I am using laravel's default login and registration. I have successfully set up authentication, however I would like to send user's username and password to the emails they used during registration. How can I achieve this?
You can initiate a mail to user after you validated input received and before your create functions of your register controller present in
$email = new UserRegisterData(new User(['password' => $user->password, 'name' => $user->name]));
To do this you need to rewrite
protected function validator(array $data)
function in your register controller and modify that with this mail. as
protected function validator(array $data)
{
$email = new UserRegisterData(new User(['password' => $user->password, 'name' => $user->name]));
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:customers',
'password' => 'required|min:6|confirmed',
]);
}
once you hashed your password in create function, i think it can't be read. Also check if any security issue it may generate. Also you need to create mail as 'UserRegisterData' and add necessary code in it.
Related
I am doing the registration user
public function register(RegistrationUser $request)
{
$user = $this->usersRepo->create($request->all());
$user->activation_token = str_random(48);
$user->save();
Mail::to($user->email)->queue(new ActivationAccount($user->first_name, $user->last_name, $user->email, $request->input('password'), $url));
return redirect()->route('successful.registration')
}
My registration test is:
public function it_creates_a_new_user()
{
$this->withExceptionHandling();
$response = $this->get(route('register'))
->assertStatus(200);
$this->post('register', [
'first_name' => 'Juan',
'last_name' => 'Lopez',
'email' => 'jlopez#gmail.com',
'password' => 'secret',
'activation_tone' => str_random(48)
])->assertRedirect(route('successful.registration'));
$this->assertDatabaseHas('users', [
'email' => 'jlopez#gmail.com',
]);
}
I have two questions:
1) How can I write a test to send the registration email and verify that it sends and arrives well?
2) When the user clicks on his email he calls a method where the activation token is passed to activate his account
In my opinion you should use mail fake ,which will prevent mail from being sent. You may then assert that mailables were sent to users and even inspect the data they received.
please read laravel docs: https://laravel.com/docs/5.6/mocking#mail-fake
There must be a route which is handling activation token and functionality, so try to get the token and call route with specific token
Note: As a developer we need to make sure that our code works which our tests are confirming, Sending and delivering email should be not be covered as they considered to work as expected(by any email service provider).
I have implemented Database seeder to seed in user (default) credentials.
Admin::create(['name' => 'Super Admin', 'email' => 'admin#demo.in', 'password' => bcrypt('password') ]);
After running seed, I got success message. But when I try to make login, it says your credential are not matching. Is there any particular reason for this. Can't we seed user data with bcrypt??
If we talk about the default AuthController of Laravel 5 obviously no you can't:
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}
If you have a look at the create() function you can see that the data submitted as password is automatically bcrypted. So if you bcrypt the password too it is bcrypted a second time.
Alright, some key points :
If you're using the User model for seeding, make sure that you'r not
hashing the password twice that could happen if you have a mutator
set in your model for the password column.
Be aware of your saved passwords in the browser, prefer writing
explicitly your username and password (in this case).
Finally check if there is no typo in your username/email or password. (that was my case 🤦♂️)
I inserted the data into my user table from my seeder as so:
DB::table('users')->insert([
'Email' => 'admin#QualityBooks.co.nz',
'Name' => 'Administrator',
'PhoneNumber' => '00000',
'Password' => bcrypt('P#ssw0rd'),
'isEnabled' => true,
'isAdmin' => true
]);
This works for me and I am able to log in while using the default auth controller.
I use laravel's 5 built in authentication for login. im spending hours finding where is the database query located at that has been use when login, I want to both allow email and username is the email box. Anyone knows where that database query located at? anyone knows how to allow both username and password on the authentication.
PS: to sharpen the details, I just want the user to allow them to login both username and email.
PS: again! Im running on laravel 5 not 4!
Define both a login and an password input in your form then the request should look like :
public function authorize() {
return true;
}
public function rules()
{
return [
'login' => 'required',
'password' => 'required'
];
}
Then your login function should look like :
public function login(LoginRequest $request)
{
$field = filter_var($request->input('login'), FILTER_VALIDATE_EMAIL) ? 'email' : 'username';
$request->merge([$field => $request->input('login')]);
if ($this->auth->attempt($request->only($field, 'password')))
{
return redirect('/');
}
return redirect('/login')->withErrors([
'error' => 'You email/username or password combination is wrong.',
]);
}
This is an optimized version because instead of doing 2 attemps to verify the credentials for both : if is a username or if is a password, laravel will do the work with verifying if the given data points to an email login or username.
No user is currently logged in. Why after I create a user using a User::create() model (my application registration) which extends Eloquent does Auth say that the created user is now logged in?
var_dump(Auth::user());
$user = User::create(array(
'username' => Input::get('username'),
'email' => Input::get('email'),
'password' => Hash::make(Input::get('password'))
));
var_dump(Auth::user());
outputs:
null
object(User)[204]
protected 'table' => string 'users' (length=5)
protected 'fillable' =>
array (size=5)
0 => string 'username' (length=8)
Is this something related to the interfaces? How do I disable this? Incredibly annoying...
It seems I wasnt destroying any current sessions. The solution is to run Auth::logout() before creating the user.
I'm pretty new to drupal, so bear with me if I'm not using correct terms.
I'm trying to give a stupidly basic application access to a drupal url - this application cannot do any complicated authentication.
Otherwise, this drupal system needs authentication and all other menu hooks use 'access arguments' => array('access content')
Even before looking a solution for easy authentication method with drupal like http://user:password#server.com/awesome/member/12345, I've tried just giving anonymous access with the following code block in a drupal .module file
function awesome_module_menu() {
$items['awesome/member/%'] = array(
'title' => 'Awesome member',
'type' => MENU_NORMAL_ITEM,
'page callback' => 'aw_memberdata_fetch',
'delivery callback' => 'aw_memberdata_deliver',
'access arguments' => TRUE // this supposedly should allow anonymous access - from the web
);
return $items;
}
I have these two functions, one to fetch the data, one to show it:
function aw_memberdata_fetch(memberId)
{
//fetch array of objects from DB
...
return $items;
}
function aw_memberdata_deliver($items)
{
switch(arg(3)) //format, comes after items
{
case 'json':
drupal_json_output($items);
break;
default:
$output = makeHtml($items); //makes HTML
drupal_deliver_html_page($output);
}
}
With an authenticated browser, this works as intented. From a browser with no auth cookie I'm allowed to see the HTML, but the results are not there, it's like the page callback function doesn't run for anon users, but delivery callback does.
How do I make this work for anon users?
You are using access arguments with the default user_access function for permission verification. This will basically call user_access(true) which will return
true for authenticated user (you are probably testing with the administrator account (uid = 1)) which bypasses the verification check. Administrator has full privileges.
false for anonymous users because the string value of the first argument passed to the user_access true doesn't exist as a permission setting.
You should use either use
a custom YOURMODULE_access hook which does the permission verification
declare custom permissions for your module (YOURMODULE_permission hook)
don't use permission verification by using 'access callback' => true which gives access to anonymous and authenticated users
function awesome_module_menu() {
$items['awesome/member/%'] = array(
'title' => 'Awesome member',
'type' => MENU_NORMAL_ITEM,
'page callback' => 'aw_memberdata_fetch',
'delivery callback' => 'aw_memberdata_deliver',
'access callback' => true,
);
return $items;
}