laravel/vonage-notification-channel

Since 2.2.0: Error: Please provide Nexmo API credentials

vladrusu opened this issue · 3 comments

vladrusu commented

Hello!
Since, 2.2.0, I receive the following error:

Please provide Nexmo API credentials. Possible combinations: api_key + api_secret, api_key + signature_secret, private_key + application_id, api_key + api_secret + private_key + application_id, api_key + signature_secret + private_key + application_id {"exception":"[object] (RuntimeException(code: 0): Please provide Nexmo API credentials.

I reverted back to 2.1 and all is ok. Using Laravel 5.8.

In config/services.php I have the Nexmo credentials:

    'nexmo' => [
        'key' => env('NEXMO_KEY', '<my key>'),
        'secret' => env('NEXMO_SECRET', '<my secret>'),
        'sms_from' => '<my phone>',
    ],
driesvints commented

@vladrusu you're not setting the credentials directly in your config file I hope? You should set them using the env variables.

vladrusu commented

Hi !

@vladrusu you're not setting the credentials directly in your config file I hope? You should set them using the env variables.

Yes I do. I set them on .env only on my dev machine. On the production server, if anyone has read access to the php config file, has also access to the .env file. If I am wrong from a security POV, please correct me.

Nevertheless, here is my code (nothing fancy):

App\Notifications\SMS.php

<?php

namespace App\Notifications;

use Illuminate\Notifications\Notification;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Bus\Queueable;
use Illuminate\Notifications\Messages\NexmoMessage;

class SMS extends Notification implements ShouldQueue
{
	use Queueable;

	public $content;

	public function __construct($content)
	{
		$this->content = $content;
	}

	public function via($user)
	{
		return ['nexmo'];
	}

	public function toNexmo($user)
	{
		return (new NexmoMessage)->content($this->content);
	}
}

In App\User.php

    public function routeNotificationForNexmo()
    {
        return $this->phone;
    }

I call the notification with:
$user->notify((new \App\Notifications\SMS('Example SMS text')));

driesvints commented

Yes I do. I set them on .env only on my dev machine. On the production server, if anyone has read access to the php config file, has also access to the .env file. If I am wrong from a security POV, please correct me.

I indeed think this is unwise as your config files usually get committed with your source code (which is shared with other developers maybe) and your env file resides on your (secure) server.

This probably happened because of this PR which removed the keys from the config but keeps BC with the naming of the environment variables: #22

So I suggest you switch to only using environment variables for this (or publish the nexmo config but I don't recommend doing that).