sudo-su breaks application when it doesn't like your hostname

[adiachenko]

Hey, great package. I have tried it today and I feel like there are few issues that need to be addressed.

Firstly, sudo-su should fail more gracefully. More specifically, I think lines like this don't make any sense.

For example, if you install sudo-su and don't add your virtual host to the list of allowed_tlds, you will get this Exception:

ErrorException in FileViewFinder.php line 112:
No hint path defined for [sudosu]. (View: /opt/project/resources/views/layouts/app.blade.php) (View: /opt/project/resources/views/layouts/app.blade.php)

When it would be much better if only sudo-su didn't work (silently failed).

On a side note:

• it would be great (and I strongly suggest this) if I could publish user-selector view
• there are only 60 lines of css in the package so for now it may be better to just have inline style tag in a partial instead of publishing /public/sudo-su/css/app.css
• why not add localhost to the list of allowed tlds?

[mrterryh]

Thank so much for the feedback -- greatly appreciated! I'll address each of your points here:

When it would be much better if only sudo-su didn't work (silently failed).

AFAIK, there isn't a way to do this. If the user renders a partial that doesn't exist, Laravel will throw an error and there isn't a way for the package to handle/catch that? Or did you have something else in mind?

it would be great (and I strongly suggest this) if I could publish user-selector view

Good idea, I'll add this to my to-do list.

there are only 60 lines of css in the package so for now it may be better to just have inline style

tag in a partial instead of publishing /public/sudo-su/css/app.css
Good idea -- alternatively I could minify the CSS?

why not add localhost to the list of allowed tlds?

Do people use that as a TLD? As in, http://laravel.localhost? If yes, I'll certainly add that in. Although I plan on reworking how that TLD stuff works.

[DarkCobalt]

When you publish package check in config path to User Model. I have smillar problem when try use.

[mrterryh]

@DarkCobalt I don't think that's the problem here -- OP is getting an issue when rendering the view.

[adiachenko]

Do people use that as a TLD? As in, http://laravel.localhost? If yes, I'll certainly add that in. Although I plan on reworking how that TLD stuff works.

I meant http://localhost. It works as tld but isn't added to defaults. For example, this is quite popular among docker users when they're on initial stages of developing a project and don't yet feel like they in need of nginx-proxy service that adds virtual hosts support.

AFAIK, there isn't a way to do this. If the user renders a partial that doesn't exist, Laravel will throw an error and there isn't a way for the package to handle/catch that? Or did you have something else in mind?

There is, just don't handle this logic in the package. Users should decide themselves whether to load the view based on the values of APP_ENV, APP_DEBUG or whatever.

I understand that this was done with good intentions in mind (to maybe lessen the security risk), but because of the way this was implemented sudo-su unilaterally decides to not register the view based on the value of allowed_tlds which leads to exceptions on application level. With sudo-su being local helper package (meaning it isn't essential for application to function properly), it shouldn't be the case.

If you feel like some values in user-selector partial pose a security risk, it would be better to render them conditionally, rather than denying in registering a view altogether.