How to set and retrieve cookie in laravel 5.2 - cookies

I am using laravel 5.2 and I have to create keep me logged in functionality.
I have used below code to set cookie:
$response->withCookie(cookie('email', $request['email'], 60));
for this I have included below namespace:
use Cookie;
After setting cookie I printed response and get something like below:
Response {#1028
+original: ""
+exception: null
+headers: ResponseHeaderBag {#1029
#computedCacheControl: array:1 [
"no-cache" => true
]
#cookies: array:1 [
"" => array:1 [
"/" => array:1 [
"email" => Cookie {#989
#name: "email"
#value: "abc#gmail.com"
#domain: null
#expire: 90012626276.0
#path: "/"
#secure: false
#httpOnly: true
}
]
]
]
But When I try retrieving this cookie using any of below code it returned 'null'
$request->cookie('email');
OR
echo cookie::get('email');
Searching on web didn't helped much as I don't have much time therefore posted it over here.
Also It would be great if someone can explain that would it be fine if I use setcookie php function to set cookie?
My colleague asked me to use laravel specific functions. So I am trying to implement -->
$response->withCookie(cookie('email', $request['email'], 60));
Thanks!!

To set a cookie you should use the following code without calling cookie() function:
$response->withCookie('email', $request['email'], 60);

Related

Changed some chars on a Private key, and JWT still authenticates

I have implemented JWT in order to authenticate on Google cloud, as described in https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
To my surprise, I've noticed that I could change some chars on the private key, and it would still authenticate. Changing chars in some places didn't work, and I got OpenSSL unable to sign data from the PHP JWT library. And some other places resulted in access being denied. But for example, when I changed a char in this line - it authenticated well.
How can that be? That is, I don't think it's possible to change any char on the private key and get it to work. But that's what I see on my local and when checked via GitPod. So I'm wondering what I might be missing.
Here's an example PHP code:
<?php
include_once __DIR__ . '/vendor/autoload.php';
use Firebase\JWT\JWT;
use Symfony\Component\HttpClient\HttpClient;
$privateKey = <<<EOD
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhziG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyGkIPaez6r8jO
8a4oXYtxlDhfnYYQXs/fgG3I7wbbguw5lwcYEQPkm6fcWFpeqeMeOk2tuQKrJBOl
1hRqKEY4QGv1lHR0zatiQ1WOo9n+IgekmNwWLIMH176hRbhA/2uHHBjFgzFsLHOy
JtTrOM/WXyCooVLRy45D1vci7epbkYIxiWmFXcHKkeCldprqHy1oHc/nOYPdbPfZ
0lF0g3y4cuzmiaukiDtaGm9ZfnsFXo+jqlubnF0VvLrr41LddMJMoqh9aOA/KTkt
7L74JQJjGFVRwK/4/8l6xAuwua4IhdZMoV3XWijCeQt8Exi7YohaYRUYlwA5Koz4
96caSsdzAgMBAAECggEAGrkw51IsAjNlDJQb3yemGC02xjYDGyq2wyDomCkxXLeI
zV1ZbaWD8YXfioLhUGnqT6tM43+qpFY98nisSH9xhdg4urkDPlFr4UscJ9JzD5w4
jFx5TYRxRrh6/ITTEEGi9ztihiRYwpPq6jTEZuT33oEYi+Tk4eDKoGg9XcrYCtQK
4WmVt/5wUxE+G0AZEz+Z0fe1xFCfNRZ/4tpso1xopMiUwgNjNaFHAquvJfxbozKP
um5lS8wkETXbH+EnjmSYevPibuLfoZzqfTYxVSwaSqJ8epSk4N3sad7SCq5RvLAv
kQ+BvI582HCAiYPU9K+RTyPbedJuBz8ubgJZpHc5zQKBgQDXzZBSSYXaKLFOHc5j
BvNNmddWZFHFmC8XzccTI3arof8DRrB3w9NUEYwripttJ0cMtozjbxotCNiEybKG
hwaRyBg7MGPVkBsCKDG8UrVA7YoW2eWtcVOeKoSllSjhVsh+wjqi2+g1T6mSrue2
RviFC8k6w2+mYAQYhSwVLpHlXQKBgQDTRvj/CJr9wrd5WxHJ3Gk/D3ZYFW/9H2+M
Ncsi4gQ3fRIhPhAgoCTepEQ6/cyO3KRNY3xrqOXmPII2epfNHg0P3tq0P3zBkbbv
Y1Q9+uFJ3ktFHjTC5BIH4yX6vuPf3iRFiDZq5tIfAR0ACCN/SU1WUoHCrTOJ3MNu
mlSX2SNDDwKBgQDGCBFkMavvImByes+l9/7VO1NsJ+sSFDFC+sawPWHoZWQKsZfG
j6EiCGhEnJE8fUqp0+s92fp/URq/4Ac/hDD3HlN+HU2/8NmYBSJ+2rcRuel6RsKJ
gvFkt0e6W0KEZoreJ4Z/ZKWWJmBKBs8DaeUs0j/6+NVAK+QWTD7DwVSI0QKBgAtC
vCCzr7cYuriwHumYYs+mnlMhiV9/Xm2lrFcGntzqQJ4e9bMXdf+b17shLdbrcaJi
TA5c6Sv1S6dlr1OSZ3XSFewHejnC73Ig5CuNhJZwT6i2bG96wm9DLxIHPJQA/gPq
t6PI+6gFYitPQ70UBhg0u4/JtXaCmrP5a8rQGu4HAoGAVM5lBBRSBSmsbdt4+pWx
/nHVl2XlhhrFpxjPE0VVr0xIv9K8lt/yw3pItTs6zCLxqFYPRSmsLhPKqkxr0VIx
Mg7JhqzjI+AtBoPccRRZwj4DFtjZXW+u6/mrd00IfMFsUw90IhaPRi+eCowSBIE7
4riamH03XlC7Ce3McVRrHyM=
-----END PRIVATE KEY-----
EOD;
$payload = [
'iss' => "bar#foo.iam.gserviceaccount.com",
'sub'=> "bar#foo.iam.gserviceaccount.com",
'aud'=> "https://healthcare.googleapis.com/",
'iat' => time(),
'exp' => time() + 3600,
];
$jwt = JWT::encode($payload, $privateKey, 'RS256');
$client = HttpClient::create();
$url = 'https://healthcare.googleapis.com/v1/projects/foo/locations/us-central1/datasets/my-dataset/fhirStores/my-fhir-store/fhir/Patient';
$patientIdentifier = 'Some-name' . time();
$response = $client->request('POST', $url, [
'headers' => [
'Content-Type' => 'application/fhir+json',
'Authorization' => 'Bearer ' . $jwt,
],
'json' => [
'resourceType' => 'Patient',
'name' => [
0 => [
'family' => 'Migo',
'given' => [
0 => 'Dada',
],
],
],
'gender' => 'male',
'birthDate' => '1980-09-24',
],
]);
echo $response->getContent();
Here is a short video showing the problem I face. I've run it on GitPod, just to be sure it doesn't have my credentials anywhere on it. In the video you can see:
1st execution with the un-altered private key - works well
2nd execution with an altered private key - Still works (and obviously it shouldn't)
3rd execution, undo the previous change, and alter the private key elsewhere - now I get 401.
p.s. I've already changed the private key, so the one here is no longer valid :)
I understand, hashing, signing, private keys, etc very well. Your claim is impossible mathematically. Any change to the private key will result in a different hash which means the public key will no longer work to validate the signature. That form of weakness would have been discovered long ago. Private/public key validation cannot be manipulated by changing the values in one of the keys without changing the other.
One minor point is that the private key is base-64 encoded. You would need to replace those characters with valid base-64 data, which you might have done, but you did not explain in detail what you changed.
Perhaps edit your question with actual code to demonstrate. Give this some thought, if you can demonstrate this, you will be a millionaire next week or at least famous worldwide.

Not redirecting to payment page when payment created

I am trying to integrate laravel-mollie in my website using in the example that they are providing the example. When i'm creating new payment it should redirect me to payment page, But its not showing anything.. here is my code:
public function preparePayment($data, $orderId)
{
$payment = Mollie::api()->payments()->create([
'amount' => [
'currency' => 'EUR',
'value' => '100.00', // You must send the correct number of decimals, thus we enforce the use of strings
],
"description" => "My first API payment",
"redirectUrl" => route('mollie.payment.status'),
'webhookUrl' => route('webhooks.mollie'),
"metadata" => [
"order_id" => $orderId,
],
]);
$payment = Mollie::api()->payments()->get($payment->id);
// redirect customer to Mollie checkout page
return redirect($payment->getCheckoutUrl(), 303);
}
I printed the url. which is showing the link. But not redirecting to the payment page. What did i do wrong! can anyone point me out?
The $payment object looks ok, just double check if your param for the redirectUrl is correct.
Also if I'm not mistaken the redirect to an external URL in Laravel should be something like:
...
return redirect()->away($payment->getCheckoutUrl());

How to extract special characters from route in Zend framework 3

I'm sending a url that has special characters in them.
/contacts?advanceSearch=true&advanceSearchType=rating&advanceSearchValue=A1A+
As you see the variable value of advanceSearchValue is A1A+
But when I retrieve this in controller
$this->params()->fromQuery("advanceSearchValue");
it shows me A1A. It adds space instead of +
This is my route config.
"contacts" => [
"type" => "segment",
"options" => [
"route" => "/contacts[/:action[/:id]]",
"defaults" => [
"controller" => Controller\ContactController::class,
"action" => "index",
],
],
],
This is because + has a special meaning in a URL and Zend knows this and correctly replaces it with a space.
To get a + character into the parsed data you need to URL escape it. This gives the value %2B.
So your full URL should be
/contacts?advanceSearch=true&advanceSearchType=rating&advanceSearchValue=A1A%2B
By the way, what is producing this URL, a web browser should be automatically converting the + character before sending it to the web server?
You need to encode your request-url :
You can encode it by php Or Javascript -
In javascript :
var url= "/contacts?advanceSearch=true&advanceSearchType=rating&advanceSearchValue=A1A+";
url= encodeURI(uri);
In php :
$url = urlencode('/contacts?advanceSearch=true&advanceSearchType=rating&advanceSearchValue=A1A+');
Then use this encoded Url in your ajax.

Unable to send email from Laravel 5.2 using MailGun

I am trying to use the built-in driver for Mailgun to send email. Here's what I have done so far.
Installed Guzzle driver.
Added the following to my config\services.php
'mailgun' => [
'domain' => env('sandbox54d5c9ed96434d689f971fd3.mailgun.org'),
'secret' => env('key-e800aa77cbda23ee8471dd5e'),
],
In my config\mail.php I have added
'driver' => env('MAIL_DRIVER', 'mailgun'),
However, now if I try to do forget password. It says we have sent an email but I don't get anything.
The domain is my sandbox domain name and secret is the API Key.
Am I missing something here or doing something wrong? How can I debug if there are some issues?
Sorry for this late answer, just found your question while googling for something different and hope not too late. If you want to save the credentials in .env, do this in your config\services.php:
'mailgun' => [
'domain' => env('MAILGUN_DOMAIN'),
'secret' => env('MAILGUN_SECRET'),
],
Then in your .env file
MAILGUN_DOMAIN=sandbox54d5c9ed96434d689f971fd3.mailgun.org
MAILGUN_SECRET=key-e800aa77cbda23ee8471dd5e
In the config\services.php you just tell the key on .env file with:
'setting' => env('KEY_IN_ENV')
Laravel will then check if the key found and get the value from .env file:
KEY_IN_ENV = setting_value
Or simply like this in your config\services.php only:
'mailgun' => [
'domain' => 'sandbox54d5c9ed96434d689f971fd3.mailgun.org',
'secret' => 'key-e800aa77cbda23ee8471dd5e',
],
Good for you.

Uploading PDF to Amazon S3 and display in-browser

I am uploading PDF's to AmazonS3 manually, using Panic Transmis and via a PHP script/API.
For some reason, some display in your browser, and some force download.
I have checked permission and can not seem to see any issues, Can anyone help explain how to make PDF's always display in browser ( unless the user specifies otherwise ).
I don't think it is as browser issue.
You need to change the Content-Type and Content-Disposition.
Content-Type: application/pdf;
Content-Disposition: inline;
Using the AWS S3 console, find the file and using the context menu (right click) select Properties then it's under Metadata.
Or change this programmatically:
http://docs.aws.amazon.com/AWSSDKforPHP/latest/index.html#m=AmazonS3/create_object
In companion with well's answer, here an example:
public function save($bucket, $name, $content, $options = [])
{
$this->s3->putObject([
'Bucket' => $bucket,
'Key' => $name,
'Body' => $content,
] + $options);
}
$this->bucket->save('my-bucket', 'SofiaLoren.pdf', $content, [
'ContentType' => 'application/pdf',
'ContentDisposition' => 'inline',
]);