sustained

sustained

Member Since 1 Year Ago

Sheffield

Experience Points
31,710
Total
Experience

3,290 experience to go until the next level!

In case you were wondering, you earn Laracasts experience when you:

  • Complete a lesson — 100pts
  • Create a forum thread — 50pts
  • Reply to a thread — 10pts
  • Leave a reply that is liked — 50pts
  • Receive a "Best Reply" award — 500pts
Lessons Completed
274
Lessons
Completed
Best Reply Awards
5
Best Reply
Awards
  • start-engines Created with Sketch.

    Start Your Engines

    Earned once you have completed your first Laracasts lesson.

  • first-thousand Created with Sketch.

    First Thousand

    Earned once you have earned your first 1000 experience points.

  • 1-year Created with Sketch.

    One Year Member

    Earned when you have been with Laracasts for 1 year.

  • 2-years Created with Sketch.

    Two Year Member

    Earned when you have been with Laracasts for 2 years.

  • 3-years Created with Sketch.

    Three Year Member

    Earned when you have been with Laracasts for 3 years.

  • 4-years Created with Sketch.

    Four Year Member

    Earned when you have been with Laracasts for 4 years.

  • 5-years Created with Sketch.

    Five Year Member

    Earned when you have been with Laracasts for 5 years.

  • school-session Created with Sketch.

    School In Session

    Earned when at least one Laracasts series has been fully completed.

  • welcome-newcomer Created with Sketch.

    Welcome To The Community

    Earned after your first post on the Laracasts forum.

  • full-time-student Created with Sketch.

    Full Time Learner

    Earned once 100 Laracasts lessons have been completed.

  • pay-it-forward Created with Sketch.

    Pay It Forward

    Earned once you receive your first "Best Reply" award on the Laracasts forum.

  • subscriber-token Created with Sketch.

    Subscriber

    Earned if you are a paying Laracasts subscriber.

  • lifer-token Created with Sketch.

    Lifer

    Earned if you have a lifetime subscription to Laracasts.

  • lara-evanghelist Created with Sketch.

    Laracasts Evangelist

    Earned if you share a link to Laracasts on social media. Please email [email protected] with your username and post URL to be awarded this badge.

  • chatty-cathy Created with Sketch.

    Chatty Cathy

    Earned once you have achieved 500 forum replies.

  • lara-veteran Created with Sketch.

    Laracasts Veteran

    Earned once your experience points passes 100,000.

  • 10k-strong Created with Sketch.

    Ten Thousand Strong

    Earned once your experience points hits 10,000.

  • lara-master Created with Sketch.

    Laracasts Master

    Earned once 1000 Laracasts lessons have been completed.

  • laracasts-tutor Created with Sketch.

    Laracasts Tutor

    Earned once your "Best Reply" award count is 100 or more.

  • laracasts-sensei Created with Sketch.

    Laracasts Sensei

    Earned once your experience points passes 1 million.

  • top-50 Created with Sketch.

    Top 50

    Earned once your experience points ranks in the top 50 of all Laracasts users.

Level 7
31,710 XP
Jul
24
3 months ago
Activity icon

Replied to Passport Token Is Still Valid After Revocation (even Deletion)?

Bump. Still stuck with this one.

Jul
21
3 months ago
Activity icon

Replied to Passport Token Is Still Valid After Revocation (even Deletion)?

Hey, thanks for replying.

No, the test fails in precisely the same way if I try to delete the token(s) that way instead.

Activity icon

Started a new Conversation Passport Token Is Still Valid After Revocation (even Deletion)?

I have a test that:

  • creates a user
  • hits the login endpoint to get a token
  • hits the logout endpoint to revoke a token (tried deleting too)
  • hits the user endpoint to make sure the token was revoked (this part fails)

I don't understand what the problem is. I'm getting a 200 and the user data is being returned even after revoking (and/or deleting) the token.

This is the relevant part of the AuthController:

    public function logout(Request $request)
    {
        try {
            $request->user()->token()->revoke();
            $request->user()->token()->delete();

            return response()->json([
                'type' => 'logout_success',
                'message' => 'User logged out.'
            ]);
        } catch (Exception $e) {
            return $this->respondWithGenericError($e);
        }
    }

And the relevant part of the test:

<?php
class AuthTest extends TestCase
{
    use RefreshDatabase;

    protected function setUp() : void
    {
        parent::setUp();

        \Artisan::call('migrate');
        \Artisan::call('passport:install');
    }

    public function test_that_tokens_are_revoked_upon_logout()
    {
        $user = factory(\App\User::class)->create();

        $response = $this
            ->postJson('/api/auth/login', [
                'email' => $user->email,
                'password' => 'password' // NOTE: Is default password set by User factory.
            ])
            ->assertJsonStructure([
                'access_token',
                'expires_at',
                'token_type'
            ]);

        $this
            ->actingAs($user)
            ->getJson('/api/auth/logout', [
                'Authorization' => 'Bearer ' . $response->json()['access_token']
            ])
            ->assertJsonFragment(['type' => 'logout_success']);

        // FIXME: Why do we get a 200?
        $this
            ->actingAs($user)
            ->getJson('/api/auth/user', [
                'Authorization' => 'Bearer ' . $response->json()['access_token']
            ])
            ->assertStatus(401);

        // $this
        //     ->assertDatabaseHas('oauth_access_tokens', [
        //         'user_id' => $user->id,
        //         'revoked' => true
        //     ]);
    }
}
Jun
16
4 months ago
Activity icon

Replied to Auth Choices For SPA + Internal/closed API.

I mean, the "main" JWT library for Laravel has 398 open issues and 13 open pull requests. It just doesn't exactly inspire confidence in the hip and cool new JWT movement. Auth is important and should be done right.

It's the reason I went with default Laravel auth scaffolding until now - I trust them.

Activity icon

Started a new Conversation Auth Choices For SPA + Internal/closed API.

It seems like there's a million different ways to implement auth and it can be a bit overwhelming.

There's Passport, there's JWTs, there's the token driver, there's just using the web routes with an api prefix and probably more options.

In the case that you have a Laravel app and that Laravel app serves a Vue SPA which wants to consume its own (the Laravel) API, which option should one use?

At this point in time, my API will be closed/internal/only for self-consumption.

Are JWTs the "correct" answer? But in the future I'll likely open up my API, so I want to be future-proof. Also I don't want to lock myself out of the possibility of having some good old-fashioned Laravel backed routes that still work with auth.

Up until now, I've had all my API routes in web.php in a group with an api prefix and an ajax middleware and have been using the default Axios setup (that sends CSRF tokens etc.) but now I'm at the stage where I'd like to move the login/register etc. stuff that comes with the Laravel auth scaffolding into the SPA itself.

But it seems like that default auth scaffolding just isn't designed to accommodate that use-case, correct? So now I will be forced to get my hands dirty and write some auth code, as opposed to using what Laravel provides?

I just really don't want to get auth wrong and I don't particularly trust these thousands of tutorials and guides that all do things in slightly different ways. I have no doubt many of them are flawed, security-wise and I've read about various security concerns with JWTs.

I wish that the Laravel docs had some comprehensive information on doing auth properly with a Vue SPA that self-consumes its own Laravel API, or that there was a course which covered this in detail. There is this series but so far it's only covering the use-case of an app on one domain consuming the API of a separate Laravel app on another domain which is not at all what I want.

Thanks for reading!

Jun
08
5 months ago
Activity icon

Started a new Conversation And Tips/advice On Testing Scheduled Tasks?

This is essentially a cross-post for this request.

Has anyone ever successfully applied TDD to the task scheduler? If so, I'd appreciate any information at all you can share on the process.

As I mentioned in the other thread, I don't see how one could possibly mock something like the scheduler cron job.

And you'd need to fake advances of system time within said process, but from the tests.

Is this even possible?

Activity icon

Started a new Conversation Request For Lesson(s) On Testing Scheduled Tasks + Jobs/queues.

This requests subforum is for requesting videos on specific topics, right?

I'm working on an application that will rely heavily on jobs/queues and scheduled tasks. Them working properly, flawlessly even, will be vital and as such I think I need to apply TDD here.

There is some information available on testing jobs/queues but I can't even imagine how one begins to test scheduled tasks.

You'd have to somehow have the scheduler running in the context of the tests (I don't see how such a thing could be mocked) and you'd need to fake advances of system time and have the actual scheduler react to them.

I can't even begin to imagine how this would be accomplished.

Perhaps this would make for a good advanced lesson.