }} or must I employ some further security such as Crypt::encrypt($id) to hide the user_id (held in a database) and Crypt::decrypt($id)?
Is it considered a bad practice to expose a row id (like a user id) in a client browser (even though everything is sent over https)?
Many Thanks
No, it's not enough to use just CSRF token in this case. You also need to use policies, guards, middleware to protect your app.
In this case, someone can alter the user_id if you read it from the form and use after that, so you need to use a policy like this one to protect data (this example is from the docs):
public function update(User $user, Post $post)
{
return $user->id === $post->user_id;
}
Also, when you need to use user ID, always use auth()->id() or auth()->user() if you need whole object. Never read user ID from the form.
The Laravel framework stores the value of this CSRF field like a session variable and matches it when you submit it.
When you submit the form Laravel checks that value from the session value stored. if there is a mismatch an error is thrown !
:)
CSRF token protect the site from cross-site requests, means an external user can't duplicate the form and send a post request. Laravel create a random session token which we place in the hidden field using csrf_field() or Session::token() function. Laravel checks the session with hidden field value from the form before processing the form.
Try removing the form action. It should work.
Is it? I mean if you get the user with $user = Auth::user(); and then send it to the view with return view ('somepage')->with('user',$user); the browser will get all user data in the view (uername, password, user_id etc..). I know you can then show what you like example {{$user->username}} but the point is, is the rest of the data somehow accessible to an 'hacker', 'script kiddie' or the likes?
Auth::user() is accesible from all views anyway.
Browser will not get all info like password, user_id etc. Browser gets only HTML generated by Blade template engine and it contains only things you want to share.
For example, you'll do {{ Auth::user()->username }}, browser will get username, but nothing else.
this ones a head ache! From my understanding of laravel's flash method for sessions, once it has been set then called, it will be destroyed...
Session::flash( 'key', $data );
somewhere down the line
{{ Session::get( 'key' ) }}
I am using this for form validation. Now when the form does not validate, the application displayed the error, if I amend the form and post again, the database updates, the details are displayed correctly, but the error appears again! This is the same for if I post the form that doesn't validate, it displays the error, but if I then click the navigation link for the same page, it displays again!
Anyone come across this?
regards
Luke
I had this problem once when I did a return view() / return View::Make when it should be a return redirect()->route() in my Controller#update method.
Since Laravel 5.1, you can use the now() method which will only affect the current request :
Session::now('key', 'message');
or
session()->now('key', 'message');
Out of the laravel docs:
The flash method stores an item in the session that will expire after the next request. It's useful for storing temporary data like status or error messages.
This means, it's available at the current and also the next request. It does not get flushed automatically if you access it. To do so, use Session::flush('key');.
Session Flash preserves the session data for 2 requests because it was meant to be used during redirection.
However, I've came across a use case where I do want to use flash for just 1 request in the next view and found an easy way to do it, which is to pull from the session rather than get it. The Session::pull() gets the session data and removes from the session.
#if (Session::has('message'))
<div class="alert alert-message">{{Session::pull('message'}}</div>
#endif
Hope this helps!
It's probably some other issue with your code, if you could share your code it would help us get a better insight into this issue.
You can use the below code snippet to Flash Error messages to your laravel blade template.
#if (Session::has('message'))
<div class="alert alert-success">{{Session::get('message')}}</div>
#endif
I once had similar issue because i used Session::reflash() in my controller.
Ensure you don't have Session::reflash() somewhere in your controller or anywhere in your application, as it flashes whole session... use example: Session::keep(array('username', 'email')); to reflashing only A Subset Of Flash Data
An easy way to flash a message once when you are creating a view (and not redirecting) is:
Session::flash($key, $value);
Session::push('flash.old', $key);
Refer here.
The flash method is meant for storing the data for the next request. Ideally after flashing the data to the session you should be redirecting to a new route. (This is what the accepted answer suggests.)
But if you are not redirecting you can call the forget method after displaying the session in your blade template:
{{ session()->flash('key') }}
#php
session()->forget('flash-info');
#endphp