I recently encountered a SwiftMail error while trying to send a mail through gmail.
Expected response code 250 but got code "535", with message "535-5.7.8 Username and Password not accepted.
I was trying to send mail through my gmail and google thought that I was a spam(maybe because I was requesting too fast) I received a mail from them saying my account was access and I told them it was me. I was able to send mail without problem and it just occured now.
This is the contents of my env file.
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=talentscoutphil#gmail.com
MAIL_PASSWORD=mypasswordhere
MAIL_FROM=talentscoutphil#gmail.com
MAIL_NAME=talentscout
I researched on the internet and some answers includes enabling the "access for lesser app" and "unlocking gmail captcha" which sadly didn't work for me until I found the 2-step verification.
What I did the following was:
enable the 2-step verification to google HERE
Create App Password to be use by your system HERE
I selected Others (custom name) and clicked generate
Went to my env file in laravel and edited this
MAIL_USERNAME=talentscoutphil#gmail.com
MAIL_PASSWORD=thepasswordgenerated
Restarted my apache server and boom! It works again.
This was my solution. I created this to atleast make other people not go wasting their time researching for a possible answer.
I had the same problem, changing my gmail password fixed the issue, and also don't forget to enable less secure app on on your gmail account
i had same issue i resolve this use under
go to gmail.com
my account
and enable
Allow less secure apps: ON
it start works
I had everything fine. Less secure app option was also enabled. Still, I was getting the error. What I have done is:
Google will send you Critical security alert
Then you have to authorize that activity. ( Clicking on 'YES, THAT WAS ME' type thing )
Then you can try sending email again.
From May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
Important: This deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date.
For more information, continue to read.
https://support.google.com/accounts/answer/6010255?hl=en&visit_id=637919157823422324-2612210762&p=less-secure-apps&rd=1
This is my .env mail settings
MAIL_DRIVER=smtp
MAIL_HOST=smtp.googlemail.com
MAIL_PORT=587
MAIL_USERNAME=example#gmail.com
MAIL_PASSWORD=hello27
MAIL_ENCRYPTION=tls
i was getting thesame error as stated in the question but by using
php artisan config:cache
Everything worked fine
Gmail tends to block usage of mailing addresses which are being used in other applications as username for security reasons. Either you should create a new email address for mail purpose or you must go to the Less Secure App Access and turn on the access for less secure apps. Gmail will send you a mail for confirmation from where you can verify that those changes were made by yourself. Only then, you can use such mailing addresses for mailing purpose through applications.
There is no need to update anything in config/mail.php. just put you credential in .env with this specific key's. This is my .env file.
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=example#gmail.com
MAIL_PASSWORD=********
MAIL_ENCRYPTION=tls
I had the same issue after long time debugging and googling i have found the solution. that by enabling less secure apps. the email started working.
if your gmail is secure with 2 step verification you can't enable less secure app. so turn off 2 step verification and enable less secure app. by click here enable less secure apps on your gmail account
This single step worked for me... No 2-step verification.
As I had created a dummy account for my local development, so I was OK with this setting.
Make sure you only do this if your account contains NO personal or any critical data.
This is just another way of tackling this error and NOT secure.
I turned ON the setting to alow less secured apps to be allowed access.
Form here :
https://myaccount.google.com/lesssecureapps
I had the same problem, then I did this two steps:
Enable "Allow less secure apps" on your google account security policy.
Restart your local servers.
I encountered the same issue and solved it with no 2FA enabled ("Allow less secure apps" is still in need).
After checking Google error code list, I thought maybe there are some errors in .env.
Below settings are tested in Laravel 8 and worked:
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=username#gmail.com
MAIL_PASSWORD='your#password_here' # put the password in quotes
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=username#gmail.com
MAIL_FROM_NAME="${APP_NAME}"
Please remember that put the password in quotes. That works for me.
If your using your cpanel custom email, change your host from smtp.gmail.com to your domain name. it worked for me
As from May 30, 2022 Google has stopped the support of third-party apps or devices which ask you to signin to your Google Account using only your username and password.
To solve this,
make sure you that you have enabled 2-step verification.
Then select App paswords.
select app and device you want to generate the app password for.
on select app select mail then on device choose and name a custom device.
After that, a password will be generated for you to use. Replace your original password with the generated password. Refresh or upload your files to the server the reload.
It will work
I had this issue. first checked the credentials and username, they were all good, then restarted my server (docker stop/start) and it works now. something with cache I believe
My application is built using rails 3 and i have added the csrf_meta_tag in application.html.erb.
<%= csrf_meta_tag %>
Authenticity token is changing for different users, but the token is same in the entire session i.e its not changing for each put & post request.
Any idea how to fix this issue?
Authenticity token stays same for the entire session. it does not changes for every request as a copy of authenticity in encrypted form is mapped in with your cookies which is used to match against whether the authenticity token is valid or not
Just set session[:csrf_token]=nil if you want it to change for every request
Just cross check this I know this work but done it long back
Also just check if this link for more info
I followed the example screencast by Peter Ledbrook on using the spring security core. I set the password on my user as follows:
springSecurityService.encodePassword("password")
When I attempt to log in, it doesn't decrypt the password properly. If I change the app to not encrypt the password, it will log in perfectly.
I looked at the auto-generated Login controller and I am not seeing where it's doing the decryption of the password. Has anyone else had this problem? Is there something that I am missing to make this work?
Thanks!
As of version 1.2 the User domain class encrypts the password, so by using springSecurityService.encodePassword you're double-encoding. See the docs: http://grails-plugins.github.com/grails-spring-security-core/docs/manual/
I am trying to build a rails 3 back-end for a mobile application. However, I am new to creating rails 3 apps.
Users will need to have a session on the server, but I have no support for normal cookies, so I would need to send a session_id along with every request.
What kind of authentication system should I use in rails 3, is there a gem?
I have read that in rails 2 it was possible to set the session_id from the URL, but that this function is stripped from rails 3 due to security concerns. Is this even true? If there is a way to do this, I am very interested, despite the possible security holes.
Usually I'd use HTTP Digest authentication to solve this problem. Most of the Rails authentication plugins (such as Authlogic, probably Devise) will support HTTP Basic or Digest authentication though a plugin. In this way, you don't have to worry about expired cookies and the like.
You can also pass an api_key parameter instead of a session id.
In many cases I've used an api key as the HTTP Basic username. This gives clean URLs and session-less authentication.
The security problem you're probably referring to is Cross-Site Request Forgery. It is indeed a real problem. Its why you hide actions with side effects (create, update, destroy) behind forms with a CSRF token. Otherwise a malicious link can perform unintended actions to a site that you're already authenticated to without needing to know your credentials.
As long as your API key isn't easily discoverable by anyone in an automated fashion, the risk should be minimal.
Update
A small update: Devise no longer has authentication_token as its implementation was deemed too insecure. A good alternative is Brian Auton's suggestion.
The summary of his method is that he generates an authentication_key AND authentication_secret in a separate model. You then authenticate by sending both your key and secret, if a match is found you are temporarily signed in as a user.
In your application controller this looks like so:
class ApplicationController < ActionController::Base
before_filter :authenticate_from_token
protected
def authenticate_from_token
if current_token.try :authenticatable
sign_in token.authenticatable, store: false
end
end
def current_token
AuthenticationToken.find_authenticated({
secret: (params[:secret] || request.headers[:secret]),
secret_id: (params[:secret_id] || request.headers[:secret_id]),
})
end
end
The authenticatable of the token in this case is a User model, or any other thing that has been made authenticatable (the tokens are polymorphic). As you can see it can easily be made to work with Devise.
I like this method a lot and have implemented it in a recent API. Do read up on it on his website.
Old answer
Outdated answer, kept for reference to older versions of Devise: Devise has a 'authentication_token' column which I can use for authenticating a user. I could have a login API method which I will send a username + password too, then get the token back and store that locally to sign all my other calls with. It basically is a cookie system, but one that is directly supported by Devise.
On top of this I could re-generate the token on either every call or on every 'session'.
I have a contact page form that is setup to send an email to a Gmail account. Only problem is it won't send. I believe I have narrowed the error down to my settings inside of the initializers directory.
These are my current settings for trying to setup a standard gmail account to send mail:
Could it be that my domain setting is wrong or should I be typing in myemail#gmail.com for :user_name? This is the first time I have used ActionMailer so I don't really know what I am doing. Can somebody please help me out!? Thanks!
If you are using the development environment, change the development.rb to raise delivery errors, with
config.action_mailer.raise_delivery_errors = true
Also, the problem might be that :user_name should be the entire email address (myemail#gmail.com), that's how Gmail authenticates users.
domain does not necessarily have to be "gmail.com". You can put your own domain here is you wish.
You also need to specify :from. I found that if you deliver your email with .deliver you do not get an exception for the errors. Try .deliver! instead. With .deliver! you get details about what is wrong.