I'm implementing a log-in form by using Zend Framework 2.
I have a "user" table in mysql database: user(user_id INT AUTO_INCREMENT,email-address, password).
The user will input email-address and password.
My web application will call authenticate() method with the identity is email-address, the credential is password.
If the validation success, getIdentity() return the email-address.
But not only the email-address, I want to know the user_id field to use for other query after logged-in.
How can I get more information in my "user" table?
I don't want to query from database twice. (once for authentication, once for user_id).
Do you have any suggestion?
Thanks.
Just authenticate the correct user call the AuthenticationService and the method getStorage with will return you the storage container for the current user. just pass a object or your user entity in this and after calling $this->identity() you should become your custom identity object.
$authService = $this->getServiceManager('Zend\Authentication\AuthenticationService');
if ( // user auth success ) {
$userObject = array(
'foo' => 'bar',
'baz' => 'bas'
);
$authService->getStorage()->write( $userObject );
}
now by calling $this->identity() u get the following output
var_dump( $this->identity() );
//output
array(
'foo' => 'bar',
'baz' => 'bas'
)
Sometime like this
// Set the input credential values (e.g., from a login form)
$authAdapter
->setIdentity('my_username')
->setCredential('my_password')
// Print the result row
print_r($authAdapter->getResultRowObject());
/* Output:
user table
Array
(
[user_id] => 1
[email-address] => my_username
[password] => my_password
)
Also read more manual: http://framework.zend.com/manual/current/en/modules/zend.authentication.adapter.dbtable.html
Related
I tried to implement forgot password functionality and it's sending email correctly but when trying to rest the password its shows an invalid token even though I tested the token manually with Hash::check() which returns true.
Forgot Password Email Sender:
$status = Password::sendResetLink(
$request->only('email')
);
return $status == Password::RESET_LINK_SENT
? redirect()->route('success', 'forgot-password')->with(['status' => __($status)])
: back()->withErrors(['email' => __($status)]);
Reset Password Receiver:
$status = Password::reset(
$request->only('email', 'password', 'password_confirmation', 'token'),
function ($user, $password) {
$user->forceFill([
'password' => Hash::make($password),
]);
$user->save();
event(new PasswordReset($user));
}
);
I got the answer, It's my mistake when I created the table to hold the token and email I made created_at as date so only the created date is held on it so the token will be always invalid.
Solution: created_at should be either dateTime or timestamp.(So it can hold the time too)
I make http tests in my Laravel 5.7 application with profile page(which has "Profile View" page and "Profile Details" editor ), like :
$newUser->save();
$testing_user_id = $newUser->id;
$newUserGroup = new UserGroup();
$newUserGroup->group_id = USER_ACCESS_USER;
$newUserGroup->user_id = $newUser->id;
$userGroup= Group::find($newUserGroup->group_id);
$newUserSessionData = [
[
'loggedUserAccessGroups' => ['group_id' => $newUserGroup->group_id, 'group_name' => !empty($userGroup) ? $userGroup->name : ''],
'logged_user_ip' => '0',
]
];
$newUserGroup->save();
// 3. OPEN PROFILE PAGE BLOCK START
$response = $this->actingAs($newUser)
->withSession($newUserSessionData)
->get('/profile/view');
// 3. OPEN PROFILE PAGE BLOCK END
// 4. MAKING CHECKING PROFILE FOR USER CREATED AT 2) BLOCK START
$response->assertStatus(200); // to use HTTP_RESPONSE_OK
$response->assertSee(htmlspecialchars("Profile : " . $newUser->username, ENT_QUOTES));
// 4. MAKING CHECKING PROFILE FOR USER CREATED AT 2) BLOCK END
// 5. OPEN PROFILE DETAILS VIEW PAGE BLOCK START
$response = $this->actingAs($newUser)
->withSession($newUserSessionData)
->get('profile/view');
$response->assertStatus(200);
$response->assertSee(htmlspecialchars("Profile : " . $newUser->username, ENT_QUOTES));
// 5. OPEN PROFILE DETAILS VIEW PAGE BLOCK END
// 6. OPEN PROFILE DETAILS EDITOR PAGE BLOCK START
$response = $this->actingAs($newUser)
->withSession($newUserSessionData)
->get('profile/edit-details'); // http://local-votes.com/profile/edit-details
$response->assertStatus(HTTP_RESPONSE_OK);
$response->assertSee(htmlspecialchars("Profile : Details"));
// 6. OPEN PROFILE DETAILS EDITOR PAGE BLOCK END
// 7. MODIFY PROFILE DETAILS PAGE BLOCK START
$response = $this->actingAs($newUser)
->withSession($newUserSessionData)
->post('profile/edit-details-post', [
'first_name' => 'Modified : ' . $newUser->first_name,
'last_name' => 'Modified : ' . $newUser->last_name,
'phone' => 'Modified : ' . $newUser->phone,
'website' => 'Modified : ' . $newUser->website,
'_token' => $csrf_token
]);
// $response->assertStatus(205); // ???
// 7. MODIFY PROFILE DETAILS PAGE BLOCK END
////////////////////////
// 8. OPEN PROFILE DETAILS VIEW PAGE AFTER MODIFICATIONS BLOCK START
$response = $this->actingAs($newUser)
->withSession($newUserSessionData)
->get('profile/view');
$response->assertStatus(200);
$response->assertSee( htmlspecialchars('Modified : ' . $newUser->last_name) );
// 8. OPEN PROFILE DETAILS VIEW PAGE AFTER MODIFICATIONS BLOCK END
New user is added and Profile View page is opened ok, but there are problems at step // 7. MODIFY PROFILE DETAILS PAGE BLOCK START
as I see in sql trace new user is inserted but not updated.
In my control app/Http/Controllers/ProfileController.php update method is defined with validation request :
public function update_details(ProfileUserDetailsRequest $request)
{
$userProfile = Auth::user();
$requestData = $request->all();
$userProfile->first_name = $requestData['first_name'];
$userProfile->last_name = $requestData['last_name'];
$userProfile->phone = $requestData['phone'];
$userProfile->website = $requestData['website'];
$userProfile->updated_at = now();
$userProfile->save();
$this->setFlashMessage('Profile updated successfully !', 'success', 'Profile');
return Redirect::route('profile-view');
} // public function update_details(ProfileUserDetailsRequest $request)
1) Can the reason be in ProfileUserDetailsRequest and how to deal this ?
My profile details editor works ok.
My route defined as :
Route::group(array('prefix' => 'profile', 'middleware' => ['auth', 'isVerified']), function(){
Route::post('edit-details-post', array(
'as' => 'profile-edit-details-post',
'uses' => 'ProfileController#update_details'
));
At first I tried PUT, but after that I tried POST - the same without results.
2) Can you advice some proper way of User Profile details checking on // 7. MODIFY PROFILE DETAILS PAGE BLOCK START step ?
MODIFIED BLOCK # 2 :
I tried patch method, but it does not work anyway.
I have debugging method in my app/Http/Controllers/ProfileController.php
public function update_details(ProfileUserDetailsRequest $request)
{
method and when test is run I see that it is not triggered.
I use the same update_details method updating my form in brauser and it work ok(I see debugging info too).
I suppose that could be csrf issue and in header of my test file I wrote:
<?php
namespace Tests\Feature;
use Tests\TestCase;
use DB;
use Illuminate\Foundation\Testing\WithFaker;
use Illuminate\Foundation\Testing\WithoutMiddleware; // Prevent all middleware from being executed for this test class.
public function testProfilePage()
{
$csrf_token = csrf_token();
...
$response = $this->actingAs($newUser)
->withSession($newUserSessionData)
->patch('profile/edit-details-post', [
'first_name' => 'Modified : ' . $newUser->first_name,
'last_name' => 'Modified : ' . $newUser->last_name,
'phone' => 'Modified : ' . $newUser->phone,
'website' => 'Modified : ' . $newUser->website,
// '_token' => $csrf_token / I TRIED TO UNCOMMENT THIS LINE TOO
]);
$response->assertStatus(205); // making this check I see that code 419 was returned
Can decision be to add in file app/Http/Middleware/VerifyCsrfToken.php
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* #var array
*/
protected $except = [
// ???
];
If in command line I run tests as
vendor/bin/phpunit tests/Feature/ProfilepageTest.php
What have I to add in except?
Thanks!
Other than the PATCH instead of POST following are my recommendations to test your code.
Instead of ProfileUserDetailsRequest try to use simple Request.
Try to log $request variable in your update function and check if the _token and _method are available, method should be PATCH and the request variables are posted correctly.
Make a model of user table and try to update the user with that model using
$user = User::find(Auth::user()->id);
…
$user->save();
Sessions are initiated with a middleware, i think if you are disabling the middleware, session will not work.
If you are using an IDE like Visual Studio Code to run your code then try using a debugger like xdebug. Place a breakpoint in your update_details method and see if it is getting to save and save is executing. If it is then we know save is not updating correctly.
It looks like what you are doing is correct according to the documentation for update:
https://laravel.com/docs/5.7/eloquent#updates example from docs below:
$flight = App\Flight::find(1);
$flight->name = 'New Flight Name';
$flight->save();
Off the top of my head my only guess as to why it would fail is maybe getting the user off of the auth object causes problems. Take the id from the user in the auth object and use find() to grab the user then update its values and save and see if that works.
I'm trying to use auth()->login() in laravel 5.1 but it returns an error. Please see my code below:
$user = User::where('username', $username)->where('activation_code', $activation_code);
$not_activated_user = $user->where('status', 0)->where('confirmed', 0);
if($not_activated_user->count() == 1){
$not_activated_user->update([
'status' => 1,
'confirmed' => 1
]);
auth()->login($user->where('status', 1)->where('confirmed', 1));
}
I've also import use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract; and implements AuthenticatableContract in my User model, but it still returns the same error. Why is that? I also tried to use ->get() in ->login(....->get()) to get the current user, but still same error.
Error:
Argument 1 passed to Illuminate\Auth\Guard::login() must implement interface Illuminate\Contracts\Auth\Authenticatable, instance of Illuminate\Database\Eloquent\Builder given
Try
$user = User::where('username', $username)->where('activation_code', $activation_code)->firstOrFail();
$user->update([
'status' => 1,
'confirmed' => 1
]);
auth()->login($user);
}
It's working now, I just called the User model again to select the current user :)
I'm developing a application using sfDoctrineGuardPlugin and Symfony 1.4.20 then I've three users and three users groups and some permissions as follow:
user_name user_group permissions
u1 Group1 can_admin_full, can_admin
u2 Group2 can_admin
u3 Group3 no_admin
So u1 should be able to add users to the application but only can see Group2 and Group3 under Groups Options, u2 should be able to add users to the application to but only can see Group3 under Groups Options, so u1 and u2 shouldn't add users belonging to Group1, how I can get this using sfDoctrineGuard? It's possible?
NOTE: I use GroupN as a example but below in the code sample is the right names for groups and permissions!
EDIT: Improve question
So after take a closer look at this I'm trying to to the same but adapted to my code so in lib/form/doctrine/sfDoctrineGuardPlugin/sfGuardUserForm.class.php I change this:
class sfGuardUserForm extends PluginsfGuardUserForm {
public function configure() {
//groups_list
$this->getWidget('groups_list')->setOption('expanded', true);
$this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
$this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());
}
}
Also I made this changes at lib/model/doctrine/sfDoctrineGuardPlugin/sfGuardGroupTable.class.php
class sfGuardGroupTable extends PluginsfGuardGroupTable {
/**
* Returns an instance of this class.
*
* #return object sfGuardGroupTable
*/
public static function getInstance() {
return Doctrine_Core::getTable('sfGuardGroup');
}
/**
* Builds list query based on credentials
*
*/
public function getListForAdmin() {
$user = sfContext::getInstance()->getUser();
$q = $this->createQuery('g');
if ($user->hasPermissions('can_admin_full')) {
$q->addWhere('g.name IN (?)', array('Administradores Monitor', 'Monitor'));
} else if ($user->hasPermissions('can_admin')) {
$q->addWhere('g.name IN (?)', array('Monitor'));
}
return $q;
}
}
But don't work because login using a user that belongs to group "Administrador de Servicios" and has permissions 'can_admin' and 'can_admin_full' and I can see all the groups in the widget and I'm looking just for see in that case 'Administradores Monitor' and 'Monitor'
EDIT 2
Also try this other code:
$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));
And still not working, I change 'table_method' => 'getListForAdmin' to 'table_method' => 'getListForAdmin1' and nothing happens so I suspect that the method is never called
EDIT 3
Now it's working but see this:
If I use this approach:
$this->getWidget('groups_list')->setOption('expanded', true);
$this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
$this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());
Then I get this error:
SQLSTATE[HY093]: Invalid parameter number: number of bound variables
does not match number of tokens
If I use the other approach:
$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));
I get this other error:
sfWidgetFormDoctrineChoice requires the following options: 'model'.
Then I added the parameter model:
$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'model' => 'sfGuardGroup', 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));
But get the same error as first approach, I suspect the problem is in getListForAdmin() function but really don't know where exactly
What's wrong at this point?
Try to change the conditional in getListForAdmin():
if ($user->hasPermissions('can_admin_full')) {
$q->whereIn('g.name', array('Administradores Monitor', 'Monitor'));
} else if ($user->hasPermissions('can_admin')) {
$q->whereIn('g.name', array('Monitor'));
}
hi all when clicking the link on my page its not carrying the id from the template when going to the view page, so when the sql queries the database it is querying this
SELECT `Field`.`name`
FROM `pra`.`fields` AS `Field`
LEFT JOIN `pra`.`templates` AS `Template` ON (
`Field`.`template_id` = `Template`.`id`)
WHERE `template`.`id` IS NULL
the database says id should be = 2
here is the code for the view function
$fields = $this->Field->find('all',
array('fields'=>array('name','template_id'),
'conditions' => array('template_id' => $this->Auth->user('template.id'))));
$this->set('field', $fields);
updated code, the template_id still equals null
when hardcoded it works correctly, there is a problem with this line $this->Auth->user
You can try with the following code:
$fields = $this->Field->find('all',
array('fields'=>array('name'),
'conditions' => array('Field.template_id' => $this->Auth->user('template_id'))
)
);
$this->set('field', $fields);
Please be sure there must have any template_id value should be there for the current logged in user.
Kindly ask if it not worked for you.
Check the result of the find call, by doing a debug:
debug($fields);
This will show you the returned data from the query. You can add this to the end of your action method.
If the results are empty, double check the values that are stored in the session Auth key. You can do this by dumping out the session with debug($_SESSION) or use the CakePHP DebugKit. The Debug Kit offers you a small toolbar at the top right of the screen and lets you view session information and such.
function view($name){
$this->set('title_for_layout', 'Create Template');
$this->set('stylesheet_used', 'homestyle');
$this->set('image_used', 'eBOXLogoHome.jpg');
$this->layout='home_layout';
$fields = $this->Template->Field->find('list',array(
'fields'=> array('name'),
'conditions' => array(
'template_id'=> $name)));
$this->set('field', $fields);
}
it wasn't passing the param's value