lundi 15 février 2016

Laravel 5.1 random logins to application

for some reason some people get loggedin to a random user in the users table in my Laravel 5.1 application.

I can't figure out what it is. Tried all Session drivers. Currently I'm on the database session drive, because I can easily clear it then.

When it occurs by someone, the website owner contacts me, but I can't reproduce it myself. When I get the sign it happened again I clear the Session table in the database and run php artisan auth:clear-resets on the server.

Most visitors that are loggedin already, are visiting the website for the first time. It happened on both Windows and Osx, and in Chrome and IE as far as I know about.

I use http://ift.tt/1kNinWg - thought that was the problem, but people also get loggedin as users that didnt' register via SocialMedia.

Probably there is something wrong in my Authentication code.. But what? I rewrote the Login-part, but that looks fine as far I can see.

Route::get('auth/login', 'Auth\AuthController@getLogin');
Route::get('auth/logout', 'Auth\AuthController@getLogout');
Route::get('auth/register', 'Auth\AuthController@getRegister');
Route::post('auth/authenticate', 'Auth\AuthController@authenticateLogin');
Route::post('auth/register', 'Auth\AuthController@postRegister');
Route::post('auth/email', 'Auth\AuthController@emailChecker');
Route::get('auth/{socialite}', 'Auth\AuthController@redirectToProvider');
Route::get('auth/{socialite}/callback', 'Auth\AuthController@handleProviderCallback');

The AuthController:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

use App\User;
use App\Social;

use Auth;
use Socialite;
use Validator;

use Carbon\Carbon;

class AuthController extends Controller
{
    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    protected $redirectPath = '/dashboard';

    /**
     * Create a new authentication controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest', ['except' => ['getLogout']]);
    }

    /**
     * Redirect the user to the Socialite authentication page.
     *
     * @return Response
     */
    public function redirectToProvider(\Illuminate\Http\Request $request, $socialite)
    {
]       return Socialite::driver($socialite)->redirect();
    }

    /**
     * Obtain the user information from Socialite.
     *
     * @return Response
     */
    public function handleProviderCallback($socialite)
    {
        $user = Socialite::driver($socialite)->user();
        $authUser = $this->findOrCreateUser($user, $socialite);

        Auth::login($authUser, true);

        return redirect()->intended('dashboard');
    }

    private function findOrCreateUser($provider, $socialite)
    {
        if ($authUser = Social::whereSecret($provider->id)->first()) {
            return User::findOrFail($authUser->user_id);
        }

        if($user = User::whereEmail($provider->email)->first())
        {
            $user = $user;
        }
        else
        {
            $user = User::create([
                'name' => @$provider->name,
                'email' => $provider->email,
                'password' => bcrypt(md5($provider->id)),
            ]);
        }

        $social = Social::create([
            'user_id' => $user->id,
            'secret' => $provider->id,
            'provider' => $socialite,
        ]);

        return $user;
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'email' => 'required|email|unique:users',
            'password' => 'required|min:8',
        ]);
    }

    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return User
     */
    protected function create(array $data)
    {
        return User::create($data);
    }

    /**
     * Handle an authentication attempt.
     *
     * @return Response
     */
    public function authenticateLogin(\Illuminate\Http\Request $request)
    {
        $this->validate($request, [
            'email' => 'required|email',
            'password' => 'required',
        ]);
        if(User::whereEmail($request->get('email'))->firstOrFail())
        {
            if (Auth::attempt(['email' => $request->get('email'), 'password' => $request->get('password')], @$request->get('remember')))
            {
                return route('dashboard');
            }
            return abort(403);
        }
    }

    public function updateLastLogin(User $ser)
    {
        $user = auth()->user();
        $user->last_login = Carbon::now();
        $user->save();
    }

}

And I have a listener in the eventsServicePrvider that does no harm I guess:

protected $listen = [
        'auth.login' => ['\App\Http\Controllers\Auth\AuthController@updateLastLogin'],
    ];

Anyone seeing the bug? Or tips how to debug this? I can't figure out how it can happen..



via Chebli Mohamed
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire