zizaco / confide Goto Github PK

If a user attempts to access a URL that requires authentication (e.g. /account/settings) when they are not logged in, we currently redirect them to the login page (/user/login). But we could redirect to them to the login page and add a GET parameter containing the URL they were trying to access (/user/login?r=/account/settings). Then if this parameter exists on the login page, Confide can send them straight to the URL that they were originally trying to access after they log in. This improves usability.

(There are two parts to this. 1.) To have Laravel's auth filter redirect to login?r=/path/to/desired/url (this part I'll be taking a look at, but anyone else can take a stab at it too) and 2.) The Confide portion which actually uses the $_GET['r'] parameter, if it exists, to override the default destination URL that we send them to upon successful login. (This is the part that this ticket is about.)

If a user visits the login form while already authenticated, redirect them to the destination URL (i.e. wherever we normally redirect them upon successful login.) This is the same behavior Github uses on their login page, as an example.

(p.s. I'm evaluating and implementing Confide. I think it's Laravel's best contender as a 'canonical' base login package. So I will probably have a number of suggestions. Feel free to shoot any down. :)

Hi Zizaco,
Love your packages Confide and Entrust.
I see you've been using navruzm/lmongo.
Is it possible to make a fork of Confide and Entrust that would inherit from LMongo and be usable in projects using LMongo connection to DB?

I've reproduced this bug with the most basic settings: newly cloned lastest laravel 4 and only Confide installed. The view doesn't show notice message after successful sign up, or error messages if the inputs are incorrect. It's like Session doesn't work, but I'm not sure.

Also, Confide::user() returns null after navigate away from the first view returned after successful login, not sure if this is related to the above issue. (If I call Auth::login(Confide::user(), true) explicitly in login action, then it still works in the second view. I also put Auth::logout() in logout action of Confide's UserController.)

I'm not sure if this is related to L4 update today (because I didn't try it before today) but when I try and use the Forgot Password link it sends the email just fine but when I use the link that is emailed to me to reset the password there is a problem. It looks like the token isn't making it into the controller. Here is a screenie.

I was implementing this to work with the build in reminder functionality but it was too strict. I coudn't even pass the username to the email view to show "Hi {{ $username }} ...".

I didn't see much pros in using the build in reminder thing. I'm gonna implement a new one, build in top of what we already have, maybe just use the table generated by $ php artisan auth:reminders.

Possibly on create check that the username and email have not been registered by a previous user. At the moment the same username and email can be used over and over.

Add rules:
unique:users,username
unique:users,email

Regards,
Ray

There are errors with php 5.3.0 support even if it says it will work with php 5.3.0.
Like Array dereference in line 19 signup.blade.php

sorry im new to github and im not sure im doing this the right way.

thank you.

Not sure if this is due to a L4 update but there are several places (such as action destinations for forms) in Confide that look for specific routes in the UserController class and if they don't exist I think the idea is that they default to a restful version of the route.

This may have originally returned false if the UserController function didn't exist so therefore implemented the alternative resftul controller but now L4 is returning an exceptions if you call URL::Action('[methodname]') on a methodname that doesn't exist.

Example:

{{{ (URL::action('UserController@reset_password', array($token))) ? : URL::to('user/reset/'.$token)  }}}

if 'reset_password()' doesn't exist in UserController, an exception is thrown, rather then default to the other route in the conditional expression.

Hello Zizaco:
Ardent has it's own github page now. The gihub page is using the latest version of the documentation. (I'll update the README file soon)
It'd be nice if you could update these links in your documentation:
http://laravelbook.github.com/ardent
http://laravelbook.github.com/ardent/#validation

Keep up the good work!

From Laravel forum:

Nate: "I get this error when I try to register a new user:
FatalErrorException: Error: Using $this when not in object context in /Users/nate/Sites/rtp.local/vendor/zizaco/confide/src/Zizaco/Confide/ConfideUser.php line 264
The registration works ( I can see the user in the DB ) but the confirmation e-mail doesn't dispatch."

FatalErrorException: Error: Using $this when not in object context in vendor/zizaco/confide/src/Zizaco/Confide/ConfideUser.php line 268

I have followed the installation guide, changed the templates in the config.php to use my own templates, which simply call extends on a layout, and then in a section call include for confide::signup

I'm using a custom User table and there's no way to change the name of the password column (my legacy table uses passwd)

Right now I had to change Zizaco\Confide\Confide.php line 104 to use

$user->passwd instead of $user->password

There should be a configuration entry somewhere so the developers can change the name of the password field.

Password-reset currently fails because of unique:users validation rules on email.

The fix for #72 is incomplete because resetPassword() still use the old save. I think it should be changed to use the new amend method.

Hi, Thanks for confide, glad there's something to start with and not have to code from scratch.

Sign up Process could do with a couple of Improvements

Validation checks
Validation Error Messages displayed on signup.blade.php

I'd like to know if there is a way to offer my updates to your code, not sure how. Guess; do I fork it, then update my side, then push to my fork of this project? Is that right process?

I'm getting this error after logging in (I was testing attempting logging in before confirming the account using the link in the email)

ErrorException: Notice: Undefined index: username in vendor/zizaco/confide/src/Zizaco/Confide/Confide.php line 108

See #35 for the thread that spawned this.

Thanks @j20

Just did a fresh install of laravel4 and confide, and set it up using restful controller.
When i try to create a new user i just get a "The requested URL /user was not found on this server.". The url it redirected to was "http://localhost/user" instead of "http://localhost/l4/user" as it should be.

Pretty new to both laravel4 and confide, so not sure where to look into this problem xD

Edit:
Found this file: "/vendor/zizaco/confide/src/views/signup.blade.php",and changed '/user' to URL::to('user'). Not sure if that's the way to fix it, but now it works for me at least :)

The UserController.php file opens with <?php which causes an error: "Whoops. Looks like something went wrong... ReflectionException: Class UserController does not exist". By manually changing this to <?php the page loads properly.

Similarly, the migration file also opens with <?php, but that seems to work fine as the table is created. The downside though is that syntax highlighting in Sublime doesn't work when a file is opened this way b/c Sublime doesn't think it's in a PHP block. So here it doesn't cause an error, but would still probably be preferable to output <?php, if possible.

It would be great if we could use only email for registration and login. Username is redundant for many applications using unique emails.

I get this error:
"ErrorException: Runtime Notice: Non-static method Zizaco\Confide\Confide::logAttempt() should not be called statically",
when running this in my Controller (just testing it at the moment).

$input = array('email'=>'[email protected]', 'password'=>'1234');
if(Confide::logAttempt($input)){
echo "Enter user!";
}
Is there something i've missed, in setting-up?
Thanks.

It would be great if Confide would check for either an existing username or email so you don't end up with registration containing the same information.

P.S. We're loving this extension. It's really helped us get up and going.

All that needs to happen is a unique:users rule needs to be added to the username and email rules.

on line 49:
'body' => 'Please access the link bellow to confirm your account.',
I guess it should read:
'body' => 'Please access the link below to confirm your account.',
(duplicate "l")

the session is database and the following code returns Confide::user() as null

Confide::logAttempt(['email' => $user['email'], 'password' => $user['password']]);
Confide::logout();
Confide::logAttempt(['email' => $user['email'], 'password' => $user['password']]);
Confide::user(); //this returns null

Hey Zizaco, This is what I came up for part 1 of the $_GET['r'] redirect, if it's something you wanted to add to Confide's docs:

Route::filter('auth', function()
{
    if (Auth::guest())
    {
        $uri = strip_tags($_SERVER['REQUEST_URI']);

        $uri = ltrim($uri, '/');

        return Redirect::to('login?r='.urlencode($uri));
    }
});

The ltrim() is necessary because Laravel's Redirect::to() doesn't currently allow the path parameter to begin with a leading slash, though I've submitted a pull request laravel/framework#395 that would fix that. If it's merged in, then the ltrim() could be removed from here.

I actually like to clean up the path a little too when I use this. Just so the URL just looks a bit friendlier to users.

Route::filter('auth', function()
{
    if (Auth::guest())
    {
        $uri = strip_tags($_SERVER['REQUEST_URI']);

        $uri = ltrim($uri, '/');

        // Clean up the path (replaces encoded slashes with slashes)
        $uri = str_replace('%2F', '/', $uri);

        return Redirect::to('login?r='.$uri);
    }
});

For many sites, developers will want to redirect the user to a certain URL by default upon successful login--e.g. to /account, /member, etc.

I know I can change this easily within the controller, but given that Confide has a configuration file, maybe it would make sense to add this as a configuration option. I think pretty much every developer will need to set this. I wonder if it'd be easier to maintain or update Confide while maintaining the unique changes if this were in a config option. What do you think?

I removed username on line 108 in confide.php to be able to login again.
But when trying to login it just sends me back to the login page with no message.

Before upgrading everything worked perfect (I also removed username according issue #34).

In Zizaco/Confide/Confide.php in line 5 there is:

use ObjectProvier;

should be

use ObjectProvider;

Setting user in unit test doesn't work properly. It's kind of work as it can make Laravel redirect to another route if the user's logged in. But if there's any logic concerning User model inside the controller's action, it is like the user's not logged in at all. Also, var_dump($user->username) in the test method returns null.

I tried using the Laravel's original User model, and var_dump($user->username) works fine, so it must be Confide's or Ardent's bug.

The current system uses user/* by default for all its actions. In some cases (like mine) the "/user/..." URL is already reserved for the user's profile. In order for Confide to work on a different URL, manual changes have to be done to the controller.

Perhaps this can be optimized some more?

Confide is currently willing to create duplicate users with the same username and/or email address.

This had been previously addressed here, but the changes made in that commit were reverted in 5e75221

After successful login it redirects back to the login page, while credentials are correct and var_dump show my user data.

I tried to look for the problem but I can't seem to find it, I guess the session does not get set?? I'm currently investigating further~

Below the snippets:

//Routes.php
Route::get( 'backend/login', 'Backend\\UserController@login');
Route::post('backend/login', 'Backend\\UserController@postLogin');

Route::group(array('prefix' => 'backend', 'before' => 'auth'), function()
{
    Route::resource('taxonomy', 'Backend\\TaxonomyController');
}

//Filter.php
Route::filter('auth', function()
{
    if (Auth::guest())
    {   
        Session::put('loginRedirect', Request::url());
    return Redirect::to('backend/login');
    }
});

//UserController.php re-generated using php artisan confide:controller
public function postLogin()
    {
        $input = array(
            'email'    => Input::get( 'email' ), // May be the username too
            'username' => Input::get( 'email' ), // so we have to pass both
            'password' => Input::get( 'password' ),
            'remember' => Input::get( 'remember' ),
        );

        // If you wish to only allow login from confirmed users, call logAttempt
        // with the second parameter as true.
        // logAttempt will check if the 'email' perhaps is the username.
    var_dump(Confide::user()); // This is null, as expected

        if ( Confide::logAttempt( $input ) ) 
        {
            // If the session 'loginRedirect' is set, then redirect
            // to that route. Otherwise redirect to '/'
            $r = Session::get('loginRedirect');
            if (!empty($r))
            {
                Session::forget('loginRedirect');
                return Redirect::to($r);
            }
            var_dump(Confide::user()); //Contains my user data, as expected
       die();
            return Redirect::to('/backend/taxonomy'); // change it to '/admin', '/dashboard' or something
        }
        else
        {
            // Check if there was too many login attempts
            if( Confide::isThrottled( $input ) )
            {
                $err_msg = Lang::get('confide::confide.alerts.too_many_attempts');
            }
            else
            {
                $err_msg = Lang::get('confide::confide.alerts.wrong_credentials');
            }

                        return Redirect::action('UserController@login')
                            ->withInput(Input::except('password'))
                ->with( 'error', $err_msg );
        }
    }

I am newer to composer so forgive this question but how can I modify src/config/config.php without losing changes when updating. What is the proper method of managing these files when you gitignore the vendor directory?

Installed with composer

php artisan confide:migration

PHP Parse error: syntax error, unexpected '[', expecting ')' in /home/dsl/vendor/zizaco/confide/src/commands/ControllerCommand.php on line 86

@andrew13 suggestion, see #19

The docs should be updated to include the function. Also travis build is failing because if the Url: action failure. Need to update the test.

Ardent's autohashing of password really screws things up if you later add a form to update aspects of a user's profile.

For example, let's say we create a form to let a user update their profile: name, company name, & email. To do this with Eloquent/Ardent, we first get the current user object (e.g. $user = User::find(Auth::user()->id);) then we set the fields that we're updating and that have been POSTed (e.g. $user->company = Input::get('company'); plus their name and email fields), then we save (e.g. $user->save();). The new fields will be saved...

But the problem here is that the Ardent also autohashes the already-hashed password and will update its value as well (because what Eloquent is really doing with an update is getting all the column values and then saving all the values again when it does an update), the result being that a user's password is rehashed, even though we didn't alter it, and users can't log in.

To fix this, we can remove these couple lines of code: https://github.com/j20/confide/compare/master And then we need to add Hash::make() where necessary within ConfideUser.php. I don't have time to do the second part today, but can take a look at it soon.

Upon submitting the form to create a new user (/user/create), the following fatal error is returned:

    Exception: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'password_confirmation' in 'field list' (SQL: insert into `users` (`username`, `email`, `password`, `password_confirmation`, `updated_at`, `created_at`) values (?, ?, ?, ?, ?, ?))

and no new user is added to the database.

Using normal Eloquent create static method not working (or at least for me.)

I cloned andrew13 / Laravel-4-Bootstrap-Starter-Site to test upon it after finding that it's not working on my latest laravel 4 installation.

For example in app/routes.php I added the following for demonstration purposes:

Route::get('1', function(){
    if( $user = User::create(array(
            'username'      => 'jonathan',
            'email'         => '[email protected]',
            'password'      => 'admin',
        ))) {
        return $user;
    }else {
        return 'error';
    }
});

Returns confirmation code in a json object, Checking the database nothing is created there.

{"confirmation_code":"fbe3877b06094207a292cf0c71b7feab"}

While the find method is working normally:

User::find(1);

Thank You :)

When a user tries to login to an account that has not yet been confirmed, there currently isn't a way to display to the user that they still need to confirm the account.

Propose there is a confirmed() method for the Confide class so when checking why login failed, you can tell if it's because the account is yet to be confirmed.

I think there's an issue with the user model and L4 Beta 2. laravel/framework#228

I'm getting the error Error: Class 'Illuminate\Auth\ReminderServiceProvider' not found

After upgrading (via composer & manualy) +-5 min ago, the username bug is still there.

I am thinking you should not even get to the reset form with an invalid token, check for valid token and just redirect to login with expired/invalid link messaging. Also it would be nice if the password reset action removed the 'password_reminders' records or at least zero out the token value so the link is no longer valid after one use.

I'm thinking the Closure type hints in ConfideUser.php should have a \ preceeding to make it load the php closure class?

I'm getting this error because of this:

ReflectionException: Class Zizaco\Confide\Closure does not exist

I think this is because you use a namespace in ConfideUser.php and it's trying to load Closure from that namespace

Fresh Laravel 4 install, cloned repository from develop 30 minutes ago. Followed all installation steps. composer update and other processes executed. Receiving the following error after completing the installation process and attempting to submit form on /user/create:

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'password_confirmation' in 'field list' (SQL: insert into `users` (`username`, `email`, `password`, `password_confirmation`, `updated_at`, `created_at`) values (?, ?, ?, ?, ?, ?))

I see this has happened before: #10 . As stated though, I'm using a brand new Laravel install (I made a new install specifically to test this error and verify it is not on my side).

php -v PHP 5.4.7

Since I have some requirements on styling/integrating the forms I am using Confide slightly different.

Controller:

public function getRegister()
    {
        $this->layout->nest('content', 'auth.register');
    }

Blade template:

@include('shared.notifications')
@section('content')
<!-- Lots of custom stuff here -->
{{{ Confide::makeSignupForm()->render() }}}
<!-- Lots of custom stuff here -->
@stop

Executing this takes ages for the browser to complete and at one point it stops execution complaining it exceeded 30s.

It renders everything up and to the makeSignupForm bit. If I take it out, the page loads fine. Something in Confide appears to be causing an infinite loop.

See this forum post: http://forums.laravel.io/viewtopic.php?id=4658&p=3#p39171

app/lang/packages/zizaco/confide/it/confide.php

Does not work.

I have just installed Laravel 4 with confide. None of the confide portions are rendering. All the html is escaped. For example
{{ Confide::makeLoginForm()->render() }}

produced this (snippet) in the view:

Hi Guys i'm having an issue with confide first when i click on forgot password it sends an email correctly, but when i click on the link and try to reset the password the page errors and tells me that the user/reset/ is missing the token. I fixed that, but it says that i need to try again that i have an incorrect password even though i'm trying to reset it. Also in the password_reminders table there is no index column is that supposed to be like that?

Thanks!