I have just uploaded my app into a shared hosting environment and it does not seem to be working properly.
I have 2 plugins registered. One checks for session timeout and the other check for session is created after logged in.
the pproblem is that after the second plugin(security.php) kicks in it suppose to redirect the user to the login screen because session has not been created yet. Upon redirection the page displays :The page isn't redirecting properly.
I am not sure what is happenning since everything works fine locally.Below are my two files i mentioned here.
Security.php(here you can see that i have tried couple options, but nothing worked).
class Plugins_security extends Zend_Controller_Plugin_Abstract
{
public function preDispatch (Zend_Controller_Request_Abstract $request)
{
$auth = Zend_Auth::getInstance();
$moduleName = $request->getModuleName();
//$vc = new Zend_Application_Resource_View();
if ($request->getModuleName() != "auth")
{
$auth = Zend_Auth::getInstance();
if (! $auth->hasIdentity())
{
//$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper(
//'redirector');
$flashMessenger = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger');
$flashMessenger->addMessage(array('message' => 'Sua sessão expirou. Favor logar novamente', 'status' => 'info'));
//$this->_redirect('/auth/login/',array(‘code’ => 301));
$r = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$r->gotoSimple("index", "login", "auth");
//header('Location: /auth/login/');
//return;
}
}
}
}
timeout.php
class Plugins_timeout extends Zend_Controller_Plugin_Abstract
{
protected $_auth = null;
protected $_acl = null;
protected $_flashMessenger = null;
protected static $_ZEND_SESSION_NAMESPACE_EXPIRATION_SECONDS= 900;
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
Zend_Session::start();
$moduleName = parent::getRequest()->getModuleName();
if($moduleName !='auth'){
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > self::$_ZEND_SESSION_NAMESPACE_EXPIRATION_SECONDS)) {
// last request was more than 30 minates ago
session_destroy(); // destroy session data in storage
session_unset(); // unset $_SESSION variable for the runtime
$front = Zend_Controller_Front::getInstance();
$_baseUrl=$front->getBaseUrl();
Zend_Debug::dump(time() - $_SESSION['LAST_ACTIVITY']);
header("Location:$_baseUrl/auth/login/index/timeout/1" );
}else{
$_SESSION['LAST_ACTIVITY']= time();
}
}
}
}
Any help is appreciated. I need to deploy this app ASAP.
thank you.
I think you want:
$r = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$r->gotoSimpleAndExit("index", "login", "auth"); // Note the 'AndExit' suffix.
$r->gotoXXX() just sets the correct header and codes in the $response object, but allows the rest of the dispatch to continue. In contrast, the AndExit part immediately sends the response to the client and exits.
[Not clear why AndExit would not be required in your local environment, though...]
Related
I'm using Zend Framework 2 with ZfcUser, BjyAuthorize and Doctrine for the database. Registration etc. works very well so far. My problem is, that registered users have no role assigned, so i want to add the role "user" to the user during registration.
I think i could attach this to the "register" event, but i don't know how to do that.
I hope someone can help me ...
(i used this tutorial for setting up zfcuser etc. http://samminds.com/2013/03/zfcuser-bjyauthorize-and-doctrine-working-together/)
public function onBootstrap(MvcEvent $e)
{
$zfcServiceEvents = $e->getApplication()->getServiceManager()->get('zfcuser_user_service')->getEventManager();
$zfcServiceEvents->attach('register', function($e) {
$user = $e->getParam('user');
// probably the role must be added here, with $user->addRole();
// but how do i get the user Role Entity to add from DB?
});
Building on DangelZM's answer, and using another reference (see link at end of my post) about the Event Manager, I came up with this solution which organizes the potential ZfcUser event listeners out into a user listener object.
Note: I created my own user module called NvUser, so depending on the name of your module you'll have to replace all references of NvUser to your user module name.
Summary
I created an NvUserListener object that can itself attach event listeners to the shared event manager, and house the event listener callbacks.
Inside NvUser/Module.php:
<?php
namespace NvUser;
use Zend\Mvc\MvcEvent;
use NvUser\Listener\NvUserListener;
class Module
{
public function onBootstrap(MvcEvent $mvcEvent)
{
$em = $mvcEvent->getApplication()->getEventManager();
$em->attach(new NvUserListener());
}
}
Inside NvUser/src/NvUser/Listener/NvUserListener.php:
<?php
namespace NvUser\Listener;
use Zend\EventManager\AbstractListenerAggregate;
use Zend\EventManager\EventManagerInterface;
use Zend\EventManager\Event;
class NvUserListener extends AbstractListenerAggregate
{
public function attach(EventManagerInterface $events)
{
$sharedManager = $events->getSharedManager();
$this->listeners[] = $sharedManager->attach('ZfcUser\Service\User', 'register', array($this, 'onRegister'));
$this->listeners[] = $sharedManager->attach('ZfcUser\Service\User', 'register.post', array($this, 'onRegisterPost'));
}
public function onRegister(Event $e)
{
$sm = $e->getTarget()->getServiceManager();
$em = $sm->get('doctrine.entitymanager.orm_default');
$user = $e->getParam('user');
$config = $sm->get('config');
$criteria = array('roleId' => $config['zfcuser']['new_user_default_role']);
$defaultUserRole = $em->getRepository('NvUser\Entity\Role')->findOneBy($criteria);
if ($defaultUserRole !== null)
{
$user->addRole($defaultUserRole);
}
}
public function onRegisterPost(Event $e)
{
$user = $e->getParam('user');
$form = $e->getParam('form');
// Do something after user has registered
}
}
Inside NvUser/config/module.config.php:
<?php
namespace NvUser;
return array(
'zfcuser' => array(
'new_user_default_role' => 'user',
),
);
References:
Understanding the Zend Framework 2 Event Manager
Maybe it's not the best solution, but it works for me.
Add user_role_id option in config scope.
public function onBootstrap(MvcEvent $mvcEvent)
{
$zfcServiceEvents = $mvcEvent->getApplication()->getServiceManager()->get('zfcuser_user_service')->getEventManager();
$zfcServiceEvents->attach('register', function($e) use($mvcEvent) {
$user = $e->getParam('user');
$em = $mvcEvent->getApplication()->getServiceManager()->get('doctrine.entitymanager.orm_default');
$config = $mvcEvent->getApplication()->getServiceManager()->get('config');
$defaultUserRole = $em->getRepository('SamUser\Entity\Role')->find($config['user_role_id']);
$user->addRole($defaultUserRole);
});
}
Maybe someone will offer better solution.
This work too.
public function onBootstrap(MvcEvent $mvcEvent)
{
$zfcServiceEvents = $mvcEvent->getApplication()-getServiceManager()->get('zfcuser_user_service')->getEventManager();
$zfcServiceEvents->attach('register', function($e) use($mvcEvent) {
$user = $e->getParam('user');
$em = $mvcEvent->getApplication()->getServiceManager()-get('doctrine.entitymanager.orm_default');
$defaultUserRole = $em->getRepository('SamUser\Entity\Role')-find('id_of_your_role_on_table_role_for_example: '2'');
$user->addRole($defaultUserRole);
});
}
I just used a MySQL trigger
DROP TRIGGER IF EXISTS `user_role_after_insert_trig`;
DELIMITER //
CREATE TRIGGER `user_role_after_insert_trig` AFTER INSERT ON `user`
FOR EACH ROW begin
insert into user_role_linker (user_id,role_id) values (new.user_id, 5);
end
//
DELIMITER ;
I'm creating an intranet, therefore all users have account automatically created for them. They then go to a url to create their password. All that works great. I'm now trying to allow them to "attach" their Facebook account to their user account. This is where my troubles have started...
I've successfully gotten the user to authenticate properly after a facebook login with this
method in SecurityController
public function loginCheckFacebookAction()
{
$request = $this->getRequest();
$session = $request->getSession();
$response = new Response();
$sessionUser = $this->getUser();
$facebook = $this->get('facebook');
$fbUser = $facebook->getUser(); // facebook id
if ($fbUser) {
try {
$em = $this->getDoctrine()->getManager();
$repo = $em->getRepository("IntranetBundle:User");
$user = $repo->findUserByFBID($fbUser);
if($user){
$targetPath = $session->get("_target_path");
$firewall = "secured_area";
$roles = $user->getRoles();
$rolesArray = array();
foreach($roles as $role):
$rolesArray[] = $role->getRole();
endforeach;
$token = new UsernamePasswordToken($user, $user->getPassword(), $firewall, $rolesArray);
$event = new InteractiveLoginEvent($this->getRequest(), $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);
$this->get('security.context')->setToken($token);
/*
If I uncomment out either of the following redirects
the redirect happens but the user is not authenticated properly
If I comment them out I'm just rendering my error template. The user
however, is authenticated properly.
*/
if(isset($targetPath)){
//return $this->redirect($targetPath);
} else {
//return $this->redirect($this->generateUrl("ssla_intranet_homepage"));
}
}
} catch (FacebookApiException $e) {
$user = null;
}
// I just render this template to be able to view debug bar.
//User is authenticated properly.
$pageParameters = $this->getPageParameters();
$pageParameters["page"] = "error";
$pageParameters["error"] = array();
$pageParameters["error"]["message"] = "Something went wrong with authentication";
return $this->render('IntranetBundle:Error:index.html.twig', $pageParameters);
}
Do I need to register a listener for all interactive_login events that then handles all post-login redirection rather than trying to redirect within the same method?
First project using Symfony, and this is killing me. Any thoughts?
By the way, I've looked into the FOSFacebookBundle, but wanted to be able to authenticate with a number of different methods, including doctrine, gmail, facebook, and twitter.
I am working on a purchase system in my assignment and trying to solve the problem by using a session to store data in the process.
Although I'm experiencing a problem in Mozilla Firefox, which cannot for some reason work with the session I have created. There's most likely no doubt that I must have made some kind of mistake.
The process is as follows:
User fills form -> Clicks submit -> [Validation process] -> User reviews confirm page
Here is the relevant code from the controller:
public function indexAction() {
$this->gatewayForm = new Payment_Form_Gateway;
$save = $this->validate();
$this->view->gatewayForm = $save['form'];
$this->view->alert = $save['alert'];
}
public function validate() {
# get form
$form = $this->gatewayForm;
if ($this->_request->isPost()) {
# get params
$data = $this->_request->getPost();
# check validate form
if ($form->isValid($data)) {
$session = new Zend_Session_Namespace('formData'); // name space creation
$session->data = $data;
$this->_helper->redirector('confirm', 'gateway', 'payment');
} else {
$alert = array('Pay failed');
}
$form->populate($data);
}
return array('form' => $form, 'alert' => empty($alert) ? null : $alert );
}
public function confirmAction() {
$this->_helper->viewRenderer->setNoRender(true); // disable std. view
$session = new Zend_Session_Namespace('formData');
$data = $session->data;
if(isset($data)) {
$this->_helper->viewRenderer->setNoRender(false);
} else {
$this->_helper->redirector('index', 'gateway', 'payment');
}
}
Things go wrong in the confirmAction in Firefox, the session namespace seems to be empty? Although this does not occur in Safari, Chrome, IE etc.
Thanks in advance.
I reinstalled Firefox and removed config and cache files which did the magic. Problems solved!
According to Randomness will get you everywhere.
Ryan’s Blog
the action stack component of Zend Framework is un-needed and that a partial view can be combined with Zend_Acl and Zend_Auth for the purpose of authenticating and controlling resources.
I have not been able to find any suitable example on google about how its done. Will be glad is someone will be kind to show me how to implement this. Thanks
Here you go:
You could use the combination of Zend_Auth and Zend_Acl. To extend the other answers I give a short example of how you can manage authentication using zend framework:
First you need to setup a plugin to predispatch all requests and check if the client is allowed to access certain data. This plugin might look like this one:
class Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract {
private $_acl = null;
public function __construct(Zend_Acl $acl) {
$this->_acl = $acl;
}
public function preDispatch(Zend_Controller_Request_Abstract $request) {
//get request information
$module = $request->getModuleName ();
$resource = $request->getControllerName ();
$action = $request->getActionName ();
try {
if(!$this->_acl->isAllowed(Zend_Registry::get('role'),
$module . ':' . $resource, $action)){
$request->setControllerName ('authentication')
->setActionName ('login');
}
}catch(Zend_Acl_Exception $e) {
$request->setControllerName('index')->setActionName ('uups');
}
}
}
So every user type has certain permissions that you define in your acl library. On every request you check if the user is allowed to access a resource. If not you redirect to login page, else the preDispatch passes the user to the resource.
In Zend_Acl you define roles, resources and permission, that allow or deny access, e.g.:
class Model_LibraryAcl extends Zend_Acl {
public function __construct() {
$this->addRole(new Zend_Acl_Role('guests'));
$this->addRole(new Zend_Acl_Role('users'), 'guests');
$this->addRole(new Zend_Acl_Role('admins'), 'users');
$this->add(new Zend_Acl_Resource('default'))
->add(new Zend_Acl_Resource('default:authentication'), 'default')
->add(new Zend_Acl_Resource('default:index'), 'default')
->add(new Zend_Acl_Resource('default:error'), 'default');
$this->allow('guests', 'default:authentication', array('login'));
$this->allow('guests', 'default:error', 'error');
$this->allow('users', 'default:authentication', 'logout');
}
}
Then you have to setup acl and auth in your bootstrap file:
private $_acl = null;
protected function _initAutoload() {
//...your code
if (Zend_Auth::getInstance()->hasIdentity()){
Zend_Registry::set ('role',
Zend_Auth::getInstance()->getStorage()
->read()
->role);
}else{
Zend_Registry::set('role', 'guests');
}
$this->_acl = new Model_LibraryAcl ();
$fc = Zend_Controller_Front::getInstance ();
$fc->registerPlugin ( new Plugin_AccessCheck ( $this->_acl ) );
return $modelLoader;
}
Finally in your authentication controller you have to use a custom auth adapter and setup actions for login and logout:
public function logoutAction() {
Zend_Auth::getInstance ()->clearIdentity ();
$this->_redirect ( 'index/index' );
}
private function getAuthAdapter() {
$authAdapter = new Zend_Auth_Adapter_DbTable (
Zend_Db_Table::getDefaultAdapter ());
$authAdapter->setTableName('users')
->setIdentityColumn('email')
->setCredentialColumn ('password')
->setCredentialTreatment ('SHA1(CONCAT(?,salt))');
return $authAdapter;
}
In your login action you need to pass login data to the auth adapter which performs the authentication.
$authAdapter = $this->getAuthAdapter ();
$authAdapter->setIdentity ( $username )->setCredential ( $password );
$auth = Zend_Auth::getInstance ();
$result = $auth->authenticate ( $authAdapter );
if ($result->isValid ()) {
$identity = $authAdapter->getResultRowObject ();
if ($identity->approved == 'true') {
$authStorage = $auth->getStorage ();
$authStorage->write ( $identity );
$this->_redirect ( 'index/index' );
} else {
$this->_redirect ( 'authentication/login' );
}
And that's all. I recommend you this HOW TO on youtube on zend auth and zend acl.
You may find the following articles on Action Helpers useful, I recommend browsing the sites if any are new to you as they also have articles on implementing Zend_Auth:
Using Action Helpers To Implement Re-Usable Widgets by Matthew Weier O'Phinney
Introducing Action Helpers by Jon Lebensold
Using Action Helpers in Zend Framework by Rob Allen
ZF Reference Guide: Action Helpers Official Documentation
I have coded a simple admin module with ability to paginate records and sort them by some column. And when I sort and then call some other action on the records it should redirect the user back to index page with the same sort parameters as there were before. But after I call the indexAction() with parameters like this /admin/users/index/column/num_orders/order/ASC and then call the toggleActiveAction() I am redirected to page /admin/users/index/column/num_orders/order/CSS.
The same story with .../index/page/2 => .../index/page/css.
Why "CSS"? My session data never used in other context than you see below.
In my bootstrap I have the following:
protected function _initSession()
{
Zend_Session::start();
}
Controller init():
...
$this->_session = new Zend_Session_Namespace('Admin_Users');
...
I have a following function in my controller:
public function redirectToIndex()
{
$options = array();
if (isset($this->_session->curPage) && $this->_session->curPage != 1)
$options['page'] = $this->_session->curPage;
if (isset($this->_session->curColumn) && $this->_session->curColumn)
$options['column'] = $this->_session->curColumn;
if (isset($this->_session->curOrder) && $this->_session->curOrder)
$options['order'] = $this->_session->curOrder;
$this->_helper->redirector('index', 'users', 'admin', $options);
}
In index action:
$curColumn = $this->_getParam('column', '');
$curOrder = strtoupper($this->_getParam('order', ''));
$page = $this->_getParam('page', 1);
...
$this->_session->curPage = $page;
$this->_session->curColumn = $curColumn;
$this->_session->curOrder = $curOrder;
Then in toggleActiveAction() I call
$this->redirectToIndex();
I guess there is a unexisted css file on your page (on js or img) which is handled with Zend Framewok froncontroller. Youd should enable log for all requests that are handled with ZF and you will find there a request like "/theme/supersite/css/thisFileNotExists.css" (or similar :)