I have created a bilingual laravel 5 application that contains two locales, en and ar.
What I want is for the site visitor to be able to change the language of the website by clicking on a link labeled with the language name.
Option 1:
Store user language in database, I have mine in users table. This is to avoid asking user each time they login to your application.
You can set 'en' as default. However if user is a guest we store locale in session.
So your migration might look like this:
<?php
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class CreateUsersTable extends Migration {
/**
* Run the migrations.
* #return void
*/
public function up()
{
Schema::create('users', function(Blueprint $table)
{
$table->increments('id');
$table->string('email')->unique();
$table->string('password', 60);
$table->string('locale', 5)->default('en');
$table->rememberToken();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*
* #return void
*/
public function down()
{
Schema::drop('users');
}
}
When user or guest clicks on a certain language link then update user locale in database or store guest choice in a session
Example :
For authenticated user or guest in your controller
public function setLocale($locale){
if(Auth::check()){
$user = User::find(Auth::user()->id);
$user->update(['locale'=>$locale]);
}else{
Session::put('locale',$locale);
}
}
We need to find a way of setting locale on each request because Laravel does not store locale set with App::setLocale() hence we are going to use a Middleware to setLocale on each request.
To understand how Laravel handles App::setLocale() here is the method in Illuminate\Foundation\Application.php that handles setting of locale
public function setLocale($locale)
{
$this['config']->set('app.locale', $locale);
$this['translator']->setLocale($locale);
$this['events']->fire('locale.changed', array($locale));
}
This method calls another method in Translator.php show below:
/**
* Set the default locale.
*
* #param string $locale
* #return void
*/
public function setLocale($locale)
{
$this->locale = $locale;
}
As you can see nothing like caching or session is used to remember locale so we must set it on each request. So lets create a Middleware for it. I will call it LocaleMiddleware.
<?php namespace App\Http\Middleware;
use Closure, Session, Auth;
class LocaleMiddleware {
public function handle($request, Closure $next)
{
if(Auth::user()){
app()->setLocale(Auth::user()->locale);
}elseif($locale = Session::has('locale')){
app()->setLocale($locale);
}
return $next($request);
}
}
Lets set the middleware to run on each request by adding it to $middleware stack in App\Http\Kernel.php
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
'App\Http\Middleware\VerifyCsrfToken',
'App\Http\Middleware\LocaleMiddleware'
];
Related
I found similar title and similar asked question on this website when I was researching to solve the problem. But none of posted answers helped me. This question might be duplicated but I could not solve the problem using existing questions on StackOverflow.
I'm trying to prevent access to users who are not logged in OR who are not member of "School" model!
In "web.php" file I used "middleware("auth")" to prevent access to users who are not logged in.
Now I created a "Policy" named "SchoolPolicy" to prevent access to users who are not member of "Schools" database/model.
When I call "view" method from SchoolPolicy, it prevents access for all authorized and unauthorized users!
I also checked and I realized "School" model returns "null" when I try to catch "user_id" foreign key from "schools" table.
The below piece of code is the way I created "Schools" table using Migration:
Schema::create('schools', function (Blueprint $table) {
$table->id();
$table->foreignId('user_id')->constrained();
$table->string('school_name');
$table->string('school_address')->nullable();
$table->string('school_email');
$table->string('school_phone')->nullable();
$table->string('url');
$table->longText('descriptions')->nullable();
$table->timestamps();
});
This is the route to view any school which is created by any user (URL can be dynamic)
Route::group(['middleware' => 'auth'], function () {
Route::get('/schools/{url}', [ViewSchool::class, 'index'])->name('yourschool.show');
});
And this is "School" model. I used php artisan make:model School command to create this model:
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Support\Facades\Auth;
class School extends Model{
use HasFactory;
/**
* The attributes that are mass assignable.
*
* #var array
*/
protected $fillable = [
'user_id',
'school_name',
'school_address',
'school_email',
'school_phone',
'url',
'descriptions'
];
}
In this section I created School Policy. However I used Laravel 8 but I also registered created Policy manually
SchoolPolicy
<?php
namespace App\Policies;
use App\Models\School;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class SchoolPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* #param \App\Models\User $user
* #return mixed
*/
public function viewAny(User $user)
{
//
}
/**
* Determine whether the user can view the model.
*
* #param \App\Models\User $user
* #param \App\Models\School $school
* #return mixed
*/
public function view(User $user, School $school)
{
return $user->id == $school->user_id;
}
}
In AuthServiceProvider.php I registered SchoolPolicy like this:
<?php
namespace App\Providers;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
use App\Models\User;
use App\Models\School;
use App\Policies\SchoolPolicy;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* #var array
*/
protected $policies = [
School::class => SchoolPolicy::class
];
/**
* Register any authentication / authorization services.
*
* #return void
*/
public function boot()
{
$this->registerPolicies();
}
}
"ViewSchool.php" file where I want to use authorize method:
<?php
namespace App\Http\Controllers\Schools;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use App\Models\User;
use App\Models\School;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Auth;
class ViewSchool extends Controller
{
public function index (School $school) {
$this->authorize('view', $school);
return view('layouts.viewschool');
}
}
I tried many ways to solve the problem, but none of them properly worked:
First Try:
public function index (School $school) {
$this->authorize('view', $school);
}
Second Try:
public function index () {
$this->authorize('view', School::class);
}
I even tried to print any output from School model but I receive "null":
public function index (School $school) {
dd($school->user_id);
}
I followed all tutorials on YouTube and official Laravel website, but in my examples I gave you, authorization doesn't work properly.
Please help me to solve this problem.
Thank you
I'm using Larvel 6
I want to add this feature to my app:
The app receives User's mobile number, then generates a mobile_number_verification_code like 145787 and updates user's table! then the generated code will be sent as SMS for user! and he/she enters the code to login!
Notice: the code can be used just 2 minutes after the generation time
this will be the User model
Schema::create('users', function (Blueprint $table) {
$table->bigIncrements('id');
$table->string('name');
$table->string('email')->unique();
$table->string('username')->unique()->nullable();
$table->string('mobile_number')->unique()->nullable();
$table->string('mobile_number_verification_code')->nullable();
$table->string('mobile_number_verification_code_expires_at')->nullable();
$table->bigInteger('mobile_number_verified_at')->nullable();
$table->timestamp('email_verified_at')->nullable();
$table->string('password');
$table->rememberToken();
$table->timestamps();
});
I want to use the Laravel default auth way, so I can use this code for attempt to login:
/**
* Attempt to log the user into the application.
*
* #param \Illuminate\Http\Request $request
* #return bool
*/
protected function attemptLogin(Request $request)
{
return $this->guard('users')->attempt(
[
'mobile_number' => '9128889966', // the mobile number
'mobile_number_verification_code' => '145787' // the code which user has received
]
, $request->filled('remember')
);
}
everything seems alright but one important point is missed:
the code can be used just 2 minutes after the generation time
How can I check the code is expired or not?
I know that I can check it after user login, then if the code is expired, use Auth::logout(); to logout him/her! but is it the best way?
It is not better to edit the attempt() method?
You can check expiration datetime on attemptLogin method of your LoginController like this:
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
class LoginController extends Controller
{
//...
/**
* Attempt to log the user into the application.
*
* #param \Illuminate\Http\Request $request
* #return bool
*/
protected function attemptLogin(Request $request)
{
return \App\User::where('mobile_number', $request->mobile_number)
->whereDate('mobile_number_verification_code_expires_at', '>=', now())
->exists()
&& $this->guard()->attempt([
'mobile_number' => $request->mobile_number
'mobile_number_verification_code' => $request->mobile_number_verification_code
], $request->filled('remember')
);
}
Another way is to define a custom UserProvider that implements Illuminate\Contracts\Auth\UserProvider interface or extends Illuminate\Auth\EloquentUserProvider and override validateCredentials and/or retrieveByCredentials methods. Then register your customized UserProvider and set it as custom driver on config/auth.php file. See Laravel docs form more info about this.
No idea why I'm getting this error...
Call to a member function getRememberToken() on null (View: /home/vagrant/temptools/resources/views/layouts/main.blade.php) (View: /home/vagrant/temptools/resources/views/layouts/main.blade.php)
I have an Auth::check() on that blade page
I'm using https://github.com/invisnik/laravel-steam-auth
Routes:
Route::get('login', 'AuthController#redirectToSteam')->name('login');
Route::get('login/handle', 'AuthController#handle')->name('login.handle');
Route::post('logout', 'Auth\LoginController#logout')->name('logout');
AuthController:
namespace App\Http\Controllers;
use Invisnik\LaravelSteamAuth\SteamAuth;
use App\User;
use Auth;
class AuthController extends Controller
{
/**
* The SteamAuth instance.
*
* #var SteamAuth
*/
protected $steam;
/**
* The redirect URL.
*
* #var string
*/
protected $redirectURL = '/';
/**
* AuthController constructor.
*
* #param SteamAuth $steam
*/
public function __construct(SteamAuth $steam)
{
$this->steam = $steam;
}
/**
* Redirect the user to the authentication page
*
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function redirectToSteam()
{
return $this->steam->redirect();
}
/**
* Get user info and log in
*
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function handle()
{
if ($this->steam->validate()) {
$info = $this->steam->getUserInfo();
if (!is_null($info)) {
$user = $this->findOrNewUser($info);
Auth::login($user, true);
return redirect($this->redirectURL); // redirect to site
}
}
return $this->redirectToSteam();
}
/**
* Getting user by info or created if not exists
*
* #param $info
* #return User
*/
protected function findOrNewUser($info)
{
$user = User::where('id', $info->steamID64)->first();
if (!is_null($user)) {
return $user;
}
return User::create([
'name' => $info->personaname,
'avatar' => $info->avatarfull,
'id' => $info->steamID64
]);
}
}
app/User:
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use Notifiable;
protected $fillable = [
'id', 'name', 'avatar',
];
protected $hidden = [
'remember_token',
];
}
create_users_table migration:
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class CreateUsersTable extends Migration
{
/**
* Run the migrations.
*
* #return void
*/
public function up()
{
Schema::create('users', function (Blueprint $table) {
$table->bigInteger('id')->unsigned();
$table->string('name');
$table->string('avatar');
$table->rememberToken();
$table->timestamps();
$table->primary('id');
});
}
/**
* Reverse the migrations.
*
* #return void
*/
public function down()
{
Schema::dropIfExists('users');
}
}
Have deleted the password recovery migration.
I also get the error if I hit the logout path:
Call to a member function getRememberToken() on null
========
Looking into errors, the error seems to be in laravel/framework/sec/Illuminate/Auth/EloquentUserProvider.php line 67
public function retrieveByToken($identifier, $token)
{
$model = $this->createModel();
$model = $model->where($model->getAuthIdentifierName(), $identifier)->first();
$rememberToken = $model->getRememberToken();
return $model && $rememberToken && hash_equals($rememberToken, $token) ? $model : null;
}
Still no idea how to fix it though
Looks like this package uses Laravel Auth... How do you set unique ID for your users? Generally you should auto increment them... Don't forget that Laravel's auth is reliant on many conventions... Look at AuthenticatesUsers trait for a peek... but one of the fields required is email...
trait AuthenticatesUsers
{
/**
* Get the login username to be used by the controller.
*
* #return string
*/
public function username()
{
return 'email';
}
}
Take a look around the Auth structure, look at the default 'web' guard (look at auth.php in the config directory as a starting point... ).
public function up()
{
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('name');
$table->string('email')->unique(); //Unique ID for login in laravel? The AuthenticatesUser trait uses email as username...
$table->string('password');
$table->string('avatar');
$table->rememberToken();
$table->timestamps();
});
}
Hope this helps...
Go into this function parent:
public function retrieveByToken($identifier, $token){
$model = $this->createModel();
$model = $model->where($model->getAuthIdentifierName(), $identifier)->first();
$rememberToken = $model->getRememberToken();
return $model && $rememberToken && hash_equals($rememberToken, $token) ? $model : null;
}
dump the model and $identifier,
create a model row with that identifier and it will fixed!
I'm trying to check if the user has permission to a certain model. Up until now (with Laravel 5.2), I added this code at the constructor:
public function __construct()
{
if (!Auth::user()->hasPermission('usergroups')) {
abort(404);
}
}
Now, after upgrading to Laravel 5.3, Auth::user() returns null when being called from the controller's constructor. If I call it within any other method of the class, it returns the currently logged in user.
Any Ideas why?
See here:
Session In The Constructor
In previous versions of Laravel, you could access session variables or
the authenticated user in your controller's constructor. This was
never intended to be an explicit feature of the framework. In Laravel
5.3, you can't access the session or authenticated user in your controller's constructor because the middleware has not run yet.
As an alternative, you may define a Closure based middleware directly
in your controller's constructor. Before using this feature, make sure
that your application is running Laravel 5.3.4 or above:
<?php
namespace App\Http\Controllers;
use App\User;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
class ProjectController extends Controller
{
/**
* All of the current user's projects.
*/
protected $projects;
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware(function ($request, $next) {
$this->projects = Auth::user()->projects;
return $next($request);
});
}
}
Of course, you may also access the request session data or
authenticated user by type-hinting the Illuminate\Http\Request class
on your controller action:
/**
* Show all of the projects for the current user.
*
* #param \Illuminate\Http\Request $request
* #return Response
*/
public function index(Request $request)
{
$projects = $request->user()->projects;
$value = $request->session()->get('key');
//
}
class StudentController extends Controller
{
public $role;
public function __construct()
{
$this->middleware(function ($request, $next) {
if (!Auth::user()->hasPermission('usergroups')) {
abort(404);
}
return $next($request);
});
}
}
Hope help you!!!
Update:
Get your code inside
$this->middleware(function ($request, $next) {
//your code
return $next($request);
});
Because you're attempting to access the instance before the middleware even fires. You can use request()->user() instead.
In my Laravel app users can disable (not delete) their account to disappear from the website. However, if they try to login again their account should be activated automatically and they should log in successfully.
This is done with "active" column in the users table and a global scope in User model:
protected static function boot() {
parent::boot();
static::addGlobalScope('active', function(Builder $builder) {
$builder->where('active', 1);
});
}
The problem now is that those inactive accounts can't log in again, since AuthController does not find them (out of scope).
What I need to achieve:
Make AuthController ignore global scope "active".
If username and password are correct then change the "active" column value to "1".
The idea I have now is to locate the user using withoutGlobalScope, validate the password manually, change column "active" to 1, and then proceed the regular login.
In my AuthController in postLogin method:
$user = User::withoutGlobalScope('active')
->where('username', $request->username)
->first();
if($user != null) {
if (Hash::check($request->username, $user->password))
{
// Set active column to 1
}
}
return $this->login($request);
So the question is how to make AuthController ignore global scope without altering Laravel main code, so it will remain with update?
Thanks.
Create a class GlobalUserProvider that extends EloquentUserProvider like below
class GlobalUserProvider extends EloquentUserProvider {
public function createModel() {
$model = parent::createModel();
return $model->withoutGlobalScope('active');
}
}
Register your new user provider in AuthServiceProvider:
Auth::provider('globalUserProvider', function ($app, array $config) {
return new GlobalUserProvider($this->app->make('hash'), $config['model']);
});
Finally you should change your user provider driver to globalUserProvider in auth.php config file.
'providers' => [
'users' => [
'driver' => 'globalUserProvider',
'model' => App\Models\User::class
]
]
protected static function boot()
{
parent::boot();
if (\Auth::check()) {
static::addGlobalScope('active', function(Builder $builder) {
$builder->where('active', 1);
});
}
}
Please try this for login issue, You can activate after login using withoutGlobalScopes().
#Sasan's answer is working great in Laravel 5.3, but not working in 5.4 - createModel() is expecting a Model but gets a Builder object, so when EloquentUserProvider calls $model->getAuthIdentifierName() an exception is thrown:
BadMethodCallException: Call to undefined method Illuminate\Database\Query\Builder::getAuthIdentifierName() in /var/www/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php:2445
Instead, follow the same approach but override more functions so that the right object is returned from createModel().
getQuery() returns the builder without the global scope, which is used by the other two functions.
class GlobalUserProvider extends EloquentUserProvider
{
/**
* Get query builder for the model
*
* #return \Illuminate\Database\Eloquent\Builder
*/
private function getQuery()
{
$model = $this->createModel();
return $model->withoutGlobalScope('active');
}
/**
* Retrieve a user by their unique identifier.
*
* #param mixed $identifier
* #return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveById($identifier)
{
$model = $this->createModel();
return $this->getQuery()
->where($model->getAuthIdentifierName(), $identifier)
->first();
}
/**
* Retrieve a user by their unique identifier and "remember me" token.
*
* #param mixed $identifier
* #param string $token
* #return \Illuminate\Contracts\Auth\Authenticatable|null
*/
public function retrieveByToken($identifier, $token)
{
$model = $this->createModel();
return $this->getQuery()
->where($model->getAuthIdentifierName(), $identifier)
->where($model->getRememberTokenName(), $token)
->first();
}
}
Sasan Farrokh has a right answer. The only thing not to rewrite createModel but newModelQuery and this will work
protected function newModelQuery($model = null)
{
$modelQuery = parent::newModelQuery();
return $modelQuery->withoutGlobalScope('active');
}
Extend the AuthController with the code you used in your OP. That should work.
public function postLogin(Request $request)
{
$user = User::withoutGlobalScope('active')
->where('username', $request->username)
->first();
if($user != null){
if (Hash::check($request->password, $user->password)){
$user->active = 1;
$user->save();
}
}
return $this->login($request);
}
I resolved it by creating the new package.
mpyw/scoped-auth: Apply specific scope for user authentication.
Run composer require mpyw/scoped-auth and modify your User model like this:
<?php
namespace App;
use Illuminate\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Authenticatable as UserContract;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Model;
use Mpyw\ScopedAuth\AuthScopable;
class User extends Model implements UserContract, AuthScopable
{
use Authenticatable;
public function scopeForAuthentication(Builder $query): Builder
{
return $query->withoutGlobalScope('active');
}
}
You can also easily pick Illuminate\Auth\Events\Login to activate User on your Listener.
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Event;
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
class EventServiceProvider extends ServiceProvider
{
/**
* The event listener mappings for the application.
*
* #var array
*/
protected $listen = [
\Illuminate\Auth\Events\Login::class => [
\App\Listeners\ActivateUser::class,
],
];
/**
* Register any events for your application.
*
* #return void
*/
public function boot()
{
parent::boot();
//
}
}
<?php
namespace App\Listeners;
use Illuminate\Auth\Events\Login;
class ActivateUser
{
/**
* Handle the event.
*
* #param Illuminate\Auth\Events\Login $event
* #return void
*/
public function handle(Login $event)
{
$event->user->fill('active', 1)->save();
}
}
I had to use
->withoutGlobalScopes() instead
in order for it to work