Level 122
routes?
controllers?
May 17, 2022
7
Level 1
Lost authentication data and wrong request method
Hello,
I connect to a laravel site through another portal site that sends me to my home page with a token that allows me to authenticate myself.
It works perfectly with my development App on my PC, but on the pre-production server, I have an error "The POST method is not supported for this route" and if I change my route to post, I have a error 419 Page Expired.
I don't understand why my route is considered to be in post. If I reload the page by pressing enter in the url, the page loads normally but I lose my authentication data.
I tried to create a redirect route but I have the same problem Route::redirect('/Auth', '/Home');
My AuthServiceprovider :
<?php
namespace App\Providers;
use App\Models\User;
use App\Policies\VTCPolicy;
use Firebase\JWT\ExpiredException;
use Firebase\JWT\JWT;
use Firebase\JWT\SignatureInvalidException;
use GuzzleHttp\Client as HTTPClient;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Storage;
use Illuminate\Http\Request;
use Session;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
VTCPolicy::class => 'App\Policies\VTCPolicy',
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
$publicKey = $this->getPublicKey();
$user = null;
$request = $this->app->request;
try {
$jwt = $request->token;
$data = JWT::decode($jwt, $publicKey, array('RS256'));
$user = json_decode(json_encode((array) $data));
}
catch (SignatureInvalidException | \DomainException $e)
{
$request->attributes->set('errorToken', ['status' => 'Token is Invalid', 'code' => 401]);
}
catch (ExpiredException $e)
{
$request->attributes->set('errorToken', ['status' => 'Token is Expired', 'code' => 401]);
}
catch (\UnexpectedValueException $e)
{
$request->attributes->set('errorToken', ['status' => 'Authorization Token not found', 'code' => 401]);
}
catch (\Exception $e)
{
$request->attributes->set('errorToken', ['status' => 'Unknown Error', 'code' => 500]);
}
if ($user !== null)
{
$userDB = User::where('mbr_login', $user->username)->first();
if ($userDB != null)
{
Auth::login($userDB);
return $userDB;
}
else
{
dd("Error 403");
}
}
}
private function getPublicKey()
{
$baseUri = 'public key URL';
$client = new HTTPClient(['base_uri' => $baseUri, 'verify' => false]);
$response = $client->request('GET', 'publicKey');
$publicKey = (string) $response->getBody();
return $publicKey;
}
}
Level 1
I removed the authentication, it does not change anything.
The problem occurs on the route called by the portal website.
I changed to a basic route, but I have the same error message. (The POST method is not supported for this route)
@snapey The last route i tried :
Route::get('/Auth', function () {
return 'TEST';
});
Level 122
@Chris_ clearly a POST request is being made.
The POST method is not supported for this route
Level 1
I went back to see the person in charge of the web portal, there was indeed a post on his side. I was able to resolve the 419 error by disabling the crsf vérification on the home page.
I have another error, the Auth::login($userDB); of my AuthServiceProvider works on the 1st page but is lost if I change the page. (only on the server, I have no problem on the local version). If I do a dd(Auth::user()); on the controller of the 1st page, it's OK, but on the controller of another page, I have a null result.
ex :
<?php
namespace App\Http\Controllers;
use Illuminate\Validation\Rules\Exists;
use Illuminate\Support\Facades\DB;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
class RefPdaauController extends Controller
{
public function show(ref $ref)
{
dd(Auth::user());
}
}
Anyone know where it can come from?
Edit : not a page but a route, only the 1st route has authentification data
Level 1
I resolve the probleme by using $_session instead of auth::login
Please or to participate in this conversation.