AO-IO

Experience

120

0 Best Reply Awards

  • Member Since 4 Days Ago
  • 0 Lessons Completed
  • 0 Favorites

11th October, 2018

AO-IO left a reply on Protect User Settings From Being Access By Other Users • 4 days ago

@Norbertho I tried this as well but no luck :\ anyways thank you

AO-IO left a reply on Protect User Settings From Being Access By Other Users • 4 days ago

@D9705996 Well I fixed it by using the route in web.php

I guess I will stick to web.php for now.

AO-IO left a reply on Protect User Settings From Being Access By Other Users • 4 days ago

this is the request error 401 :

http://prntscr.com/l51ewq

request headers :

http://prntscr.com/l51f6j

Response :

http://prntscr.com/l51fdr

the slug is being passed without problems but it keeps saying not auth! (the token is passed tho)

AO-IO left a reply on Protect User Settings From Being Access By Other Users • 4 days ago

@D9705996 I'm using the default laravel auth

these two methods from PrivateProfileController


public function show($id)
  {
       $user = User::findBySlugOrFail($id);
     
       return response()->json($user);
  }

public function update(Request $request, $id)
  {
      $user = User::findBySlug($id);
      $user->update([
          'email'=>$request->email,
          'education_level'=>$request->education_level,
          'field'=>$request->field,
          
      ]);


      if($request->has('password')){
          $user->save([
              'password'=>$request->password
          ]);
      }

      return response()->json('user updated',200);

     
  
  }

AO-IO left a reply on Protect User Settings From Being Access By Other Users • 4 days ago

@Norbertho I tried both id and slug not working And yes I'm sending the csrf-token

<profile-section1 data="{{$user->slug}}" ></profile-section1>

still getting this response :

message: "Unauthenticated."

AO-IO left a reply on Protect User Settings From Being Access By Other Users • 4 days ago

@Norbertho well any auth user can access others settings :\

AO-IO started a new conversation Protect User Settings From Being Access By Other Users • 4 days ago

Hello,

I made this middleware to protect "user settings " from being access by other auth users.

   public function handle($request, Closure $next)
    {
         if ($request->slug != auth()->user()->slug) {
            return redirect()->to('/');
        }
        return $next($request);
    }

And I'm using vueJs to update the profile

I managed to get the slug to pass it to my url :

Route::put('/profile/{slug}','[email protected]');
  axios.put(`/api/profile/${this.data}`)

I used props to get my slug.

so the problem is when I ever use this route it says 401 or 500 error in the console:.

am I doing this wrong?

how I can solve this problem so VUEJS can match the request URL with the auth user (Like in the middleware)?

Edit Your Profile
Update

Want to change your profile photo? We pull from gravatar.com.