Tag "authentication" tricks

Simple ACL laravel 5.2 Providers->AuthServiceProvider Register any application authentication / authorization services.

Bumped into a problem while trying to authorize user against laravel basic auth middleware when testing a REST API through phpunit. I used phpunit call method to send a POST request to API's endpoint which needed users basic HTTP authentication. Every time, laravels basic auth middleware rejected it and I had no idea why, since I've sent proper HTTP Authorization header with phpunit call. Here is the solution ! Or watch it in a video https://www.youtube.com/watch?v=LCrt7jqDsgU Read more on http://laravel.io/forum/03-20-2014-authbasic-fails

gmail sending using smtp in laravel

Testing an action with a session.

Session time out for logged in user (middleware way) for prevent dashboard or ... access after specify time. if we use this middleware in route groups, it will be run on every request under route group. with this code we do not need to change php.ini file or laravel session config file and default settings are appropriate. Do not forget to register middleware in app\Http\Kernel : 'timeout' => 'App\Http\Middleware\SessionTimeout', Other notices: 1- we can use middleware paramaters in laravel 5.1 for custom conditions. 2- we must redirect user back (after session timeout and log out ), to prevent user navigate to come back. 3- we must show a message to user (after session timeout and log out), that you logged out after [20] minutes that you were not active. Our Persian web app for time management is: https://timenix.com If you have a better idea please comment it. ♥

This is not how I write code on a daily basis, I brought everything to one place JUST OF THE PURPOS OF demonstrating how this stuff work. And in this example they do work:

Temporarily log in as another user, but switch back to the original user at any time. Inspired by the User Switching plugin for WordPress. I use this for testing data being shown based on user role.

Hello what if your application when it is logout then you intentionally hit the back button on your web browser, what happened? your application will be returned to the original page, which should be redirected to the login page. Here I share a simple trick, put on a filters.php

Starting from 4.1.28, Application::boot() does not initialize sensitive session data anymore. That is, it is accessible, but encrypted. So if you're integrating 3rd party library, which needs external authentification check through sessions, simple checking Auth::check() will not work. However, we can still use old $_SESSION variable. Examples of 3rd party libraries: CkFinder, elFinder (has Laravel package though), MoxieManager. N.B. If you can use Ajax calls for authorization checks, you can still make a custom API with JSON request to user-logged (as an example) to see if user is authentificated.