I am new to Laravel and using Laravel 7, I want to ask that, when a new user register for the first time a verification email is sent to his/her inbox and when he verifies it, must be redirected to a route like the edit profile page to complete the registration process... something like:
route('user/ . $user->id . / edit');
Im not sure if I should edit this page, if so how? because it redirects to the HOME
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\VerifiesEmails;
class VerificationController extends Controller
{
/*
|--------------------------------------------------------------------------
| Email Verification Controller
|--------------------------------------------------------------------------
|
| This controller is responsible for handling email verification for any
| user that recently registered with the application. Emails may also
| be re-sent if the user didn't receive the original email message.
|
*/
use VerifiesEmails;
/**
* Where to redirect users after verification.
*
* #var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('auth');
$this->middleware('signed')->only('verify');
$this->middleware('throttle:6,1')->only('verify', 'resend');
}
}
You can change it from app/Providers/RouteServiceProvider.php :
public const HOME = '/home';
to,
public const HOME = '/dashboard';
Then it will throw you to the /dashboard
Related
I'm using Magento 2.4.1, installed Social Login Extension and getting below error while login to Instagram, I'm using Hybrid auth libraries to login.
"error_type": "OAuthException", "code": 400, "error_message": "Invalid
scope: ['basic']"}
You can check the screenshot below,
Instagram.php
<?php
/*!
* HybridAuth
* http://hybridauth.sourceforge.net | https://github.com/hybridauth/hybridauth
* (c) 2009-2012 HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
*/
namespace Vendor\Module\Model\Providers;
/**
* Hybrid_Providers_Instagram (By Sebastian Lasse - https://github.com/sebilasse)
*/
class Instagram extends \Hybrid_Provider_Model_OAuth2
{
// default permissions
public $scope = "basic";
/**
* IDp wrappers initializer
*/
public function initialize()
{
parent::initialize();
// Provider api end-points
$this->api->api_base_url = "https://api.instagram.com/v1/";
$this->api->authorize_url = "https://api.instagram.com/oauth/authorize/";
$this->api->token_url = "https://api.instagram.com/oauth/access_token";
}
/**
* load the user profile from the IDp api client
*/
public function getUserProfile()
{
$data = $this->api->api("users/self/");
if ($data->meta->code != 200) {
throw new \Exception("User profile request failed! {$this->providerId} returned an invalid response.", 6);
}
$this->user->profile->identifier = $data->data->id;
$this->user->profile->displayName = $data->data->full_name ? $data->data->full_name : $data->data->username;
$this->user->profile->description = $data->data->bio;
$this->user->profile->photoURL = $data->data->profile_picture;
$this->user->profile->webSiteURL = $data->data->website;
$this->user->profile->username = $data->data->username;
return $this->user->profile;
}
/**
*
*/
public function getUserContacts()
{
// refresh tokens if needed
$this->refreshToken();
//
$response = array();
$contacts = array();
$profile = ((isset($this->user->profile->identifier))?($this->user->profile):($this->getUserProfile()));
try {
$response = $this->api->api("users/{$this->user->profile->identifier}/follows");
} catch (\Exception $e) {
throw new \Exception("User contacts request failed! {$this->providerId} returned an error: $e");
}
//
if (isset($response) && $response->meta->code == 200) {
foreach ($response->data as $contact) {
try {
$contactInfo = $this->api->api("users/".$contact->id);
} catch (\Exception $e) {
throw new \Exception("Contact info request failed for user {$contact->username}! {$this->providerId} returned an error: $e");
}
//
$uc = new \Hybrid_User_Contact();
//
$uc->identifier = $contact->id;
$uc->profileURL = "https://instagram.com/{$contact->username}";
$uc->webSiteURL = #$contactInfo->data->website;
$uc->photoURL = #$contact->profile_picture;
$uc->displayName = #$contact->full_name;
$uc->description = #$contactInfo->data->bio;
//$uc->email = ;
//
$contacts[] = $uc;
}
}
return $contacts;
}
}
Changing the scope "basic" to "user_profile,user_media", it shows
different error
UPDATE
This is my Redirect URI
https://127.0.0.1/magento_241/sociallogin/social/callback/?hauth.done=Instagram
I'm not sure this could be the reason it's not working but green tick
is not showing next to the Instagram Basic display as it is showing for Facebook Login.
But my app is live here it shows live,
Somehow if I managed to log in (after entering credentials) no matter
what option do I choose in the below screenshot, it displays the error Oops, an error occurred. on this URL https://www.instagram.com/oauth/authorize/?client_id=MY_CLIENT_ID&redirect_uri=http%3A%2F%2F127.0.0.1%2Fmagento_241%2Fsociallogin%2Fsocial%2Fcallback%2F%3Fhauth.done&response_type=code&scope=basic
Let me know if anyone has a solution.
The API has changed. The Url for authorization now looks different:
https://api.instagram.com/oauth/authorize?client_id=XXXXXX&redirect_uri=XXXXXX&scope=user_profile,user_media&response_type=code
Just exchange it in your request and it will work just fine.
Scope "basic" is deprecated from what I've seen. I've solved this error in Laravel by setting scopes independently from package:
return Socialite::driver('instagram')
->setScopes(['user_profile'])
->redirect();
Maybe if you remove public $scope = "basic"; it could solve your issue
While your redirect_uri might be working properly, have you made sure to add that URI to your Instagram App settings list of Valid OAuth Redirect URIs? If not, you will encounter an invalid redirect uri message.
To add this URI, go to your Facebook App's dashboard, then click on the sidebar to Basic Display:
Then, scrolling down on the right side, you will see the space for adding Valid OAuth Redirect URIs.
I am using Kue, a priority job queue backed by redis in node.js app.
I want to push a method of an instance to the queue so that it can be directly called when the queue is processed, something similar to as shown below.
This is an example from Larevel
class UserController extends Controller
{
/**
* Send a reminder e-mail to a given user.
*
* #param Request $request
* #param int $id
* #return Response
*/
public function sendReminderEmail(Request $request, $id)
{
$user = User::findOrFail($id);
$this->dispatch(new SendReminderEmail($user));
}
}
I'm a little confused as to how this can be achieved in my node app with Kue.
I have a controller function whose permission is set to ADMIN that needs to be executed form a cron job, unfortuntly calling it from php or php-cgi says that the actipn is not permitted on the controller. I've temporarily removed the ADMIN check, but it's resource intensive so it's a possible DDOS vector
You can use a custom permission check in your controller to check if the call is made from the CLI:
class FooController extends Controller {
private static $allowed_actions = array(
'mySecureAction' => '->MySecurityCheck'
);
public function mySecureAction() {
// do something here
}
/**
* if this method returns true, the action will be executed
* for more information, view the docs at: http://doc.silverstripe.org/framework/en/topics/controller#access-control
*/
public function MySecurityCheck() {
return Director::is_cli() || Permission::check('ADMIN');
}
}
Can any one help us to run the URL through java code :
we are trying to upload a file from our local drive to Gmail Drive.
Steps Followed
Generated the URL with the help of Google Developer(API)
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
httpTransport, jsonFactory, CLIENT_ID, CLIENT_SECRET, Arrays.asList(DriveScopes.DRIVE))
.setAccessType("online")
.setApprovalPrompt("auto").build();
String url = flow.newAuthorizationUrl().setRedirectUri(REDIRECT_URI).build();
Got the below URL
https://accounts.google.com/o/oauth2/auth?access_type=online&approval_prompt=auto&client_id=1066028402320.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/drive
Run the URL in the internet browser
UserID and password is given as an input in the internet browser to get the unique response token
Now as a part of our development we have completed till step 2 and want to automate the steps 3 & 4 using java code. (After
generating the URL provided with our UserdId and password we should get the response as unique token.)
Expecting your help on this
I would use the following scenario
Set up local webserver to retrieve code from user's oauth redirect
Set redirect_uri of the flow to be local webserver and get auth url
Open browser of auth url for the user
Retrieve code from local webserver and exchange oauth code
Here are some more details with code.
Set up local webserver to retrieve HTTP request
Here is an example of setting local webserver with NanoHttpd
public class OAuthServer extends NanoHTTPD {
/**
* Constructs an HTTP server on given port.
*/
public DebugServer() {
super(8080);
}
#Override
public Response serve(String uri, Method method, Map<String, String> header, Map<String, String> parms, Map<String, String> files) {
bool error = false
string code = null
// User rejected approval
if (parm.containsKey("error")) {
error = true
}
// Here we get the code!
if (parm.containsKey("code")) {
code = parm.get("code")
}
StringBuilder sb = new StringBuilder();
sb.append("<html>");
sb.append("<head><title>Authorization</title></head>");
sb.append("<body>");
if (error) {
sb.append("<h1>User rejected</h1>");
}
if (code==null) {
sb.append("<h1>Unknown Error</h1>");
}
else {
sb.append("<h1>Success</h1>");
}
sb.append("</body>");
sb.append("</html>");
return new Response(sb.toString());
}
public static void main(String[] args) {
ServerRunner.run(OAuthServer.class);
}
}
Set redirect_uri of the flow to be local webserver and get auth url
String url = flow.newAuthorizationUrl().setRedirectUri("http://localhost:8080").build();
Open browser of auth url for the user
// open the default web browser for the HTML page
Desktop.getDesktop().browse(url);
Retrieve code from local webserver and exchange oauth code
Now, user will approve OAuth from the web browser and send code to the local webserver we just started. Now that we have the code retrieved from local webserver, we can parse it into int and authenticate and authorize with it!
Hope this helps
i have been working on a simple jsf secure transport mechanism where the configured https constraints is set to confidential in web.xml.Now, what i wanted to do was to select a particular page for secure transport. i have a login page that takes me to another page.Login page takes a user name and password and should transport it over secure layer to an ejb that verifies its authenticity before it displays the requested page.Now when i use a url pattern like /faces/pageToView.xhtml for the requested page in web.xml, i get a funny behaviour i dont really understand.First, when i login, my pageToView.xhtml displays without the https and when i click to go to another pageToView2.xhtml my first pageToView.xhtml redisplays with https. Not only that all other pages i navigate to displays https even though i had not configure them for secure transport. I need to know the right way to configure secure transport behaviour for a particular page. Thanks in advance.
The way it seems to be is that when you go to https, and you're generally going to do this on the login page, you stay on https. It seemed to me to be a big overhead for an application with limited security requirements but on looking into it the consensus is that the big risk is session hijacking. So if you had 2 secure pages login & shopping and all the other pages don't use ssl they'll be sending the session cookie over the air/wire in the clear and the cookie could be sniffed.
I think that if you have an apache web server fronting your application server you have a lot more options such as using https between the client browser and apache for certain pages, but using http between apache and the app server. I'm fairly sure that you can do this but I'm no expert and haven't tried it.
When I was looking into this some time ago I came across this filter written by one of the Glassfish team which is supposed to downshift from https - http. My recollection is that having downshifted everything just stopped working, when used in conjunction with container security.
With a few tweaks you could adapt this to your environment, in this example the main.xhtml file is the welcome-file from web.xml, the idea being that this would be the page loaded on successful login so the earliest point at which to downshift from https - http. You'd need to uncomment #WebServlet, use your own logging in place of Log.log() and check any url/pathnames.
Before spending any time on this please remember that I could never get this to work and the the recommendation is to take the hit and use https all the time.
package uk.co.sportquest.jsfbeans.helper;
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright 1997-2008 Sun Microsystems, Inc. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU General
* Public License Version 2 only ("GPL") or the Common Development and
* Distribution License("CDDL") (collectively, the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy of the
* License at https://glassfish.dev.java.net/public/CDDL+GPL.html or
* glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
* Sun designates this particular file as subject to the "Classpath" exception
* as provided by Sun in the GPL Version 2 section of the License file that
* accompanied this code. If applicable, add the following below the License
* Header, with the fields enclosed by brackets [] replaced by your own
* identifying information: "Portions Copyrighted [year] [name of copyright
* owner]"
*
* Contributor(s):
*
* If you wish your version of this file to be governed by only the CDDL or only
* the GPL Version 2, indicate your decision by adding "[Contributor] elects to
* include this software in this distribution under the [CDDL or GPL Version 2]
* license." If you don't indicate a single choice of license, a recipient has
* the option to distribute your version of this file under either the CDDL, the
* GPL Version 2 or to extend the choice of license to its licensees as provided
* above. However, if you add GPL Version 2 code and therefore, elected the GPL
* Version 2 license, then the option applies only if the new code is made
* subject to such option by the copyright holder.
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.util.logging.Logger;
import javax.faces.context.FacesContext;
import javax.security.jacc.*;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.*;
import uk.co.sportquest.general.Log;
/**
* Filter that downshifts from https to http if the given request came in over
* https, but the target resource does not require any confidentiality
* protection.
*
* #author jluehe
* #author monzillo
*/
//#WebFilter(filterName = "CacheFilterStatic", urlPatterns = {"/faces/secure/main.xhtml"},
// dispatcherTypes = {DispatcherType.FORWARD, DispatcherType.ERROR, DispatcherType.REQUEST, DispatcherType.INCLUDE})
public class MyFilter implements Filter {
private static final CodeSource cs =
new CodeSource(null, (java.security.cert.Certificate[]) null);
private static final ProtectionDomain pd =
new ProtectionDomain(cs, null, null, null);
// private static final Policy policy = Policy.getPolicy();
private static final Policy policy = Policy.getPolicy();
private static final String httpPort = "8080";
#Override
public void init(javax.servlet.FilterConfig filterConfig)
throws ServletException {
//httpPort = filterConfig.getInitParameter("httpPort");
}
#Override
#SuppressWarnings("static-access")
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain filterChain)
throws IOException, ServletException {
if (req.isSecure()) {
HttpServletRequest httpReq = (HttpServletRequest) req;
Permission p = new WebUserDataPermission(httpReq);
p = new WebUserDataPermission(p.getName(), httpReq.getMethod());
//SQLog.log("Filter: " + httpReq.getRequestURI());
boolean isTransportProtected = policy.implies(pd, p) ? false : true;
Log.log();
if (!isTransportProtected) {
// Downshift from https to http, by redirecting to the
// target resource using http
String redirectUrl = "http://" + req.getServerName() + ":"
+ httpPort + httpReq.getRequestURI();
String queryString = httpReq.getQueryString();
if (queryString != null) {
redirectUrl += "?" + queryString;
}
//redirectUrl = "http://localhost:8080/SportQuest/faces/secure/main.xhtml";
Log.log("url: " + redirectUrl);
((HttpServletResponse) res).sendRedirect(redirectUrl);
} else {
// Perform normal request processing
Log.log("normal");
filterChain.doFilter(req, res);
}
} else {
// Perform normal request processing
Log.log("even more normal");
filterChain.doFilter(req, res);
}
}
#Override
public void destroy() {
// Do nothing
}
}