2

right now im stuck at some laravel 5.2 basics. The problem i want to solve is, that I want to add an api-key to a user upon the registration process, which works but it's not safe as it is now.

Right now I have added the API-Key to the registration form, but this would give the possibility that an attacker could change it on form send. Is there a possibility to remove that field from the form and add it to the Request before its processed by the framework? Or anything else how i can add an api key to the registered user upon insert into the database?

Thank you very much in advance for your help!

Improve this question
1
  • Post your code where you handle the data insertion. Commented Jan 18, 2016 at 10:53

2 Answers 2

Reset to default
1

If you are using Laravel's default authentication system you can modify create method like this:

protected function create(array $data)
{
    return User::create([
        'name' => $data['name'],
        'email' => $data['email'],
        'api_key' => code to generate your random string; // add this line
        'password' => bcrypt($data['password']),
    ]);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You can use this PHP-JWT package for your functionality.

A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519.

Basically on authentication you create and store a token locally on the device. Then every time you make a call to the server, you check that token and ensure the user is who they say they are.

You can store tokens for expiration if you want, but not required since the data lives in the token.

Typically JWT is used in stateless apps, so you'll need to move away from the concept of a server session.

Improve this answer

4 Comments

He could just use CSRF tokens built-in with Laravel, instead?
For forms in the same project, CSRF is best but for API and cross platform, This Package is very useful.
I belive he just wants to add a value to an attribute or a column in his user table.
I am using CSRF Tokens, but I have added an additional field to the database called api_key, where i want to store an generated random string. So I need to add the random string after request, not on the form itself.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.