WEBVTT

00:00.350 --> 00:04.670
Okay guys, so it's time that we try if our system works.

00:04.670 --> 00:13.250
I think this video is not only me clicking through the project that I've created, it's an exercise

00:13.250 --> 00:19.280
of how we can debug things that we've created and see why they don't work.

00:19.430 --> 00:28.730
So currently I am thinking everything should work fine, but I need to make sure that's why I'm open.

00:28.760 --> 00:38.090
I'm gonna open the development tools and jump to the application tab to the cookies for this domain.

00:38.240 --> 00:40.280
Just make sure you select yours.

00:40.280 --> 00:43.130
And we see such cookies.

00:43.130 --> 00:47.060
By the way this one is for the PHP session ID.

00:47.240 --> 00:51.740
So by removing this one we can reset the session.

00:51.740 --> 00:57.140
And that's how we're going to check if the Remember Me token works.

00:57.920 --> 01:00.520
Let's try with this admin user.

01:01.300 --> 01:04.150
So the password is admin 123.

01:04.180 --> 01:09.280
Let me check this checkbox and let's log in.

01:10.630 --> 01:15.340
Let me refresh the cookies so I don't see our cookie.

01:15.370 --> 01:19.780
I'm definitely logged in because we have the logout button.

01:20.320 --> 01:24.070
So let's start with the auth controller.

01:24.430 --> 01:27.490
Okay so I think I see the issue right away.

01:27.520 --> 01:30.670
This is grayed out the remember variable.

01:30.670 --> 01:41.290
So I haven't passed the variable to the attempt method which as a reminder accepts this as a third parameter.

01:42.010 --> 01:42.880
Okay.

01:42.880 --> 01:48.730
And that's also a potential issue with optional parameters that you might forget to pass them.

01:51.190 --> 01:51.640
Let's see.

01:51.670 --> 01:54.280
Now I'm going to log out first.

01:54.310 --> 01:59.670
Then I'm going to try again using the right password.

01:59.700 --> 02:01.320
I'm gonna check this.

02:01.350 --> 02:05.970
Not the best looking checkbox and login.

02:05.970 --> 02:08.460
So now something went wrong.

02:08.670 --> 02:11.190
And, um.

02:11.220 --> 02:15.480
Table must not be defined in core model.

02:16.230 --> 02:18.480
Remember token.

02:20.790 --> 02:22.050
Remember token.

02:22.050 --> 02:23.040
Line eight.

02:23.070 --> 02:26.880
All right, let's jump to it.

02:26.910 --> 02:27.570
Um.

02:27.840 --> 02:30.960
Protected static string.

02:31.830 --> 02:33.840
Okay, I see the problem.

02:33.840 --> 02:41.970
So we try to add a type for a model field, which is table.

02:41.970 --> 02:45.780
And in the base class it didn't have a type.

02:45.990 --> 02:49.200
Now I think it should have the type.

02:49.290 --> 02:51.990
And it just makes sense.

02:51.990 --> 02:53.340
It's always a string.

02:53.370 --> 02:56.100
Let's see if I can resend that.

02:56.550 --> 02:57.210
Okay.

02:57.230 --> 03:08.300
Another problem is that the table must be string, and apparently in the user it doesn't have a type.

03:08.330 --> 03:09.110
You know what?

03:09.110 --> 03:16.700
Let's just jump to all the models and make sure we type the table field.

03:16.940 --> 03:18.620
That's comment.

03:18.650 --> 03:21.830
That's post.

03:23.900 --> 03:27.800
Remember token and user.

03:27.830 --> 03:33.800
Okay let's try again by resending the form.

03:35.150 --> 03:35.870
Okay.

03:35.900 --> 03:41.900
Another problem is that the type of ID should not be defined.

03:41.930 --> 03:47.570
Okay, so not to waste too much time on fixing those small issues.

03:48.200 --> 03:55.010
Let's just ignore the type of ID for now as we'd like to check the core functionality.

03:55.010 --> 03:57.190
And this is just slowing us down.

03:58.960 --> 04:02.110
Okay, so this time something has happened.

04:02.530 --> 04:04.060
We've got the token.

04:04.060 --> 04:05.590
It has some value.

04:05.620 --> 04:08.740
That's why we have used this.

04:08.770 --> 04:10.300
Been to hex function.

04:10.300 --> 04:16.330
Not sure if you even remember that, but we wanted this token to be human readable.

04:16.360 --> 04:25.840
And when we generated it in the Remember token class, we've used this pin to hex function because random

04:25.840 --> 04:33.070
bytes would really be random and some of the bytes don't really have a corresponding characters.

04:33.220 --> 04:35.650
So that's our token.

04:37.660 --> 04:41.530
At this point I'm just going to jump back to the database.

04:41.560 --> 04:45.850
I think it's super handy to have an SQLite database for development.

04:45.880 --> 04:50.290
It's so quick to jump back and forth to the database.

04:51.190 --> 04:54.780
Okay, let me enlarge the row view.

04:55.530 --> 05:06.120
I see a token here, and if I quickly take a look at it by comparing the beginning and the ending.

05:06.150 --> 05:11.790
Well, it is exactly the same, which confirms it should really be fine.

05:11.820 --> 05:15.090
Now this date is one month from now.

05:15.090 --> 05:18.300
I'm recording this on ninth.

05:18.330 --> 05:21.030
Sorry, 7th of September, I guess.

05:21.030 --> 05:23.820
So, seventh or eighth doesn't matter.

05:23.820 --> 05:25.920
Around one month earlier.

05:25.920 --> 05:28.290
So this expiry date is fine.

05:28.470 --> 05:30.750
Okay, so here's a created update.

05:30.750 --> 05:35.070
So that is my current date okay.

05:35.070 --> 05:40.830
So it seems that everything works at least up until now.

05:41.070 --> 05:44.400
Now we're gonna do some destruction.

05:44.400 --> 05:52.080
We're gonna remove this PHP session ID cookie, which PHP just internally is using to track the user

05:52.080 --> 06:01.130
session by setting this expiring cookie, it can just get the session data for you.

06:01.160 --> 06:06.950
Session data is stored on the server, but it is identified by the cookie value.

06:07.040 --> 06:09.290
Now which one does remove.

06:09.320 --> 06:09.890
Okay.

06:09.890 --> 06:13.640
So this button will remove the selected cookie.

06:14.180 --> 06:15.800
I'm doing it right now.

06:16.490 --> 06:19.130
Normally we would be signed out.

06:19.130 --> 06:28.310
And that's a test if everything works because we now have this remember token in a cookie and in a database.

06:28.310 --> 06:31.910
And when I refresh this page I should still be authenticated.

06:31.910 --> 06:37.730
If I am not, then we have something to fix and we are authenticated.

06:37.730 --> 06:39.500
As you see the session ID is different.

06:39.530 --> 06:42.980
Or maybe you didn't see that because probably you didn't focus on that.

06:42.980 --> 06:43.970
But it is different.

06:43.970 --> 06:52.370
It was recreated and I am still authenticated, not in the session, but using the cookie.

06:53.810 --> 06:58.250
So maybe the next test would be to get rid of this.

06:58.250 --> 07:03.620
Remember token or another test is to refresh again.

07:03.620 --> 07:11.360
Because if we fetch this remember token we should get a new one.

07:11.360 --> 07:13.790
And I think it is a different one.

07:13.790 --> 07:16.400
It starts with different characters.

07:16.400 --> 07:21.110
Well, you also maybe didn't remember that because I don't expect you to.

07:21.230 --> 07:25.340
This is just some random characters, but I remember it was different.

07:25.340 --> 07:31.850
So another test is let me jump to the database and see if we don't have duplicate tokens, and if we

07:31.850 --> 07:39.260
have just this one, if our update method has worked, and I can see that it has worked because this

07:39.260 --> 07:43.250
token is exactly the same as that one in the browser.

07:44.480 --> 07:48.050
So this token rotation has worked.

07:48.080 --> 07:51.040
Let me refresh again.

07:51.040 --> 07:52.380
We are still authenticated.

07:52.380 --> 07:54.900
And there we have it.

07:55.500 --> 07:56.640
Another token.

07:56.640 --> 07:57.840
This one is different.

07:57.870 --> 07:59.790
Let me refresh the database.

08:02.910 --> 08:07.680
And it is exactly the same as on the application network tab.

08:08.670 --> 08:13.230
Okay, so this functionality looks like it just works.

08:13.230 --> 08:16.320
We can stay authenticated up to 30 days.

08:16.320 --> 08:21.300
And every single time we refresh the page we're going to get a new token.

08:21.300 --> 08:24.120
Now the final test is to log out.

08:26.850 --> 08:30.210
So now I hit logout and the cookie was destroyed.

08:30.210 --> 08:34.170
And this row should also be destroyed.

08:34.620 --> 08:35.670
It wasn't.

08:35.670 --> 08:38.550
So that's a thing we should fix.

08:38.550 --> 08:44.850
We should make sure that this token is destroyed first.

08:45.360 --> 08:47.370
So we've got one thing to fix.

08:47.370 --> 08:53.990
Everything else seems to work perfectly Now, this token does not match any cookie, but it is still

08:53.990 --> 08:56.120
valid and it stays in the database.

08:56.120 --> 09:01.550
So if someone would figure it out, he would be able to authenticate himself.

09:01.970 --> 09:05.960
That's why we need to make sure it is actually deleted.

09:06.650 --> 09:09.230
Okay, so let's debug it live.

09:09.230 --> 09:12.740
I think it will be a useful exercise.

09:12.740 --> 09:15.590
So I'm not scripting this.

09:15.590 --> 09:17.030
It's not planned.

09:17.150 --> 09:23.570
I'm just gonna try and fix the issue so you can see how this is typically done.

09:23.780 --> 09:28.400
So I'm sure that I'm logging out using this method.

09:28.400 --> 09:35.810
And it kind of worked because we see the cookie was destroyed but the token wasn't.

09:35.810 --> 09:38.840
So let's jump to clear token method.

09:39.740 --> 09:49.300
And it seems that we need to vardump the token string.

09:52.510 --> 09:54.520
To see if it was found.

09:54.550 --> 09:57.790
Because the last thing is removing the cookie.

09:58.930 --> 10:06.610
So maybe I'm going to vardump that at this point saying token is.

10:07.690 --> 10:10.660
So we just have all the steps.

10:12.280 --> 10:17.800
Next up we're gonna print the token object.

10:21.010 --> 10:29.260
That this token, maybe it is just empty or we have something wrong with this method.

10:29.290 --> 10:30.460
No one knows.

10:32.590 --> 10:34.780
And then there's delete method.

10:34.900 --> 10:46.750
Um, let me var dump, um, id is and this id maybe the id is not set for any reason.

10:49.230 --> 10:54.600
And finally, let me just dump the result of a delete query.

10:59.460 --> 11:02.730
I think maybe that's enough.

11:02.730 --> 11:04.710
Let's see how this would work.

11:05.610 --> 11:12.240
So I want to be remembered for sure the login and password.

11:12.240 --> 11:14.700
We are signing in now.

11:14.700 --> 11:15.870
Let me log out.

11:16.230 --> 11:17.040
Oh yeah.

11:17.640 --> 11:22.350
The final thing is we need to die.

11:22.380 --> 11:23.640
I forgot about that.

11:23.640 --> 11:26.250
So the auth controller.

11:29.190 --> 11:30.270
Is it this one?

11:30.270 --> 11:30.690
Destroy.

11:30.720 --> 11:31.050
Okay.

11:31.050 --> 11:33.630
We need to die so we can see the output.

11:34.770 --> 11:36.870
Okay, let's do it quickly.

11:37.710 --> 11:39.240
Admin 123.

11:39.270 --> 11:42.210
The remember token sign in sign out.

11:42.240 --> 11:42.840
Okay.

11:44.070 --> 11:46.280
So the token is.

11:46.280 --> 11:48.260
And this was the token.

11:48.290 --> 11:50.150
The token object.

11:50.420 --> 11:56.120
Um, it did match the token from the cookie, it seems.

11:57.200 --> 12:01.730
So I think that at this point we might try something else.

12:01.880 --> 12:09.890
Maybe the token that stays in the database is maybe some old token that we didn't remove.

12:09.920 --> 12:14.270
Maybe something went wrong and it just stayed because things went wrong.

12:14.300 --> 12:17.360
It doesn't match the ID that I see on the screen.

12:17.360 --> 12:21.290
And also this one seems to be removed.

12:21.530 --> 12:27.590
What I'm gonna do is I'm just gonna load the fixtures again.

12:29.390 --> 12:37.310
So let me do composer fixtures, suggest the correct method.

12:37.310 --> 12:38.480
I'm going to run it.

12:39.920 --> 12:44.450
So hopefully this would also remove the remember tokens.

12:44.450 --> 12:46.900
I'm not sure if that would be the case.

12:46.930 --> 12:47.530
Okay.

12:47.530 --> 12:48.490
Not really.

12:48.760 --> 12:51.190
Anyway, that's not a problem.

12:51.190 --> 12:57.850
Let's jump to fixtures and let's add another query.

13:01.150 --> 13:04.390
That removes everything from remember tokens.

13:05.590 --> 13:08.740
Okay, let's run that.

13:08.770 --> 13:09.760
Confirm with.

13:09.790 --> 13:10.390
Yes.

13:10.420 --> 13:11.140
Okay.

13:12.400 --> 13:15.970
Now this table should really be emptied.

13:16.060 --> 13:17.350
And it is.

13:18.520 --> 13:22.390
And we just need to clean up after ourselves.

13:22.390 --> 13:25.480
So I think it would work now.

13:25.480 --> 13:30.430
So let me remove this debugging code.

13:32.380 --> 13:34.270
Find validate.

13:34.270 --> 13:38.320
We don't really have any debugging in here and here.

13:38.320 --> 13:40.960
We need to get rid of this.

13:42.490 --> 13:44.520
And this vardump.

13:45.810 --> 13:52.710
Just make sure we run the query and the auth controller shouldn't die.

13:54.240 --> 14:03.060
So what I expect right now is that we actually get the token deleted when we log out.

14:03.090 --> 14:08.640
Let me restart the server and zoom out a little.

14:11.010 --> 14:15.510
And the last time let's test signing in.

14:16.680 --> 14:20.700
Remembering ourselves there is the cookie.

14:20.700 --> 14:26.400
Remember token there is the value starting with four, eight, six.

14:26.430 --> 14:28.020
Okay, let's log out.

14:28.050 --> 14:29.370
Cookie is gone.

14:30.720 --> 14:32.280
The database.

14:32.580 --> 14:33.930
Let's refresh.

14:33.930 --> 14:35.160
And it is empty.

14:35.160 --> 14:41.700
So it was removed, which confirms that everything has worked fine and our feature is finished.