I want to make a ReST infrastructure with a Symfony server (using FOSRestBundle).
there is
a Contact entity, (id, name, email)
a AddType form to add a new contact
On the client side, I have a form which sends a POST request whose body is
{"the_name_of_my contact_form":{"name":"foo", "email": "foo#example.org"}}
My controller (which extends FOSRestController) can see the data in the request
$request->request->get($form->getName()) returns {"name":"foo", "email": "foo#example.org"}
But whether I use $form->handleRequest($request) or $form->submit($data)
$form->isValid() is always false
I hope this is clear enough... can anyone help?
This problem is related to the CRSF validation. You have to disable it for the user requesting the service. You can disable it in you config.yml. You'll have to set something like this:
fos_rest:
disable_csrf_role: ROLE_API
Just make sure that the user requesting your service has this role. You can read more about user roles here.
Also, you'll have to submit you form, not handle it. Here is an snippet of it:
$form = $this->createForm(ProjectType::class, $project);
$form->submit($request->request->all());
if ($form->isValid()) {
Related
I'm following REST standard where you use a POST action to create a resource and GET to show data.
That includes using GET to show a creation form and POST to handle the actual creation of the resource (AKA, saving to database).
In the case the POST request fails (lets say, a duplicate email address), a 302 is returned as a response, redirecting the user back to the form (kind of as a GET /resource/create with 302).
How do I persist the data sent from POST after the redirection in ZF2?
Or, maybe ZF2 doesn't support this/we're not supposed to do a 302 redirection?
I just think you want to pass data back to form. And display data on each fields. Usually, for failed request you don't need make redirection. Just display the form and data. Just use redirect when the process success (saving to database).
$form = new Form(); // your form
$request = $this->getRequest();
if ($request->isPost()) {
$form->setData($request->getPost());
if ($form->isValid()) {
// saving data here then redirect
$this->redirect()->toRoute('route', array('action' => 'name'), array('param => 1'));
}
}
return array('form' => $form);
Is there a way I can get some parameters from headers, say cookie (in my case logged in userId), and then apply it to a form so I know who is submitting the ticket?
SupportForm
supportForm:Form[SupportTicket] = Form(mapping(
"question" -> text,
"Priority" -> text
)(SupportTicket.Apply)(SupportTicket.Unapply)
What are the good practises here?
Is request present as an implicit when the call to Apply is made so that I can use it (and is this even a good practise?)
EDIT: One of the issues, ofcourse is someone spoofing if I were to create a hidden field with this value. I could encrypt, but the issue again is to somehow verify and return the form, not sure how this can be done....
I have a few questions that I couldn't find answers anywhere online.
Does sails.js framework support HTTP PATCH method? If not - does anyone know if there is a planned feature in the future?
By default if I create method in a controller it is accessible with GET request is it the routes.js file where I need to specify that method is accessible only via POST or other type of methods?
How would you create a policy that would allow to change protected fields on entity only for specific rights having users. I.e: user that created entity can change "name", "description" fields but would not be able to change "comments" array unless user is ADMIN?
How would you add a custom header to "find" method which specifies how many items there are in database? I.e.: I have /api/posts/ and I do query for finding specific items {skip: 20; limit: 20} I would like to get response with those items and total count of items that would match query without SKIP and LIMIT modifiers. One thing that comes to my mind is that a policy that adds that that custom header would be a good choice but maybe there is a better one.
Is there any way to write a middle-ware that would be executed just before sending response to the client. I.e.: I just want to filter output JSON not to containt some values or add my own without touching the controller method.
Thank you in advance
I can help with 2 and 5. In my own experience, here is what I have done:
2) I usually just check req.method in the controller. If it's not a method I want to support, I respond with a 404 page. For example:
module.exports = {
myAction: function(req, res){
if (req.method != 'POST')
return res.notFound();
// Desired controller action logic here
}
}
5) I create services in api/services when I want to do this. You define functions in a service that accept callbacks as arguments so that you can then send your response from the controller after the service function finishes executing. You can access any service by the name of the file. For example, if I had MyService.js in api/services, and I needed it to work with the request body, I would add a function to it like this:
exports.myServiceFunction = function(requestBody, callback){
// Work with the request body and data access here to create
// data to give back to the controller
callback(data);
};
Then, I can use this service from the controller like so:
module.exports = {
myAction: function(req, res){
MyService.myServiceFunction(req.body, function(data){
res.json(data);
});
}
}
In your case, the data that the service sends back to the controller through the callback would be the filtered JSON.
I'm sorry I can't answer your other questions, but I hope this helps a bit. I'm still new to Sails.js and am constantly learning new things, so others might have better suggestions. Still, I hope I have answered two of your questions.
I am working on a website, which already has a working registration form, using the ZfcUser module.
However,
I need to also be able to create a user via the admin page i've created.
Step by step it goes something like this:
Admin adds user by filling in first name, last name and email.
email gets sent to user.
user clicks validation link and gets redirected to website.
now the user only has to enter his desired password and he is done.
How would i be able to do this, if at all possible?
first of all, im not sure what would be the best aproach, but a few come to my mind.
I think the easier would be to load the register form in your admin, remember you can load it from any controller with the service manager, something like
$form = $sm->get('zfcuser_register_form');
and then you can work with it as you would do with any form, sending it to the view, and so.
You would have the full register form, with all the fields you have set as required in your zfcuser.global.php, including the password. I think it is good to set a temp password, and have the user change it later. also you could have its status as unconfirmed until the first password change.
If you dont want an specific field, you can take it out as you would with any form, by means of
$form->remove('element_name');
You would want to check the element names at ZfcUser\Form\Register
Also, remember that if you remove any field, you would have to modify the input filter, otherwise the validation will fail. For this, in your module's bootstrap, you should attach an event listener, something like this:
$em = $e->getApplication ()->getEventManager ();
$em->attach ( 'ZfcUser\Form\RegisterFilter', 'init', function ($e) {
$filter = $e->getTarget ();
//now modify the inputfilter as you need
});
Then, you will have to send the mail to the user. For that i will also use the event manager, at your bootstrap you register a listener for when the user is created, this is by means of
$sm = $e->getApplication ()->getServiceManager ();
$zfcServiceEvents = $sm->get ( 'zfcuser_user_service' )->getEventManager ();
$zfcServiceEvents->attach ( 'register.post', function ($e) {
$form = $e->getParam ( 'form' );
$user = $e->getParam ( 'user' );
//now you have all the info from the form and the already created user, so you can send the mail and whatever you need.
The last step, is to let the user change his password. To do this, i will send him to a module where you show the change password form, that you can retrieve with:
$sm->get('zfcuser_change_password_form');
or directly, sending him to the /user/change-password url that is one of the predefined with zfc-user.
I think this will be the cleanest way.
Another approach
If you dont like it that way, you can use another approach where you create your own form, fill it, save the data to a temp table, send the mail and then...when the user comes to set his password, you build a register form, with the fields pre-filled (and hidden, changing the input type to hidden, or by css) and let him send the form, so while he thinks he is sending just the password, actually he is sending all the registration form, and from here everything is like in normal registration.
For this solution you will also have to use the events, but probably you'd have to take a look at the register event,that is triggered when the form is sent, before the user is saved in the database, so you can modify any data you could need.
$zfcServiceEvents->attach ( 'register', function ($e) {
$form = $e->getParam ( 'form' );
And also you should take a look to the already mentioned init event, where you can retrieve the form before you show it to the user, and prefill any data from the temp table.
$events->attach ( 'ZfcUser\Form\Register', 'init', function ($e) {
$form = $e->getTarget ();
//now you set form element values from the temp table
Probably this is so confusing, but i hope you at least get a clue of where start from!
I am a newbie to Zend and creating a simple signup form but which has many fields. So I want to create a confirm page after the user signup action.
this is how my flow goes:
signup -> confirm ->success/error
My main reason for having a separate confirm form page is the data fields are so many so the user must go through to make sure they are all correctly filled.
using forms signup and confirm (with field disabled), I want to know if there is a way to pass the data from the signup form to confirm form?
Please any helpful ideas and suggestions welcomed
;)
public function signupAction()
{
$users = new Application_Model_Users();
$form = new Application_Form_RegistrationForm();
$this->view->form=$form;
if($this->getRequest()->isPost()){
if($form->isValid($_POST)){
$data = $form->getValues();
//some checks before sending data to confirm page
//not sure how the data can be passed to the confirm page from here
$this->_redirect('auth/confirmsignup');
}
}
}
public function confirmsignupAction()
{
$users = new Application_Model_Users();
$form = new Application_Form_ConfirmRegistrationForm();
$this->view->form=$form;
if($this->getRequest()->isPost()){
if($form->isValid($_POST)){
$data = $form->getValues();
//some checks before
unset($data['confirmPassword']);
$users->insert($data);
$this->_redirect('auth/login');
}
}
}
When redirecting, you will lose the POST data, unless:
You store it in session in signup and then read in confirmsignup
You don't redirect at all. Instead, after first submit check for existence of special data in your form, it may be a random token like hash of session id etc., but not easily guessable like "confirm=1". If the token does not exist, add a hidden field with this token to your form and show it to the user again in the same action, with data filled in - this will be the confirmation phase. If you have a POST in signup again, you will receive the token and by checking it exists, you will know this is the second submit with confirmation and you may proceed with the signup. I hope I didn't overcomplicate this.