i am new to WebApi and MVC....please help me to go forward.
Below is the scenario in which i am facing an issue.
In WebApi Controller i want to write custom/userdefined get/post method
and i want to pass string parameter as an argument.
but its throwing an error....
it is by defaultly accepting only integer parameter.
below is the method i need to add to webapicontroller.
[HttpGet]
public bool IsExists(string email)
{
//code: It will return true if email already exists else returns false.
}
even i added the custom routing in webApi.config file before the default API routing.
routes.MapHttpRoute(
name: "CustomApi",
routeTemplate: "api/{Controller}/{Action}/{email:string}",
defaults: null
);
Thanks in advance. :)
You could just use the attribute routing if you are using WebApi 2:
[Route("api/emails/exists/{email}")]
[HttpGet]
public bool IsExists(string email)
{
//code: It will return true if email already exists else returns false.
}
This will take the value passed in {email} and pass it in the method.
Although this references WebApi2 route constraints, ":string" is not a valid constraint by default.
Try removing the :string from your route definition.
Related
When I am tring to get loggedin user details using auth:api middleware, it returns user object with details in my controller function.
api.php (with auth:api middleware returns User object)
Route::group(['middleware' => 'auth:api'], function() {
Route::get('users/mentor_details/{uuid}','UserController#getMentorProfileDetails');
});
But when I am trying to get loggedin user details outside this auth:api middleware, it returns null.
api.php (without auth:api middleware return null)
Route::get('users/mentor_details/{uuid}','UserController#getMentorProfileDetails');
When the auth middleware is not provided, or is provided without specifying the guard, the default guard is used to determine the user. Unless you have changed this in your config/auth.php file, the default guard is the web guard.
So, when you go to a route that is not protected by a specific auth middleware, the user that is loaded is the one provided by the web guard.
Therefore, even though you may be sending the bearer token to use a specific user, the web guard doesn't know anything about that, and since you have no user logged in via the web guard, you are getting a null user.
You've got four options:
Make sure the route is protected by the auth:api middleware, which specifies the api guard. This, however, will not allow guests to access the url.
Change your default guard to api in your config/auth.php file. This is probably not what you want to do, especially if you do have normal web users.
Tell the request you want the user from the api guard. The $request->user() method takes a guard as an argument, so if you do $request->user('api'), it will retrieve the user using the api guard.
Get the user from the api guard directly: auth()->guard('api')->user().
The auth middleware is the one returning the user. auth:api just indicates to use the API guard. In the source code of laravel, the file vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php line 62, the function shouldUse is the one setting the Auth::user() object. Check out also vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php shouldUse function
override createToken() method app\Models\User.php like below.
public function createToken($user_id,$name, array $scopes = [])
{
return Container::getInstance()->make(PersonalAccessTokenFactory::class)
->make(
$user_id, $name, $scopes
);
}
And create token as given below wherever you want and explicitly pass $user_id.
$user= new user();
$accessToken = $user->createToken($user_id,'authToken')->accessToken;
Now you will get $request->user()
override register() method app\Exceptions\Handler.php like below-
public function register() {
$this->renderable(function (\Illuminate\Auth\AuthenticationException $e, $request) {
if ($request->is('api/*')) {
return response()->json([
'message' => 'Not authenticated'
], 401);
}
});
}
I'm setting up a web page using cookies to determine if the user already logged in, using a cookie containing his id. Problem is : The cookie is either not written or the cookie collection is not updated.
I've tried reading the documentation, but it does not define the usage of CookieCollection.
Here's the function where i write my cookie :
function displayData(){
$id = $this->getRequest()->getSession()->read('id');
$cookies = CookieCollection::createFromServerRequest($this->getRequest());
if(!$cookies->has('id')){
$cookie = (new Cookie('id'))
->withValue($id)
->withExpiry(new DateTime('+999 year'))
->withPath('/')
->withDomain('break-first.eu')
->withSecure(true)
->withHttpOnly(true);
$cookies = $cookies->add($cookie);
}
// Other stuff
}
And where I try reading it :
function index(){
$cookies = $this->getRequest()->getCookieCollection();
dd($cookies);
}
I expect having a cookie named "id", but I don't have it. Only CAKEPHP and pll_language are showing up.
First things first, CakePHP provides authentication functionality with cookie authentication, you may want to have a look at that instead of driving a custom solution.
Cookbook > Plugins > Authentication
That being said, what you're doing there will create a cookie collection object, which however is just that, a lone object somewhere in space, it won't affect the state of your application, in order for that to happen you have to actually modify the response object.
However what you're trying to do there doesn't require cookie collections in the first place, you can simply read and write cookies directly via the methods provided by the request and response objects, like:
// will be `null` in case the cookie doesn't exist
$cookie = $this->getRequest()->getCookie('id');
// responses are immutable, they need to be reassinged
this->setResponse(
$this->getResponse()->withCookie(
(new Cookie('id'))
->withValue($id)
->withExpiry(new DateTime('+999 year'))
->withPath('/')
->withDomain('break-first.eu')
->withSecure(true)
->withHttpOnly(true)
)
);
And if you where to use a cookie collection for whatever reason, then you'd use withCookieCollection() to pass it into the response:
$this->setResponse($this->getResponse()->withCookieCollection($cookies));
If you run into strict typing errors, you could for example create a custom reponse class with an overridden Response::convertCookieToArray() method and cast the string to an integer there (make sure that PHP_INT_MAX covers your target date timestamp, 32-Bit incompatibility is why the fix that landed in CakePHP 4.x, probably won't come to 3.x), something like:
src/Http/Response.php
namespace App\Http;
use Cake\Http\Cookie\CookieInterface;
use Cake\Http\Response as CakeResponse;
class Response extends CakeResponse
{
protected function convertCookieToArray(CookieInterface $cookie)
{
$data = parent::convertCookieToArray($cookie);
$data['expire'] = (int)$data['expire'];
return $data;
}
}
You can pass that into the app in your webroot/index.php file, as the second argument of the $server->run() call:
// ...
$server->emit($server->run(null, new \App\Http\Response()));
See also
Cookbook > Request & Response Objects > Request > Cookies
Cookbook > Request & Response Objects > Response > Setting Cookies
In .net core i use one controller method. that method is httpget method. That method has to receive the object as a parameter. In client side i Just pass the parameter like as
let data ={
"Id":1,
"Name":"xxx"
}
http://localhost/controller/GetObject?model=data
In controller side method is
[HttpGet]
public IActionResult GetObject([FromBody]ViewModel model)
{
}
The controller method definitelly will be a httpget. I don't know how to do it using .net core? If anyone knows please convey..
HTTP GET doesn't have a "body". You're passing this data in as a query parameter.
You either need to pass each param in via the query:
http://localhost/controller/GetObject?id=1&name=xxx
and then include parameters from your controller method:
[HttpGet]
public IActionResult GetObject(int id, string name)
{
}
or you need to use an HTTP POST post and pass in the data as part of the body.
Currently, I'm using the CRUD v4 plugin for Cakephp 3. For the edit function in my user controller it is important that only a user itself can alter his or her credentials. I want to make this possible by inserting the user id from the authentication component. The following controller method:
public function edit($id = null){
$this->Crud->on('beforeSave', function(\Cake\Event\Event $event) {
$event->subject()->entity->id = $this->Auth->user('id');
});
return $this->Crud->execute();
}
How can I make sure I don't need to give the id through the url? The standard implementation requires the url give like this: http://domain.com/api/users/edit/1.json through PUT request. What I want to do is that a user can just fill in http://domain.com/api/users/edit.json and send a JSON body with it.
I already tried several things under which:
$id = null when the parameter is given, like in the example above. Without giving any id in the url this will throw a 404 error which is caused by the _notFound method in the FindMethodTrait.php
Use beforeFind instead of beforeSave. This doesn't work either since this isn't the appropriate method for the edit function.
Give just a random id which doesn't exist in the database. This will through a 404 error. I think this is the most significant sign (combined with point 1) that there is something wrong. Since I try to overwrite this value, the CRUD plugin doesn't allow me to do that in a way that my inserting value is just totally ignored (overwriting the $event->subject()->entity->id).
Try to access the method with PUT through http://domain.com/api/users.json. This will try to route the action to the index method.
Just a few checks: the controllerTrait is used in my AppController and the crud edit function is not disabled.
Does anyone know what I'm doing wrong here? Is this a bug?
I personally would use the controller authorize in the Auth component to prevent anyone from updating someone else's information. That way you do not have to change up the crud code. Something like this...
Add this line to config of the Auth component (which is probably in your AppController):
'authorize' => ['Controller']
Then, inside the app controller create a function called isAuthorized:
public function isAuthorized($user) {
return true;
}
Then, inside your UsersController you can override the isAuthorized function:
public function isAuthorized($user) {
// The owner of an article can edit and delete it
if (in_array($this->request->action, ['edit'])) {
$userId = (int)$this->request->params['pass'][0];
if ($user['id'] !== $userId) {
return false;
}
}
return parent::isAuthorized($user);
}
I'm using reCaptcha in an MVC application.
In controller i have
RecaptchacontrolMVC.CaptchaValidator attribute.
My CaptchaValid always return false with the error message
"Invalid reCAPTCHA request. Missing challenge value."
[RecaptchaControlMvc.CaptchaValidator]
public ActionResult Login(Model model, bool captchaValid, string
captchaErrorMessage)
{
if(captchValid)//this is false
}
Am I missing something?
Not sure But Re-captcha require 4 fields to verify as stated here.
https://developers.google.com/recaptcha/docs/verify
I believe you are missing the parameter "challenge" in your post request. Try to see whats getting passed in HTTPFox or Firebug.
You probably don't have the correct public key/private key combination for the URL that you set up for this Recaptcha control.