I am using Laravel and Stormpath for User Management. I am able to register and login user successfully using AJAX.
After successful login only the url is returned to AJAX, but after login when I go to User specific pages I am not able to fetch User Data.
Registration and Login happens in RegisterController
User Pages are rendered using UserController
I've tried to get User data using
$user = app('stormpath.user');
in UserController, but when I do dd($user) null is returned.
How to persist or get User Data after successful login or sign-up in other Controllers?
Any help appreciated! Thanks in advance!
For the Stormpath Laravel integration, when you run AJAX calls, we do not set any cookies. We provide you with the JWT in the header response that you will need to look at and then store them youself. The JWT will then need to be attached to all other requests as a Bearer token which will allow you to use the `$user = app('stormpath.user') method to get the user information out of the JWT.
I finally got everything working. Thank you #bretterer
// Stormpath user account creation
\Stormpath\Client::$apiKeyProperties = "apiKey.id="
.env('STORMPATH_CLIENT_APIKEY_ID').
"\napiKey.secret=".env('STORMPATH_CLIENT_APIKEY_SECRET');
$client = \Stormpath\Client::getInstance();
$apps = $client->tenant->applications;
$apps->search = array('name' => 'My Application');
$application = $apps->getIterator()->current();
$account = \Stormpath\Resource\Account::instantiate(
[
'givenName' => $request->input('username'),
'middleName' => '',
'surname' => 'StromTrooper',
'username' => $request->input('username'),
'email' => $request->input('user_mail'),
'password' => $request->input('user_pass'),
'confirmPassword' => $request->input('user_pass')
]
);
// Create User Account and Log-in the User
try
{
$response = $application->createAccount($account);
$passwordGrant = new \Stormpath\Oauth\PasswordGrantRequest(
$request->input('user_mail'),
$request->input('user_pass')
);
$auth = new \Stormpath\Oauth\PasswordGrantAuthenticator($application);
$result = $auth->authenticate($passwordGrant);
$atoken = cookie("access_token",
$result->getAccessTokenString(),
$result->getExpiresIn()
);
$rtoken = cookie("refresh_token",
$result->getRefreshTokenString(),
$result->getExpiresIn()
);
$response_bag['success'] = url('userprofile');
}
catch (\Stormpath\Resource\ResourceError $re)
{
$response_bag['error'] = $re->getMessage();
$atoken = 'null';
$rtoken = 'null';
}
return response()
->json($response_bag)
->withCookie($atoken)
->withCookie($rtoken);
and in the User controller I am able to access the user details using app('stormpath.user');
and since I was using Laravel 5.1
I had to comment out $token = $request->bearerToken(); from vendor/stormpath/laravel/src/Http/Middleware/Authenticate.php from function public function isAuthenticated(Request $request)
Related
I'm using laravel 8. I'm trying to implement sign in with google option for a mobile application and developing API using laravel Socialite. I don't know how to do this proper way. But I followed this article
I used google access token and passed using postman.
here is my route
Route::get('/customer/login/google', [CustomerAPIController::class,'google']);
here is my function as the article given
public function google(Request $request)
{
$provider = "google";
$token = $request->input('access_token');
$providerUser = Socialite::driver($provider)->userFromToken($token);
// check if access token exists etc..
$user = User::where('provider_name', $provider)->where('provider_id', $providerUser->id)->first();
// if there is no record with these data, create a new user
if($user == null){
$user = User::create([
'provider_name' => $provider,
'provider_id' => $providerUser->id,
]);
}
// create a token for the user, so they can login
$token = $user->createToken(env('APP_NAME'))->accessToken;
// return the token for usage
return response()->json([
'success' => true,
'token' => $token
]);
}
But I got this error when passing the access token,
"Trying to access array offset on value of type null"
I don't know my progress is correct. But I found the issue is coming from this line of the function,
$providerUser = Socialite::driver($provider)->userFromToken($token);
What is the wrong in here? does my whole procedure incorrect.? how to implement this. IF there is a answer or guide, that would be very helpful.(If the description unclear or if there is missing data please inform)
I'm using sanctum to authenticate the API calls.
I'm loading images and videos within an app, and as I want the user to be logged in and actually be able to identify which user is requesting the image or video, I'm adding the bearer token as a parameter within the video/image URL.
i.e. <img src="https://mysite.test/private/video?e=XXXXX&tk=my_bearer_token" />
On the backend I'm then doing something like:
public function getPrivateVideo (Request $request) {
$validator = Validator::make($request->all(), [
'e' => 'required|exists:employees,id',
't' => 'required|exists:course_lesson_videos,code',
'tk' => 'nullable'
]);
if(auth()->check(){
$user = auth()->user();
}elseif($request->tk){
$user = get user by access token or fail
}else{
return abort('403');
}
Log::info([$user->id,$request->e,$request->t]);
$video_code = $request->t;
if($validator->fails() || $request->user()->client_employee->id !== $request->e || !CourseLessonVideo::join('course_lesson_questions as clq','clq.lesson_id','course_lesson_videos.lesson_id')->join('course_employee_assigned_questions as ceaq','ceaq.question_id','clq.id')->where('employee_id',$request->e)->where('code',$video_code)->first())
return abort('403');
return response()->file(storage_path('app/videos/'.$video_code));
}
I assume it must be possible somehow?
To get a user by tokens
try this code
findToken()
use Laravel\Sanctum\PersonalAccessToken;
$token = PersonalAccessToken::findToken($request->get('tk'));
$user = $token->tokenable;
Or
$token = PersonalAccessToken::where('token', $token)->first();
$user = $token->tokenable;
I have a Laravel app that currently uses the built-in authentication system to determine who is logged in or not logged in. The built-in authentication uses a session based system. I am transitioning to a custom authentication system that uses random tokens stored either in local storage or cookies to determine user identity.
I am currently using the following:
public function auth{
$user = array(
'email' => Input::get('email'),
'password' => Input::get('password'),
'active' => 1
);
if(Auth::attempt($user, true)){
$userId = Auth::id();
$salt = $customGenerator->generateSalt();
$userToken = $customGenerator->generateTokenAndSaveInDB($userId, $salt);
// Can I also sent $userToken to index.welcome to store in localStorage?
return Redirect::route('index.welcome');
}
else{
return Redirect::route('index.failed');
}
}
The above will redirect the user to a specific page if their credentials were valid. I would also like to have $userToken be sent to this new page so I can store it in the client's local storage.
Is this possible with Laravel?
can you try
return Redirect::route('index.welcome', array('userToken' => $userToken));
Laravel Forum
I am making an application and I want users to login with their google account. I have user oauth-4-laravel and I have this:
UserController.php
// get data from input
$code = Input::get('code');
// get google service
$googleService = Artdarek\OAuth\Facade\OAuth::consumer("Google");
if (!empty($code)) {
// This was a callback request from google, get the token
$token = $googleService->requestAccessToken($code);
// Send a request with it
$result = json_decode($googleService->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
$user = DB::select('select id from users where email = ?', array($result['email']));
if (empty($user)) {
$data = new User;
$data->Username = $result['name'];
$data->email = $result['email'];
$data->first_name = $result['given_name'];
$data->last_name = $result['family_name'];
$data->save();
}
if (Auth::attempt(array('email' => $result['email']))) {
return Redirect::to('/');
} else {
echo 'error';
}
}
// if not ask for permission first
else {
// get googleService authorization
$url = $googleService->getAuthorizationUri();
// return to facebook login url
return Redirect::to((string) $url);
}
}
After this i get successfully user info and can save user name, in my database. The problem is that after this I want to redirect user to home page and can't do this because with normal login i chec authentication:
if (Auth::attempt(array('email' => Input::get('email'), 'password' => Input::get('password')))) {
return Response::json(["redirect_to" => "/"]);
and with google login i get onlu username , user id and email. How to login directly the user after google login?
If you need to log an existing user instance into your application, you may simply call the login method with the instance:
$user = User::find(1);
Auth::login($user);
This is equivalent to logging in a user via credentials using the attempt method.
For further info see: http://laravel.com/docs/security#manually
Upon login, I return the user object + session token in JSON form, so that the mobile device that connects to my application can be authenticated.
However, I have a difficulty understanding how would I go about authenticating the user only with his session id?
Once logged in, the mobile device sends the session token upon every request, which means I somehow need to check whether it's the same user (using a custom auth filter).
How would I do it?
You may have a table for saving tokens
Add a filter in routes.php
Route::group(array('before' => 'auth'), function() { ... })
And in the filters.php you can search the token in the database, if isn't exist you return a no access response
Route::filter('auth', function () {
$input_token = Input::get('token');
if (!empty($input_token)) {
$validator = Validator::make(
['token' => $input_token],
['token' => 'token']
);
if (!$validator->fails()) {
$token = Token::where('hash', $input_token)->first();
if ($token) {
$user = User::find($token->user_id);
if ($user) {
Auth::login($user);
return;
}
}
}
}
$response = Response::make(json_encode([
'error' => true,
'messages' => [
Lang::get('errors.NO_ACCESS')
]
]), 200);
$response->header('Content-Type', 'application/json');
return $response;
});
You could do it like this:
$sessionID = '4842e441673747d0ce8b809fc5d1d06883fde3af'; // get this from \Session::getId(); from your previous authenticated request (after logging in because it changes).
$s = new \Illuminate\Session\Store(NULL, \Session::getHandler(), $sessionID);
$s->start();
$userID = $s->get('login_82e5d2c56bdd0811318f0cf078b78bfc');
\Session::set('login_82e5d2c56bdd0811318f0cf078b78bfc', $userID);
return \Auth::user();
Not the prettiest code but it works. It creates an instance of a session using the previous Session ID, then start loads it up from file. The user ID is in that key, so then it just sets the user id on the current session. Then when you call Auth::user() it loads up the User using that user id.
The reason for all the numbers in the key is because the larval developer thought it would be smart to hash the Auth class name to make the key as unique as possible... :-S