Get the CSRF token in test - testing

I'm writing functional test and i need to make ajax post request. "The CSRF token is invalid. Please try to resubmit the form". How can i get the token in my functional test ?
$crawler = $this->client->request(
'POST',
$url,
array(
'element_add' => array(
'_token' => '????',
'name' => 'bla',
)
),
array(),
array('HTTP_X-Requested-With' => 'XMLHttpRequest')
);

CSRF token generator is normal symfony 2 service. You can get service and generate token yourself. For example:
$csrfToken = $client->getContainer()->get('form.csrf_provider')->generateCsrfToken('registration');
$crawler = $client->request('POST', '/ajax/register', array(
'fos_user_registration_form' => array(
'_token' => $csrfToken,
'username' => 'samplelogin',
'email' => 'sample#fake.pl',
'plainPassword' => array(
'first' => 'somepass',
'second' => 'somepass',
),
'name' => 'sampleuser',
'type' => 'DSWP',
),
));
The generateCsrfToken gets one important parameter intention which should be the same in the test and in the form otherwise it fails.

After a long search (i've found nothing in doc and on the net about how to retrieve csrf token) i found a way:
$extract = $this->crawler->filter('input[name="element_add[_token]"]')
->extract(array('value'));
$csrf_token = $extract[0];
Extract the token from response before make the request.

In symfony 3, in your WebTestCase, you need to get the CSRF token:
$csrfToken = $client->getContainer()->get('security.csrf.token_manager')->getToken($csrfTokenId);
To get the $csrfTokenId, the best way would be to force it in the options of your FormType ():
class TaskType extends AbstractType
{
// ...
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults(array(
'csrf_token_id' => 'task_item',
));
}
// ...
}
So in this case: $csrfTokenId = "task_item";. Or you you can try to use the default value, that would be the name of your form.
Then use it as a post parameter:
$client->request(
'POST',
'/url',
[
'formName' => [
'field' => 'value',
'field2' => 'value2',
'_token' => $csrfToken
]
]
);

Just in case someone stumble on this, in symfony 5 you get the token this way:
$client->getContainer()->get('security.csrf.token_manager')->getToken('token-id')->getValue();
where 'token-id' is the id that you used in the configureOptions method in your form type, which would look something like this:
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults([
"data_class" => Foo::class,
"csrf_protection" => true,
"csrf_field_name" => "field_name", //form field name where token will be placed. If left empty, this will default to _token
"csrf_token_id" => "token-id", //This is the token id you must use to get the token value in your test
]);
}
Then you just put the token in the request as a normal field.

Related

How to call an API using raw input using Guzzle

I have an API which is working well with Postman but upon trying to call it in code, I get errors. See below
In Postman
Below is how I am calling the API in code:
In Code
public function pay_bill(Request $request){
$client = new Client(); //GuzzleHttp\Client
$username = 'xxxx';
$password = 'xxx#2020*';
$credentials = base64_encode("$username:$password");
$transaction_id = intval($request->input('transaction_id'));
$amount = (int)$request->input('amount');
$bill_number = (int)$request->input('bill_number');
$return_url = $request->input('return_url');
$response = $client->post('https://gatewaytest.e.com:5000/gateway/initialize', [
'headers' => [
'Accept' => 'application/json',
'Authorization' => 'Basic ' . $credentials,
'X-API-KEY' => '7c4a8d09ca3762af61e59520943dc26494f8941b',
],
'form_params' => [
'transaction_id' => $transaction_id,
'total_amount' => $amount,
'bills' => ["bill_ref" => $bill_number, "amount" => $amount],
'return_url'=> $return_url
],
'verify' => true
]);
$transaction_data = $response->getBody();
return $transaction_data;
}
What am I doing wrong? How do I send body as raw like is done in postman? I imagine the problem could be due to using form_params
I finally found the solution as shown below:
'bills' => [["bill_ref" => $bill_number, "amount" => $amount]]

API post request not reaching the application

i'm new to laravel and i'm facing a painful problem.
I'm using Crinsane/LaravelShoppingcart in my ecommerce api and i'm trying to send a post request with axios in vuejs that adds a product to the cart by sending the product id and the quantity. The problem is the id and quantity are not reaching the application although i'm pretty sure i specified the correct route link in axios and i'm getting "No query results for model [App\Product]." which i assume means that the controller function that handles the request is working but the id is not being sent/transformed to the resource collection. I don't know if the problem is with the package i'm using or the code or something else.
this is axios request
addCart(item) {
axios
.post('/api/cart/add', item)
.then(response => (response.data.data))
.catch(error => console.log(error.response.data))
this is the route :
Route::post('cart/add', [
'uses' => 'ShoppingController#store',
'as' => 'cart.add'
]);
this is the cart collection
public function toArray($request)
{
return [
'id' => $this->id,
'qty' => $this->qty
];
}
this is the controller
public function store(){
$pdt = Product::findOrFail(request()->id);
$cart = Cart::add([
'id' => $pdt->id,
'name' => $pdt->name,
'qty' => request()->qty,
'price' => $pdt->price
]);
and this is the product model
class Product extends Model
{
protected $fillable = [
'name', 'description', 'image', 'category', 'quantity', 'price', 'sold','remaining','rating', 'bestSelling', 'featured'
];
}
Thank you in advance
The problem seems to be in your controller.
From the docs:
To obtain an instance of the current HTTP request via dependency injection, you should type-hint the Illuminate\Http\Request class on your controller method.
Try this:
public function store(Request, $request){
// Make sure the 'id' exists in the request
if ($request->get('id')) {
$pdt = Product::find($request->get('id'));
if ($request->get('qty')) {
$qty = $request->get('qty')
}
$cart = Cart::add([
'id' => $pdt->id,
'name' => $pdt->name,
'qty' => $qty,
'price' => $pdt->price
]);
}
Then, at the top of your controller, add:
use Illuminate\Http\Request;
So i found that it needed a json object to work and i had to put this code at the end of the store method :
return response()->json(['cart' => $cart], 201);

Laravel 5.6 - creation user not working

my application used to working well with registration user but now it dont.
here a portion of my model User
protected $fillable = [
'prenom', 'nom', 'email','photo_path','password',
];
here my validation function :
protected function validator(array $data)
{
return Validator::make($data, [
'prenom' => 'required|string|max:255',
'nom' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'photo_path' => 'required|image|mimes:jpeg,png,jpg,gif,svg|max:10000',
'password' => 'required|string|min:6|confirmed',
]);
}
here my create function :
protected function create(array $data)
{
dd($data);
$photoInput = request('photo_path');
$userPhotoPath='users';
$storagePhotoPath = Storage::disk('images')->put($userPhotoPath, $photoInput);
return User::create([
'prenom' => $data['prenom'],
'nom' => $data['nom'],
'email' => $data['email'],
'photo_path' => $storagePhotoPath,
'password' => Hash::make($data['password']),
]);
}
- POST request working ( return 302 ) but return back with input value
- Auth Route are declared in web.php
- Validation working well
but the php interpretor didnt get inside create function...
i just see in debugbar that information :
The given data was invalid./home/e7250/Laravel/ManageMyWorkLife/vendor/laravel/framework/src/Illuminate/Validation/Validator.php#306Illuminate\Validation\ValidationException
public function validate()
{
if ($this->fails()) {
throw new ValidationException($this);
}
$data = collect($this->getData())
but my validation working because i have error message near my InputTexte.
so i dont understand that error message ...
Do you have any clue ?
Well, you need to remove the dd(); function before you run something. Other wise it will end the execution of all other operations.
Check if your User Model has a constructor, if so remove it and check if the problem still accours. This fixed it for me.

How to add a list using (api sendgrid) cakephp

I'm trying to make requests in external Web Services with Cake HttpSocket, I'm trying to create a new list I'm getting an error from api sendgrid
[body] => {"errors":[{"message":"request body is invalid"}]}
public function addemail() {
$HttpSocket = new HttpSocket();
$lista = array('name' => 'Teste');
$retorno = $HttpSocket->post('https://api.sendgrid.com/v3/contactdb/lists', $lista,
array(
'header' => array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer SG.XXXXXXXXX'
)
));
if ($retorno->isOk()) {
debug($retorno->body());
}
}
what is wrong? in the sendgrid documentation says that the body should be this way
{
"name": "listname"
}
You need to json encode the array like so:
$lista = json_encode(array('name' => 'Teste'));

Laravel 5 HTTP/Requests - pass url parameter to the rules() method

I'm trying to create a set of rules under the new \HTTP\Requests\UpdateArticle class for the slug field, which needs to have unique filter applied, but only when the id is not equal the url parameter of the route name article/{article}.
What I got so far is:
public function rules()
{
return [
'title' => 'required|min:3',
'excerpt' => 'required',
'body' => 'required',
'slug' => 'required|unique:articles,slug,?',
'active' => 'required',
'published_at' => 'required|date'
];
}
I need to replace the question mark at the end of the unique filter for slug field with the id from the url, but don't know how to obtain it.
To get URL parameters from the URL:
$this->route('id');
A great discussion on this were also asked here.
You can retrieve route parameters by name with input():
$id = Route::input('id');
return [
// ...
'slug' => 'required|unique:articles,id,' . $id,
// ...
];
It's right there in the docs (scroll down to Accessing A Route Parameter Value)