Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Could not get it to work for non-local environment #76

Closed
jafar-albadarneh opened this issue Oct 23, 2018 · 40 comments
Closed

Could not get it to work for non-local environment #76

jafar-albadarneh opened this issue Oct 23, 2018 · 40 comments

Comments

@jafar-albadarneh
Copy link

jafar-albadarneh commented Oct 23, 2018

At first, i'd like to appreciate your efforts in producing such an amazing package.
I've updated the Gate::define method to return always true

Nothing is being logged to telescope. telescope entries table is empty, although I made sure the all flags in config/telescope is set to true.
Any clue where the problem could be ?

@L3o-pold
Copy link

L3o-pold commented Oct 23, 2018

Remove this from the register function

    Telescope::filter(function (IncomingEntry $entry) {
            if ($this->app->environment() == 'local') {
                return true;
            }

            return $entry->isReportableException() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();
    });

@jafar-albadarneh
Copy link
Author

@L3o-pold Perfect, Thanks

@120dev
Copy link

120dev commented Oct 24, 2018

excuse me I can not connect to the dashboard with a non local env

  public function register()
    {
        // Telescope::night();

        Telescope::filter(function (IncomingEntry $entry) {
           return true;

            return $entry->isReportableException() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();
        });
    }

    /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return true;
        });
    }

@L3o-pold
Copy link

@120dev It should works, what kind of message do you have?

@MuzafferDede
Copy link

+1, can't connect the dashboard with production env.

@mydnic
Copy link

mydnic commented Oct 25, 2018

+1 I got 403 Forbidden in Production even if the Gate returns always true

@MuzafferDede
Copy link

MuzafferDede commented Oct 25, 2018

I am not sure if it's only me or it is a bug but, i think i found the issue. The problem is it doesn't discover App\Providers\TelescopeServiceProvider::class, So adding App\Providers\TelescopeServiceProvider::class, in config/app.php fixes it. Then i can set in .env file

APP_ENV=production

and in app\Providers\TelescopeServiceProvider.php

  /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return in_array($user->email, [
                "admin@admin.com",
            ]);
        });
    }

then without any issue i can reach /telescope with the user admin@admin.com logged in.

@andreshg112
Copy link

Same here! It works when I use APP_ENV=local.

I tried @DrAmen solution but It didn't worked for me.

app.php

'providers' => [

        /*
     * Laravel Framework Service Providers...
     */
        Illuminate\Auth\AuthServiceProvider::class,
        Illuminate\Broadcasting\BroadcastServiceProvider::class,
        Illuminate\Bus\BusServiceProvider::class,
        Illuminate\Cache\CacheServiceProvider::class,
        Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
        Illuminate\Cookie\CookieServiceProvider::class,
        Illuminate\Database\DatabaseServiceProvider::class,
        Illuminate\Encryption\EncryptionServiceProvider::class,
        Illuminate\Filesystem\FilesystemServiceProvider::class,
        Illuminate\Foundation\Providers\FoundationServiceProvider::class,
        Illuminate\Hashing\HashServiceProvider::class,
        Illuminate\Mail\MailServiceProvider::class,
        Illuminate\Notifications\NotificationServiceProvider::class,
        Illuminate\Pagination\PaginationServiceProvider::class,
        Illuminate\Pipeline\PipelineServiceProvider::class,
        Illuminate\Queue\QueueServiceProvider::class,
        Illuminate\Redis\RedisServiceProvider::class,
        Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
        Illuminate\Session\SessionServiceProvider::class,
        Illuminate\Translation\TranslationServiceProvider::class,
        Illuminate\Validation\ValidationServiceProvider::class,
        Illuminate\View\ViewServiceProvider::class,

        /*
         * Package Service Providers...
         */

        /*
         * Application Service Providers...
         */
        App\Providers\AppServiceProvider::class,
        App\Providers\AuthServiceProvider::class,
        // App\Providers\BroadcastServiceProvider::class,
        App\Providers\EventServiceProvider::class,
        App\Providers\TelescopeServiceProvider::class,
        App\Providers\RouteServiceProvider::class,

        // Agregados por mí.
        crocodicstudio\crudbooster\CRUDBoosterServiceProvider::class,
        App\Providers\TelescopeServiceProvider::class,
    ],

TelescopeServiceProvider.php

protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return true;
            // return \CRUDBooster::isSuperadmin();
        });
    }

image

@ItsWendell
Copy link

ItsWendell commented Nov 9, 2018

Telescope here works perfectly local, we have a 'staging' environment where we setup Telescope now like this:

Telescope::filter(function (IncomingEntry $entry) {
			return true;
			return $entry->isReportableException() ||
				   $entry->isFailedJob() ||
				   $entry->isScheduledTask() ||
				   $entry->hasMonitoredTag();
		});
	}

	/**
	 * Register the Telescope gate.
	 *
	 * This gate determines who can access Telescope in non-local environments.
	 *
	 * @return void
	 */
	protected function gate()
	{
		Gate::define('viewTelescope', function ($user) {
			return ends_with($user->email, "@ourcompany.com");
		});
	}

Locally this works fine, the viewTelescope protection works fine too in staging. We can open Telescope but there are no entries in staging, EXCEPT when we change APP_ENV=local in the environment files of staging, but this work around is not desirable at all.

We need to distinguish our environments for monitoring errors and other relevant environment based information.

Any suggestions?

@andreshg112
Copy link

I just updated to Telescope 1.0 and the problem is still the same.

Gate::define('viewTelescope', function ($user) {
            return true;
            // return \CRUDBooster::isSuperadmin();
        });

@Braunson
Copy link

I'm having this issue as well now, as of 13 days ago. Requests aren't being logged (among other things) in a production environment anymore.

@paras-malhotra
Copy link
Contributor

Guys, we'd love to help but we aren't able to reproduce this.

So, here are some guidelines/checks:

  1. Do you see any error logs (backend logs or console frontend errors)?
  2. Do you have a Telescope::filter or Telescope::filterBatch call in your App\Providers\TelescopeServiceProvider? If yes, does it satisfy the filter condition? The default TelescopeServiceProvider stub allows all entries to be recorded in local environments but for production only allows reportable exceptions, failed jobs, scheduled tasks and monitored tag entries to be recorded.
  3. Did your authorization pass through? The default authorization method in the TelescopeServiceProvider stub always passes for local environments but does the gate check for production.
  4. Do you have auto discovery enabled in production? If not, did you add the Laravel\Telescope\TelescopeServiceProvider in your config/app.php?
  5. Did you add your App\Providers\TelescopeServiceProvider to your config/app.php?
  6. Is telescope enabled in production? Check the env variable TELESCOPE_ENABLED if set. Defaults to true if not set.

If all of these are okay but you're still facing issues, please share a Github repo with this reproducible issue.

@Braunson
Copy link

@paras-malhotra

  1. No errors
  2. Yes see below, but it's the same as the docs, also it records everything properly on local but not on production/development environment.
  3. Yes I can see Telescope on all environments properly
  4. Yes
  5. Yes
<?php

namespace App\Providers;

use Laravel\Spark\Spark;
use Laravel\Telescope\EntryType;
use Laravel\Telescope\Telescope;
use Illuminate\Support\Facades\Gate;
use Laravel\Telescope\IncomingEntry;
use Laravel\Telescope\Contracts\EntriesRepository;
use Laravel\Telescope\TelescopeApplicationServiceProvider;

class TelescopeServiceProvider extends TelescopeApplicationServiceProvider
{
    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        Telescope::night();

        Telescope::filter(function (IncomingEntry $entry) {
            // Are we local?
            if ($this->app->environment() == 'local') {
                return true;
            }

            return $entry->isReportableException() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();
        });
    }

    /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return Spark::developer($user->email);
        });
    }
}

@paras-malhotra
Copy link
Contributor

@Braunson number 2 seems to be your issue. Your filter is setup to only record reportable exceptions, failed jobs, scheduled tasks or monitored tags in production but will record everything in local. If you remove the Telescope::filter callback, everything should be recorded.

@Braunson
Copy link

@paras-malhotra Ah ok, It was weird because this previous to v0.1.8/1.0 everything recorded regardless of environment. Must have been a code change

@andreshg112
Copy link

@paras-malhotra

  1. I can't see any error in the logs. In addition, I use Sentry and no error is reported.
    image

  2. Telescope is recording events even in production.
    image

  3. Which authorization method? This is my code:

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Laravel\Telescope\IncomingEntry;
use Laravel\Telescope\Telescope;
use Laravel\Telescope\TelescopeApplicationServiceProvider;

class TelescopeServiceProvider extends TelescopeApplicationServiceProvider
{
    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        // Telescope::night();

        Telescope::filter(function (IncomingEntry $entry) {
            if ($this->app->environment('local')) {
                return true;
            }

            return $entry->isReportableException() ||
                $entry->isFailedJob() ||
                $entry->isScheduledTask() ||
                $entry->hasMonitoredTag();
        });
    }

    /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return true;
            // return \CRUDBooster::isSuperadmin();
        });
    }
}
  1. I haved added to app.php. Look at the comment above Could not get it to work for non-local environment #76 (comment)

  2. If I don't have to manually add packages to app.php, so I think It's enabled. However, I manually added to it.

'providers' => [

        /*
     * Laravel Framework Service Providers...
     */
        Illuminate\Auth\AuthServiceProvider::class,
        Illuminate\Broadcasting\BroadcastServiceProvider::class,
        Illuminate\Bus\BusServiceProvider::class,
        Illuminate\Cache\CacheServiceProvider::class,
        Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
        Illuminate\Cookie\CookieServiceProvider::class,
        Illuminate\Database\DatabaseServiceProvider::class,
        Illuminate\Encryption\EncryptionServiceProvider::class,
        Illuminate\Filesystem\FilesystemServiceProvider::class,
        Illuminate\Foundation\Providers\FoundationServiceProvider::class,
        Illuminate\Hashing\HashServiceProvider::class,
        Illuminate\Mail\MailServiceProvider::class,
        Illuminate\Notifications\NotificationServiceProvider::class,
        Illuminate\Pagination\PaginationServiceProvider::class,
        Illuminate\Pipeline\PipelineServiceProvider::class,
        Illuminate\Queue\QueueServiceProvider::class,
        Illuminate\Redis\RedisServiceProvider::class,
        Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
        Illuminate\Session\SessionServiceProvider::class,
        Illuminate\Translation\TranslationServiceProvider::class,
        Illuminate\Validation\ValidationServiceProvider::class,
        Illuminate\View\ViewServiceProvider::class,

        /*
         * Package Service Providers...
         */

        /*
         * Application Service Providers...
         */
        App\Providers\AppServiceProvider::class,
        App\Providers\AuthServiceProvider::class,
        // App\Providers\BroadcastServiceProvider::class,
        App\Providers\EventServiceProvider::class,
        App\Providers\TelescopeServiceProvider::class,
        App\Providers\RouteServiceProvider::class,

        // Agregados por mí.
        crocodicstudio\crudbooster\CRUDBoosterServiceProvider::class,
        \Laravel\Telescope\TelescopeServiceProvider::class,
        App\Providers\TelescopeServiceProvider::class,
    ],
  1. Yes, It is.
    image

@andreshg112
Copy link

If I change APP_ENV to local in the server, It shows the dashboard.

This was referenced Nov 18, 2018
@EdwinDayot
Copy link

Changed the Authorize middleware by my own as following:

class Authorize
{

    /**
     * @param $request
     * @param $next
     * @return mixed
     */
    public function handle($request, $next)
    {
        return $next($request);
    }
}

It fixed the 403 Forbidden on a production server.
Used with the removal of the Telescope::filter, it fixed the whole thing for me.

@andreshg112
Copy link

@EdwinDayot, if you do that, there's no security because It doesn't check for the user.

@sijones-uk
Copy link

If you've been following the instructions in the section "Installing Only In Specific Environments" you'll need to ensure that you update your AppServiceProvider accordingly, e.g.

public function register()
{
	if ($this->app->environment('local') || $this->app->environment('staging')) {
		$this->app->register(TelescopeServiceProvider::class);
	}
}

@andreshg112
Copy link

I'm trying this and I'm still getting 403.

public function register()
    {
        $this->app->register(TelescopeServiceProvider::class);
    }

image

@rikiless
Copy link

rikiless commented Dec 3, 2018

Is it possible to remove selected incoming entries from Telescope::filter() as used in default file of TelescopeServiceProvider?

Telescope::filter(function (IncomingEntry $entry) {
        return $entry->isReportableException() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();

        // Allow more entries here. Redis, Mail, Events...
});

I would like to track error exceptions, dispatched events or sent mails for example.

thanks

@biniyam17
Copy link

biniyam17 commented Dec 7, 2018

Hi, is there a reason why Telescope does not register any of my browser actions? Dump, requests, sql queries, etc... do not show up on my telescope application. I've also checked my telescope entries table and there are no rows being created for my browser's actions.

@glendmaatita
Copy link

in my side, i found the problem was on its Authorization mechanism. so, we can replace it with our own auth mechanisme. now, mine is:

in config/telescope.php

    'middleware' => [
        'web',
        // Authorize::class,
        'admin'
    ],

@squatto
Copy link

squatto commented Jan 22, 2019

The problem appears to be the following method in TelescopeApplicationServiceProvider:

    /**
     * Configure the Telescope authorization services.
     *
     * @return void
     */
    protected function authorization()
    {
        $this->gate();

        Telescope::auth(function ($request) {
            return app()->environment('local') ||
                   Gate::check('viewTelescope', [$request->user()]);
        });
    }

I overrode this method in my TelescopeServiceProvider and defined my own auth closure:

    /**
     * Configure the Telescope authorization services.
     *
     * @return void
     */
    protected function authorization()
    {
        $this->gate();

        Telescope::auth(function ($request) {
            return app()->environment(['local', 'staging']) ||
                   Gate::check('viewTelescope', [$request->user()]);
        });
    }

This allowed me to access telescope in my staging environment. I tried changing my gate() override and it didn't appear to work. This was the only way that I could reliably get it to work.

@Punksolid
Copy link

As @glendmaatita says I did a middleware exclusively for telescope
// telescope.php

    'middleware' => [
        'web',
        TelescopeMiddleware::class,
        // Authorize::class,
    ],

php artisan make:middleware TelescopeMiddleware

class TelescopeMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        
        if(auth()->check() && auth()->user()->email == "punksolid@gmail.com"){

            return $next($request);
        }
        abort(403);
    }
}

@neanderthil
Copy link

neanderthil commented May 15, 2019

Literally tried everything in this thread and nothing worked other than modifying TelescopeServiceProvider closure. The Gate:: facade call ALWAYS returned false no matter the logic defined in the Provider. I ended up removing it entirely and adding in my own function call for IP whitelisting. Works!

Telescope::auth(function ($request) { return app()->environment('local') || Helper::isAllowedIp($request->ip()); });

@hmshafeeq
Copy link

hmshafeeq commented Jul 14, 2019

Changing telescope authorization middleware with laravel's authentication middleware worked for me. It's just a workaround.

'middleware' => [
        'web',
       // Authorize::class,
        \App\Http\Middleware\Authenticate::class,
 ],

@ElderCastroLima
Copy link

in my side, i found the problem was on its Authorization mechanism. so, we can replace it with our own auth mechanisme. now, mine is:

in config/telescope.php

    'middleware' => [
        'web',
        // Authorize::class,
        'admin'
    ],

Thanks, i just comment 'Authorize::class'

@ruannawe
Copy link

None of the above answers solved my problem.
Screenshot from 2019-08-20 16-50-13

@Dolaned
Copy link

Dolaned commented Sep 4, 2019

@RuanHerculano that error is caused because your assets are not being served over https we use this in production
if (App::environment('production')) { // The environment is production URL::forceScheme('https');}

@hwbrzzl
Copy link

hwbrzzl commented Mar 8, 2020

Telescope's gate can run right when Auth::user() had value.
So,if you didn't login,you could not view telescope in production.
You can rewrite Authorize::class, like return config('telescope.enabled') ? $next($request) : abort(403);.

@mohitpawar10
Copy link

mohitpawar10 commented Jul 10, 2020

This issue is due to an empty or non logged user. Laravel gate receives user as the first argument if it's empty it doesn't care about internal code. If you want to use it without gate just remove gate function from TelescopeServiceProvider class and override authorization function. See the example below.

protected function authorization()
{
    $this->gate();

    Telescope::auth(function ($request) {
        return app()->environment('local') ||
               in_array($request->ip(), config('allowed_ip_addresses.telescope'));
    });
}

I removed the gate define as well as gate check, so the issue is resolved.

@FayKn
Copy link

FayKn commented Feb 27, 2023

In config/telescope.php you can configure your own authentication with a middleware if you want to build your own thing (if your company has it's own CMS for example) or just want to only let through whitelisted ip's

@drobinetm
Copy link

drobinetm commented Mar 14, 2023

Hello Team

With these steps you resolve the issue:

  1. Create a middleware class that inherits from Authenticate and in the handler function write:
 public function handle($request, Closure $next, ...$guards): mixed
  {
        if (app()->environment('local')) {
            return $next($request);
        }

        if (app()->environment('production') && !$request->expectsJson()) {
           parent::handle($request, $next, ...$guards);
        }

        return abort(403);
  }
  1. Add the middleware class in the config/telescope.php
  'middleware' => [
        'web',
        AuthorizeTelescope::class,
    ],

@MladenJanjetovic
Copy link

MladenJanjetovic commented Aug 16, 2023

Fresh install of latest Laravel and Telescope and this is still not working on non-local environments.
Latest documentation followed and nothing was customized.

Simple returning the TRUE is not working in the TelescopeServiceProvider gate method:

    protected function gate(): void
    {
        Gate::define('viewTelescope', function ($user) {
            return true;
        });
    }

@xDaemonic
Copy link

xDaemonic commented Sep 13, 2023

I can solve it by rewrite authorization method

/**
     * Configure the Telescope authorization services.
     *
     * @return void
     */
    protected function authorization()
    {
        $this->gate();

        Telescope::auth(function ($request) {
            if ($request->get('_token')) {
                $user = PersonalAccessToken::findToken($request->get('_token'))->tokenable;
                return $user->name === 'admin';
            }

            return Gate::check('viewTelescope', [$request]);
        });
    }

@kingeke
Copy link

kingeke commented Dec 30, 2023

My issue was mostly that I wasn't logged in, when i logged in I could then access the user param and that worked as expected.

@saschaglo
Copy link

saschaglo commented Feb 16, 2024

Hi guys, to all of you who come across this problem - I have been struggling with this for hours now and finally found the "solution" (aka easier fix to this instead of creating a whole new middleware etc.).

The reason for this "issue" that we all had is because Laravel has some internal check whether this callback is supported for also work with guest-visitors (aka non-logged-in users). The default is (since it comes with the provider from telescope) that it does not support these guest users!

To make it work, you need to change the code a tiny bit from

protected function gate(): void
{
    Gate::define('viewTelescope', function ($user) {
        return in_array($user->email, [
            //
        ]);
    });
}

to this:

protected function gate(): void
{
    Gate::define('viewTelescope', function ($user = null) {
        return in_array($user->email, [
            //
        ]);
    });
}

The only change is that you have to add the default value null here to the parameter $user in the callback-function. With this you change the evaluation for whether this gate is suitable to be taken into account or not. The check is part of the Auth modules and the method that does this magic is canBeCalledWithUser, if you need further insides.

The only thing you have to aware of is that the user object then is always null but you can still do things like:

protected function gate(): void
{
    Gate::define('viewTelescope', function ($user = null) {
        return in_array(request()->ip(), ['123.123.123.123', ...]);
    });
}

@trioangle27
Copy link

trioangle27 commented Mar 20, 2024

laravel telescope is not working in my domain ip address.but all configuration is correctly.why ? i am using domain ip .
like example :http://44.193.10.70/telescope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests