I just installed the ion-auth library and I'm trying to do some basic operations with it, including registering and logging in. Registering works just fine (I can see the row has been added to the database), but trying to login with the same credentials as I used to create the user with doesn't work for some reason.
This is the basic flow:
$username = $this->input->post('username');
$password = $this->input->post('password');
$email = $this->input->post('email');
$additional_data = array(
'first name' => 'John',
'last_name' => 'Doe'
);
$this->ion_auth->register($username,$password,$email,$additional_data);
$this->ion_auth->login($username, $password, TRUE);
But for whatever reason, the login mechanism simply won't work. Hope someone can help.
I have also had he struggle that i could not login with ion_auth, i could only login with the admin credentials.
For me the answer was simple but very specific. It may not answer the question for you, but it just might.
I had a redirect from the login to the dashboard controller. Only the dashboard controller was only viewable by an admin. If the user wasn't an admin, it was redirected to the login page.
Therefore it looked like the user was not logged in, but he was.
Related
I'm new to CodeIgniter and I installed the codeigniter4/shield authentication and authorization framework for CodeIgniter 4.
I need the session data of the logged-in User such as username, and email.
How can I get it?
What I've tried so far.
$item = $session->get('item');
$name = $_SESSION['name'];
Solution:
Get logged-in username:
auth()->user()->username;
Get logged-in User email:
auth()->user()->getEmail();
Get the 'date & time' when the logged-in User account was created:
auth()->user()->created_at->toDateTimeString();
Get all logged-in User data.
auth()->user()->toRawArray();
Reference:
Auth Helper
The auth functionality is designed to be used with the auth_helper
that comes with Shield. This helper method provides the auth()
command which returns a convenient interface to the most frequently
used functionality within the auth libraries. This must be loaded
before it can be used.
// get the current user
auth()->user();
// get the current user's id
auth()->id();
// or
user_id();
How do I combine Passport authentication and normal laravel authentication?
I want the user to be logged in on pages of web-middleware and api-middleware. The login route is in api-middleware. Currently I have set up Passport authentication and it works fine for all api-middleware routes. How to make the user logged in in web-middleware as well?
Edit #1
What Im doing:
Login code
$http = new \GuzzleHttp\Client();
try {
$response = $http->post(config('services.passport.login_endpoint'), [
'form_params' => [
'grant_type' => 'password',
'client_id' => config('services.passport.client_id'),
'client_secret' => config('services.passport.client_secret'),
'username' => $args['email'],
'password' => $args['password']
]
]);
$user = User::where('email', $args['email'])->first();
Auth::guard('web')->login($user);
return [
"token" => $response->getBody()->getContents(),
"user" => $user
];
} // ...
Somewhere in some web-middleware route
return auth()->check() ? "logged in" : "not logged in";
returns "not logged in"
Ideally you shouldn't, as passport auth is for a separate app communicating to the API and laravel preshipped auth is for MVC, they are separate user sessions.
But assuming you know what you are doing, either call Auth::login($user); on user login via API, or generate the passport token when the user login through web middleware auth, whichever login happens first...
Remember Auth::login($user); creates a user session and sets cookies to refer to that session... So you create for yourself a new problem were on logout, there are two places to logout from... as technically the user is logged in twice, with passport token and with a cookie referring to his session...
Actually I'm in a situation like you were. I have searched a lot about it. I always needed web authentication because of nature of my projects but in addition I started to develop projects with api backend soo late in comparing with web development world.
I'm a bit lazy so I generally use Laravel Passport and without working always out of the box, it does the job so in my opinion if you want just the functionality of access tokens for api security, put your user login authentication on web side and just authenticate the api endpoints with auth:api middleware in your api.php file.
I know that that's not the best practice but since it sounds that you are not developing a pure Laravel SPA then you can follow the route for Laravel Multipage application with Vue powered.
But believe me best way is to use either web authentication or api authentication not together then as the above answer says, you will have two authentication working at the same time which does not sound ok.
At the end, when you want to get the authenticated user on blade templates you will use
auth()->user()
but on the other hand in api controllers you should use
auth('api')->user()
which is nice to have but dangerouse to use.
If you need to log an existing user instance into your application, you may call the login method with the user instance.
Auth::login($user);
You can also use the guard() method:
Auth::guard('web')->login($user);
See the documentation here for more information: https://laravel.com/docs/5.8/authentication#authenticating-users
Question: why can I not authenticate a known registered user through Adldap despite being able to access information about the user using Adldap on laravel 5.2?
I am attempting to use Adldap on laravel 5.2 to authenticate users at a university. I have successfully managed to connect to the ldap server with the admin credentials and can even retrieve information about the user.
`
namespace App\Http\Controllers;
use Auth;
use Input;
use Adldap;
class AuthController extends Controller
{
public function authenticate()
{
$username = Input::get('username');
$password = Input::get('password');
$authentic = Adldap::authenticate($username,$password);
$userData = Adldap::users()->find($username);
var_dump( $authentic );
dd( $userData );
}
}
`
when I try to log in, dumping $authentic gives me false despite having the correct password (I dumped it as well to check). However, with the same username if I dump $userData i get a massive array of (correct) user information. Using my username, if I open the $userData object up I can see what email groups i'm in, my campus mailing address, my work title etc.
Dumped variables. I am very new to using ldap and am not quite sure how everything works. Also, its probably worth noting that despite me being the guy doing the setup and such I do not have much access to the servers. Everything is on an as needed basis.
One though was that the ldap server took care of any password hashing on that end. However, since i'm getting connected but the authentication fails could it be that I need to hash the password on my end? Please explain any solutions in detail. As an Ag engineer none of this is exactly my field but sometimes branching out is a necessity.
There are no errors. I'm on wamp and in logs/php_error (I assume this is the equivalent local version of /var/log/debug). Additionally, apache_error shows no problems.
You better check the messages created in /var/log/debug while trying to log in. Please add these messages to this post.
There was no "error" on my end. The Ldap server was simply configured to accept the users full email address and not their short id as I was using.
I want to login users after authenticating them using OAuth and Google account without entering any password.
I know Auth::login functon can do such action but I don't know how to get the user instance while they haven't been authenticated yet.
Is there a way to do that?
You can 'manually' log a user in in two diefferent ways:
// log user in by ID
Auth::loginUsingId([id of user]);
Or
$user = User::find([id here]);
// or maybe
$user = User::whereUsername([username here])->first();
// and then
Auth::login($user);
See the documentation for authentication.
How can the username be sent to a user in the Joomla PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT?
The Joomla "forgot your password" process sends an email containing a token to the user. They can then use the url in the email to go to the "Confirm your account" page. But here they need to enter their username as well as the token. If the user has forgotten their password, they are unlikely to remember their username. So I'd like to display the username in the email to make it easy for users to reset their forgotten password.
The site uses Joomla 1.5.23.
Thanks.
Edited to add more info:
I've seen this item about the same issue:
Email Message configuration for forgot password
But that adds $fromname into the email; and that's the site name as shown in sent emails. It is not the username. So I don't believe that's the solution.
So I think I need a similar edit in components/com_user/models/reset.php to include the username in the email message in this line (about line 256):
$body = JText::sprintf('PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT', $sitename, $token, $url);
Just adding $username (which is referred to earlier in the file) displays nothing.
And then I would amend the language to refer to the username variable in the following file:
language/en-GB/en-GB.com_user.ini
You are trying to add the user name in the forgot email?
then you can try this.
you can find some line similar to this. in the reset model.
$user =& JFactory::getUser();
here the $user object the current requested user email(if exists).
The you will get all the details of that user by using this object.
like $user->username,$user->email etc.
This is not solving your problem,Then you should try a custom query to fetch the details of the user from jos_users using the requested email id(is unique).
Hope this will help..
Firstly and I know this isn't part of your issue, but please upgrade to Joomla 1.5.26 which is the latest version of the 1.5 series.
Then try adding the following to the function:
$user =& JFactory::getUser();
$user2 = $user->username;
then change replace the $body variable with this:
$body = JText::sprintf('PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT', $sitename, $user2, $token, $url);