I am trying to use default authentication facades from Laravel 5 with my custom user table. While there are some good references that show how this can be done, I spent almost two days identifying some trivial issues that caused authentication failure.
(For reference) The changes required were rather simple.
I updated 'providers' section in config/auth.php to indicate the model that represents my Authenticatable users.
Added following variables to my model
protected $table = 'my_user';
protected $primaryKey = 'my_user_id';
Updated Auth/Http/Controllers/Auth/AuthController.php. This is where I really got stuck. Since I don't depend on email address for login, I wanted a way to use username for login. There were no ways to figure this out unless you read AutheticatesUsers trait. All that required was the following line here.
protected $username = 'username';
The issue was that though I give correct username and password, I'll get the login page again or the home page (depending on where you redirect to) with guest privilege. There were no log messages indicating any problems in the login sequence. Reading the code, I figured that there are a number of exceptions raised in the validation code which invalidates the login sequence and show the login page again.
Is there a way to to override the throw...Exception() calls so that I know where and why the exception is raised. I could have saved 2 days if there are some log messages before throwing the exception. Currently I'm stuck with another similar problem and struggling due to lack of debugging information.
Related
New to Lavarel.
I am trying to debug a controller's method in Laravel, to do so I'm using Tinker (which is based on Psysh).
I added both of these versions to the breakpoint inside the method signup of my MySuperController:
extract(\Psy\Shell::debug(get_defined_vars()));
eval(\Psy\sh());
I've run php artisan tinker and done the following in the console:
$controller = app()->make('\App\Http\Controllers\Api\V1\MySuperController');
app()->call([$controller, 'signup'], ["param"=>"value"]);
When executing that, Tinker responds with: Illuminate\Validation\ValidationException with message 'The given data was invalid.'
But I never see the code stop on the breakpoint. Did I assume wrongly that I could debug step by step with Tinker?
This answer was based off of user #lagbox's comment. I asked them to make it an answer so I could choose it, but it's been 4 months, so I'm creating it myself so others can quickly see the question has been answered:
User #lagbox mentioned in a comment:
are you using a form request to validate? if so they are resolved and validated before your controller method is called
The comment was spot on. Tmethod was using a custom request class, which extended from api/application/vendor/laravel/framework/src/Illuminate/Foundation/Http/FormRequest.php . I added the eval() within that class and it finally got to the breakpoint.
I have a CMS which uses quite a large number of ajax calls. There are no visible issues, but often when I look in Laravel's log file, I see a similar rambling mess of an error message about a 'NotFoundHttpException', presumably due to one of my api calls not finding the correct route.
I love Laravel, but my god, this has got to be one of the most unhelpful errors I have ever seen. There are references there to files deep within Laravel's core which I have no reason to ever touch nor care about. If this is a routing problem (which it ostensibly is) then all I really want to know is what the URL is that is causing the problem.
Is there any way of finding out which is the problem route, or any way of re-configuring the error reporting to tell you?
Thanks.
I don't know of any way to configure Laravel's error logging in such a way, but you can do it by yourself.
The error logging happens in app/start/global.php. There you have the "Application Error Handler". You can easily add an if statement and log your own message, including the actual URL that has been called.
App::error(function(Exception $exception, $code)
{
$message = $exception;
if($exception instanceof \Symfony\Component\HttpKernel\Exception\NotFoundHttpException){
$message = 'URL '.Request::url().' not found - '.$exception;
}
Log::error($message);
});
A web site I have published is generating the error stated below when a valid user submits form content to be stored in the database:
Forbidden
You don't have permission to access /index.php/user/add on this server.
Additionally, a 404 Not Found error was encountered while trying to use an
ErrorDocument to handle the request.
This is a private web site. All users have to log-in. Some users can add content. Using CI sessions there is an added field of edit, with a value of 0 or 1 retrieved from the user's record in the user table, copied to the user_data session array at the time of log-in. The variable $this->session->userdata('edit') is used for if statements in the controller and views. Value of 1, user will see links that will bring up views (forms) to edit or add content.
This is a snippet for how I am using the variable to set menu items:
<?php if ($this->session->userdata('edit') == 1) { ?>
<li>Add</li>
<?php }; ?>
This is the basic structure for the processing of form data. This function is in the controller file user.php:
function add(){
if ($this->session->userdata('logged_in') ){
//runs form validation
if ( $this->form_validation->run() == FALSE ) {
//if false, redisplays the form and data with failed fields highlghted
}//if
if ($this->form_validation->run() == TRUE) {
//processes the data and stores in the database
}//form validation run
} else {
redirect ("user/login");
} //if...else
}//add
Examining the database after one of these Forbidden errors, no data is inserting. A redisplayed form due to validation error(s) is not happening either. These factors lead me to believe this is a server problem more than a CodeIgniter issue. If you look at this link it shows a screen shot of the error received in the browser (either Firefox or Chrome, other browsers not in use yet), it is not the usual CodeIgniter appearance for an error generated from a mistake in CI code.
The add/edit content forms are working well. As stated above, the error occurs at time of form submission. As well, it is only happening on the hosting company's server. I have checked the permissions of user.php and they are 644 like the rest of the files.
What are possible fixes? If it is a server issue, what do I look for or ask my hosting company to look at? If it is a CI sessions issue, in the documentation CodeIgniter states it uses a system different from $_SESSION super global. Is it wise to copy the user data to that array and have the code look up the data from that variable array? Or do I create a distinct array and save the keys there?
Revision and Solution
I retested the connection to the database associated with this project. I could connect. Taking things a next step, I could select records but not insert. I performed those tests with raw, simple statements.
Examining privileges for this user and the database, I discovered that while All Privileges was checked, none of the individual privileges was checked. (See this screen shot.)
I ignored the All Privileges check-box and manually checked each of the other boxes. Conducting small tests like the ones outlined above and then interacting with the form on the site, I am getting results I expect.
Things I don't understand:
How can All Privileges be checked and none of the other check-boxes checked?
I have gone back and tried to check All Privileges and then uncheck the others individually. It's not possible. From interacting with Panelbox on this host often to set-up users and associate them with a database, I know it is not usual for the state I found described above.
Programmatically, since there is only one user and set of privileges associated with a CodeIgniter site, how was the admin for this site able to insert 5 records in the database before a Forbidden error started being returned from the server?
I did not outline it when I first posted this thread, but the Forbidden error did not happen right away with uploading and running the site from the server. Since the admin was able to submit five completed forms perfectly before starting to receive errors, I presumed it was a Sessions problem. This contention was also arrived at because sometimes deleting the cookie and then logging in, I or the admin was able to submit a form and the data was inserted in the database.
Thanks for taking the time to read this.
Test user privileges associated with a database often. Sometimes things change.
I do maintenance on a classic ASP website that basically has no error handling at all yet. So users see any error message that comes across... Instead, I would like my code to be able to catch any potential error and then fire off an email before redirecting the user to a more friendly error-page.
This website is rather large, and every webpage comes with the same include file at the beginning... So ideally, I would like to set an error handler from the beginning of this include file. I haven't had any luck finding a way to do this without having to go through every page individually having error handling happen at the end of the script... Is there a possible way to code something like this from the include file?:
' Include file contents:
Function MyHandler()
'Code for triggering email goes here
response.redirect "ErrorPage.asp"
End Function
On Error call MyHandler()
Thanks in advance!
I suggest to use Custom Error Pages in IIS (Web Server), if you have access to those. You can redirect different types of errors to different scripts if you like or point them all to a single one and have there the logic for all error codes.
You can catch common errors there and maybe redirect the user to a alternative page/site, or return a specific error message.. I would suggest to use the custom error page also to log the error and some information from the session (e.g. form submit data, query strings, referrer URLs, cookies etc.) in a database and/or send a notification email to some service account to identify specific issues that are occurring and then also have something to go on to actually fix the cause of many of the errors.
Is there a way in Codeigniter to override global errors. For instance if an DB error or PHP critical occurs it wont show the error itself but something like 'Our admin guy is fixing the issue' and the error is just logged and emailed.
Codeigniter lets you handle error messages your way, depending on the HTTP status.
Refer to this documentation on error handling
In addition to #Pos5e5s3dFr3ak's answer, you should handle as many errors as you can manually. For example, if you have a database error, your code should acknowledge (or 'catch') it and perhaps load the appropriate view, or pass it onto a library that will log an email the fault, instead of displaying the intended result.
This method can be used as an alternative, or as an addition to the original answer - sometimes you need not locate the error just by its HTTP response Status Code.
As an example, you may find that the database engine in use is down. If this is the case (you would have to determine if it is indeed down - ie. you are not getting the desired response), you would pass the user on to example.com/error/database, for example.