Authenticate user by link (Laravel 5.3)
I'm trying to authenticate user when he follows a special link.
I find the user by the link parameters and authenticate him like this
Auth::loginUsingId($client->id);
After that Auth::user() returns the user I needed, that's all fine.
But when I trying to acccess user's profile page it redirects me to /login.
If I log in in browser using the same user's credentials I can see the profile page.
Seems that it doesn't save info to session.
What have I missed?
I have seen that if you output anything before Auth::attempt() (same as loginUsingId) it does not work. Make sure you have no echo statements, dd, print, or anything else before or after you attempt the login. But, this should work for you:
Say, for this example that your URL is somedomain.com/autoLogin?userid=1
public function autoLogin(Request $request){
$id = $request->userid;
$user = Account::find($id);
Auth::login($user);
}
This will persist the session.
Related
I have an application with SvelteKit + MSAL, my authentication page works fine, and authenticate all users without error. My login button is on my main page (http://localhost:3000). The authentication with MSAL works fine, after the authentication, its redirected to the page (http://localhost:3000/home).
I logged out from all my accounts in my browser, and when I tried to access my home page, through http://localhost:3000/home, I could access it without any authentication. I though that could be some error with cache, then I went to another PC, and did the same test and I was able to reach my home page without authentication. I looked for route protection with MSAL, but I couldn't find anything related with MSAL.Not sure if I missed something or any settings on my MSAL.js. I am using MSAL-browser. I want the user to be authenticated in all my routes.
export async function protectedRoute() {
let name = msalInstance.getAccountByHomeId.length;
if (name == 0) {
goto("/");
}
}
This is the code I have tried to use but it didn't work, I was trying to get the lenght of my users logged in, and if it was zero to redirect to the login page. I tried to use the same logic to get the name but its not showing the name of the users on my MSAL instance.
Thanks
How can I extract data from a website that is protected with a login and password via mql4?
I have the login credentials so this is not about hacking. I can get the html for any website but if a website has a login I can't get passed it.
I don't even know if login to a website is possible with mql4.
Anyone knows how to do this (if possible) ?
Many thanks
I need to ask user for a password each time he using Google OAuth.
There was an option I have used "max_auth_age", but it stops working.
Is there any replacement for this option. If not - could you please suggest where can I submit something like "feature request" to Google to restore this feature.
Thanks.
UPD
I have read possible duplicate topic and tried to use max_age instead max_auth_age. It did not help.
p.s I know that the main idea of OAuth2 not to use any passwords prompts, but its customer requirement. He is afraid that person, who not allowed to use system can have access on shared computer if someone forgot to logout from Gmail.
Aside from BCM and ehsan s' concerns, it is possible to revoke access to your application AND ask for a password on subsequent login attempts.
Following is a NodeJS example with googleapis, but is simple enough to work for all applications:
const google = require('googleapis').google;
const oauth2Client = new google.auth.OAuth2(
'client_id',
'client_secret',
'redirect_uri'
);
// Sign-in code (omitted) here
async function signOut() {
return await oauth2Client.request({
url: 'https://accounts.google.com/Logout',
method: 'GET'
});
}
Unlike oauth2Client.revokeCredentials, requesting https://accounts.google.com/Logout will make google ask for password on subsequent sign-in attempts.
Bare in mind that this request will sign the user out of all google services on the client.
This wont affect other clients on the device however - i.e. sign-out of NodeJS app will not cause the user to be logged out of gmail in Chrome browser running on the same machine and under the same user.
Hope this helps :)
I have logged into a website by writting the below code in file xyz.php. When I run this file I get logged into the moodle website. Is there any way to logout similarly to the below login code?
$user = authenticate_user_login($username, $password);
complete_user_login($user);
If you take a look at the file https://github.com/moodle/moodle/blob/master/login/logout.php you will see a call to the function require_logout()
This should ensure the user is logged out.
i'm implementing a form based authentication for my web application.
i created some users in the JDBCrealm on TomEE server and allow only particular users to access the protected jsf pages.
Now authentication works perfectly and if there is a username password mismatch it is redirected to the error page.
the problem i'm facing here is, if i try to login with the user already available in the JDBCrealm who is not authorised to access the protected the page im getting 403 error.
When I come back and try again get to protected pages i can't again login. Is it because information about my login is remembered in session and I have to invalidate session?
Even if I don't login ?
EDIT:
i ask about at forum: http://openejb.979440.n4.nabble.com/Bug-in-security-TomEE-td4665009.html
and i think its the best answer for my question
instead of trying to implement this yourself take a look to something like spring security, it provides most of the options you will need and if you need to extend it is easy as well