I create app with Silex. I'm using for user authentication the "SecurityServiceProvider". The users are stored in the database. My firewall configuration look like:
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
'security.firewalls' => array(
'secure_area_edison' => array(
'pattern' => '^/admin/',
'form' => array('login_path' => '/', 'check_path' => '/admin/login_check'),
'logout' => array('logout_path' => '/admin/logout', 'invalidate_session' => true),
'users' => function () use ($app) {
return new App\Services\UserProvider($app['db']);
},
),
)
));
Now i want to create a API for my app. The api will return JSON Responses. All functions from the API can be accessed through the uri "/api/".
I found some topics in case of JWT and try to include JWT in my App. But i'm not sure how can include JWT in my app or it's possible to combine the classic authentication with JWT in Silex?
Have someone a example or hint for me?
Related
Can somebody explain to me what are scopes in laravel/socialite and how can I define multiple redirect from services.php
I need one for sign up with facebook, and another for login with facebook
config/services.php
'facebook' => [
'client_id' => '***************',
'client_secret' => '****************',
'redirectForSignUp' => 'http://localhost:8000/register/facebook/callback',
'redirectForLogin' => 'http://localhost:8000/login/facebook/callback',
],
The solution to this is:
public function redirectToProvider($accountType, $provider)
{
return Socialite::driver($provider)
->with(['redirect_uri' => "http://localhost:8000/api/auth/{$accountType}/{$provider}/callback/"])
->redirect();
}
You could use this method to replace anything in the http request url (including scopes).
To override other things like scopes, simply:
->with([scopes => 'SCOPES HERE', redirect_url => ''])
->redirect();
Open your .env file and set following value in it bottom
FACEBOOK_CLIENT_ID=xxxxxxxxx
FACEBOOK_CLIENT_SECRET=xxxxxxx
CALLBACK_URL=http://localhost:8000/auth/facebook/callback
Then after opwn config/services.php file and set following value
'facebook' => [
'client_id' => env('FACEBOOK_CLIENT_ID'),
'client_secret' => env('FACEBOOK_CLIENT_SECRET'),
'redirect' => env('CALLBACK_URL'),
],
Visit thiss link for full laravel/socialite configuration in laravel application
http://laravelcode.com/post/laravel54-login-with-facebook-in-laravel
I've developing a REST service on Yii2 and Angular 2 client. Using Bearer JWT authentication.
For example there is a uri: http://127.0.0.1/v1/accounts/123456/meters, which should return all user's meters by account, which he own.
Applied router rule:
'<accountId:\w+>/<action:[\w-]+>' => '<action>',
Controllers has following behaviors:
'authenticator' => [
'class' => HttpBearerAuth::className(),
'except' => ['options']
],
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => ['meters'],
'roles' => ['#'],
]
]
]
Action AccountController::actionMeters looks:
public function actionMeters($accountId)
{
// Call MS SQL procedure
$meters = Yii::$app->db->createCommand("EXEC [getMetersByAccountId] :accountId")->bindValue(':accountId', $accountId)->queryAll()
return $meters;
}
But in this way authenticated user can get (if modify GET accountId parameter) meters, which belongs to another user.
I have a user_account table in database, which link users and accounts, but I don't know in which place of application should I perform a checking properly.
How to make a check if authenticated user has an access to this resource by specified accountId parameter?
Thank you.
I've found solution to determine matchCallback in access rule. Now it's look:
[
'allow' => true,
'actions' => ['meters'],
'roles' => ['#'],
'matchCallback' => function() {
return Yii::$app->user->identity->user->hasAccount(Yii::$app->request->get('accountId'));
}
],
And define hasAccount method in User model:
public function hasAccount($accountId) {
return $this->hasOne(UserAccount::className(), ['user_id' => 'id'])->where(['account_id' => $accountId])->exists();
}
It's work correct. Is it a proper solution?
Yii2 Restful API
In the above link they mention for GET Search method , Please anyone tell me for like POST create and PUT Update ...
In main.config under rules i created like,
['class' => 'yii\rest\UrlRule', 'controller' => 'v1/lkup-access-profile','extraPatterns' => ['POST create' => 'create']],
But its comes error as Method Not Allowed. This url can only handle the following request methods: POST.
yii\rest\UrlRule will create default REST URLs and actions. There's no need to add 'extraPatterns' => ['POST create' => 'create']. It's already built in. Check out the docs http://www.yiiframework.com/doc-2.0/yii-rest-urlrule.html
Use extraPatterns to extend default routes for controller. For example
['class' => 'yii\rest\UrlRule', 'controller' => 'v1/invite',
'extraPatterns' => [
'PUT {id}/accept' => 'accept',
'PUT {id}/reject' => 'reject',
],
],
I am working on a site in which user can enter two email address(primary and secondary) along with password.
If user enters his primary email and password, he gets logged in successfully.
But, what I am trying to provide is if user enters his secondary email instead of primary, even then he gets logged in. And the problem I am getting is how to create an alternate Doctrine Auth Adapter or something like that.
this is what I have done in my module.config.php:
'doctrine' => array(
'driver' => array(
__NAMESPACE__ . '_driver' => array(
'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
'cache' => 'array',
'paths' => array(__DIR__ . '/../src/' . __NAMESPACE__ . '/Entity')
),
'orm_default' => array(
'drivers' => array(
__NAMESPACE__ . '\Entity' => __NAMESPACE__ . '_driver'
)
)
),
'authentication' => array(
'orm_default' => array(
'object_manager' => 'Doctrine\ORM\EntityManager',
'identity_class' => 'User\Entity\LoginDetails',
'identity_property' => 'primary_email',
'credential_property' => 'password',
),
),
)
Is there any option to add an identity property which will be alternative ?
I am using Zend framework 2 and Doctrine 2
Is there any option to add an identity property which will be alternative ?
No, there is no such option built-in to DoctrineModule.
Consider extending DoctrineModule\Authentication\Adapter\ObjectRepository to override the authenticate() method.
Then, at minimum, you'll want to replace the default adapter with your new more different one. If you look at the various factories in DoctrineModule, you should be off to a good start.
Basically, one of your modules will want to override the doctrine.authenticationadapter.[orm|odm]_default configuration key in the ServiceManager. That will cause DoctrineModule to inject your extended ObjectRepository into the AuthenticationService in place of you the default one.
I am trying to use Catalyst::Authentication::Credential::OpenID to authenticate users from Google.
Once authentication is successful, I get a Catalyst::Plugin::Authentication::User::Hash object as my user.
If users are logging in for the first time in my application, I want to get details of user from OpenID provider and store them in my DB.
This is to ease the process of registration, I want as much details from OpenID as possible.
But at least first name, last name, email etc..
But I am not able to achieve it. As an example, if I call, I get exception saying method *url,display * are not defined.
$c->user->url
$c->user->display
Any help in sorting it out is helpful.
After reading the Catalyst manual a number of times and getting some clue from Catalyst mailing lists, I came to know that we have to use extensions.
Because we will be using a number of different realms, I used progressive class.
Here is sample configuration used in my app, currently supporting only openID.
This uses Simple Registration Schema for OpenID Attribute Exchange defined at
http://www.axschema.org/types/
'Plugin::Authentication' => {
default_realm => 'progressive',
realms => {
progressive => {
class => 'Progressive',
realms => [ 'openid' ],
},
openid => {
credential => {
class => "OpenID",
store => {
class => "OpenID",
},
consumer_secret => "Don't bother setting",
ua_class => "LWP::UserAgent",
# whitelist is only relevant for LWPx::ParanoidAgent
ua_args => {
whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
},
extensions => [
'http://openid.net/srv/ax/1.0' => {
mode => 'fetch_request',
'type.nickname' => 'http://axschema.org/namePerson/friendly',
'type.email' => 'http://axschema.org/contact/email',
'type.fullname' => 'http://axschema.org/namePerson',
'type.firstname' => 'http://axschema.org/namePerson/first',
'type.lastname' => 'http://axschema.org/namePerson/last',
'type.dob' => 'http://axschema.org/birthDate',
'type.gender' => 'http://axschema.org/person/gender',
'type.country' => 'http://axschema.org/contact/country/home',
'type.language' => 'http://axschema.org/pref/language',
'type.timezone' => 'http://axschema.org/pref/timezone',
required => 'nickname,fullname,email,firstname,lastname,dob,gender,country',
if_available => 'dob,gender,language,timezone',
}
],
},
}
}
},