Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Since 2.2.0: Error: Please provide Nexmo API credentials #25

Closed
vladrusu opened this issue Oct 10, 2019 · 3 comments
Closed

Since 2.2.0: Error: Please provide Nexmo API credentials #25

vladrusu opened this issue Oct 10, 2019 · 3 comments
Labels
needs more info

Comments

@vladrusu
Copy link

vladrusu commented Oct 10, 2019
edited
Loading

Hello!
Since, 2.2.0, I receive the following error:

Please provide Nexmo API credentials. Possible combinations: api_key + api_secret, api_key + signature_secret, private_key + application_id, api_key + api_secret + private_key + application_id, api_key + signature_secret + private_key + application_id {"exception":"[object] (RuntimeException(code: 0): Please provide Nexmo API credentials.

I reverted back to 2.1 and all is ok. Using Laravel 5.8.

In config/services.php I have the Nexmo credentials:

    'nexmo' => [
        'key' => env('NEXMO_KEY', '<my key>'),
        'secret' => env('NEXMO_SECRET', '<my secret>'),
        'sms_from' => '<my phone>',
    ],
@driesvints
Copy link
Member

@vladrusu you're not setting the credentials directly in your config file I hope? You should set them using the env variables.

@vladrusu
Copy link
Author

vladrusu commented Oct 10, 2019
edited
Loading

Hi !

@vladrusu you're not setting the credentials directly in your config file I hope? You should set them using the env variables.

Yes I do. I set them on .env only on my dev machine. On the production server, if anyone has read access to the php config file, has also access to the .env file. If I am wrong from a security POV, please correct me.

Nevertheless, here is my code (nothing fancy):

App\Notifications\SMS.php

<?php

namespace App\Notifications;

use Illuminate\Notifications\Notification;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Bus\Queueable;
use Illuminate\Notifications\Messages\NexmoMessage;

class SMS extends Notification implements ShouldQueue
{
	use Queueable;

	public $content;

	public function __construct($content)
	{
		$this->content = $content;
	}

	public function via($user)
	{
		return ['nexmo'];
	}

	public function toNexmo($user)
	{
		return (new NexmoMessage)->content($this->content);
	}
}

In App\User.php

    public function routeNotificationForNexmo()
    {
        return $this->phone;
    }

I call the notification with:
$user->notify((new \App\Notifications\SMS('Example SMS text')));

@driesvints
Copy link
Member

Yes I do. I set them on .env only on my dev machine. On the production server, if anyone has read access to the php config file, has also access to the .env file. If I am wrong from a security POV, please correct me.

I indeed think this is unwise as your config files usually get committed with your source code (which is shared with other developers maybe) and your env file resides on your (secure) server.

This probably happened because of this PR which removed the keys from the config but keeps BC with the naming of the environment variables: #22

So I suggest you switch to only using environment variables for this (or publish the nexmo config but I don't recommend doing that).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs more info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@driesvints @vladrusu