Zend_Application issue with extending Frontcontroller and using extended Frontcontroller application resource - zend-framework

I extended the Zend Frontcontroller with a personal one and also extended the frontcontroller application resource to use my personal front controller. All it basically does for the moment is assign the front variable within the application resource method getFrontController to my personal front controller. Lastly, I added the pluginpaths variable within application.ini to use my personal Application Resources. In any case, I'm getting the Zend Frontcontroller returned to me instead of my personal one. Anybody know why my personal application frontcontroller resource
isnt being used?
`

Since Zend_Controller_Front is a singleton, you will also need to override the getInstance() method to ensure it creates an instance of your class instead of the base class. You can just cut and paste the method to do this:
public static function getInstance()
{
if (null === self::$_instance) {
self::$_instance = new self();
}
return self::$_instance;
}

Related

Autofac OWIN web api - load dependency based on request

How I can load a service dependency based on the route parameter?
My requirement is different, but I'll try to use a simple example.
A user can select the shipping provider (UPS, Fedex...) and the information is as part of the request model or route. Based on the route, I need to load the service class.
How it can be done in Autofac OWIN? Help on this will be appreciated
When you use the Autofac's OWIN integration, each request creates a new lifetime scope in which the current IOwinContext is registered, as you can see here.
You could then delegate the creation of your service to a factory that would take a dependency on IOwinContext.
public class MyServiceFactory
{
private readonly IOwinContext _context;
public MyServiceFactory(IOwinContext context)
{
_context = context;
}
public IService Create()
{
// inspect the context and determine which service you need
// you could return, dependending on, let's say, the URL
// - UpsService()
// - FedexService()
}
}
One thing you'll need to make sure is that you register your factory as InstancePerLifetimeScope since the IOwinContext will be different for each request.
Do you need to work at the OWIN layer, though? It will make things harder, and possibly a bit hacky, since OWIN is really just the HTTP layer, so there's no such thing as route data.
If you use ASP.NET Web API, you could base the factory on the current HttpRequestMessage if you use the RegisterHttpRequestMessage extension method.
You can then access route data through request.GetRequestContext().RouteData. Note that GetRequestContext is an extension method in the System.Net.Http namespace.
If you use ASP.NET MVC, you can register the AutofacWebTypesModule in the container, itself registering quite a few types in the container.
One of those is HttpRequestContext which has a RouteData property, so you can inject this one in the factory and apply your logic.

How to configure resetpassword

I am using IdentityServer3 for authentication. Users are stored using AspnetIdentity framework. I wanted to provide reset password functionality to users. I want to provide this functionality in IdentityServer hosting application. I have gone through several posts here here here and this what I have done so far:
1>I have created custom user service derived from AspNetIdentityUserService.
2>Created resetpassword.html and put it in template folder. (documentation)
3>It's not necessary to create a CustomViewService, so I added LoginPageLink in AuthenticationOptions and now the link is available on login page.
4>Created ResetPasswordController
public class ResetPasswordController : Controller
{
public ActionResult Index()
{
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult ResetPassword(string username)
{
// call customservice here and reset password
return View();
}
}
Issue
when i click on the resetpassword link, i get error
The view 'Index' or its master was not found or no view engine
supports the searched locations. The following locations were
searched: ~/Views/resetpassword/Index.aspx
~/Views/resetpassword/Index.ascx ~/Views/Shared/Index.aspx
~/Views/Shared/Index.ascx ~/Views/resetpassword/Index.cshtml
~/Views/resetpassword/Index.vbhtml ~/Views/Shared/Index.cshtml
~/Views/Shared/Index.vbhtml
I know why the error is, its because we don't have corresponding view in Views folder where MVC framework in looking for. My view resetpassword.html is in template folder. And that's the confusion. Identity server is using Angular to build its views.
If I decide to use angular then
1>How do I create and pass model to resetpassword.html.
2>How do I wire-up my CustomUserService to controller.
If I use ASP.NET MVC then
1>I need to add resetpassword.cshtml in Views folder and also a new Layout.cshtml in shared folder.
2>Doing so MVC scafolding will add bootstrap resources (css,js, jquery). The version may not match with IdentityServer's embedded resources.
I am comfortable coding ASP.NET MVC but worried adding bootstrap resources twice in the solution.
What is the best and easy approach here. Any sample example will be greatly appreciated.

how to get HTTP request object in class implementing jackrabbit ExternalIdentityProvider

I am implementing custom external identity provider and to do this I need to implement ExternalIdentityProvider class from jackrabbit.
http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html
In normal case you would need to pass j_username and j_password and you can get these from values SimpleCredentials object
My question is that since I need to pass additional form parameter say for instance linkedin ID in my case, how do I achieve that?
#Component(
policy = ConfigurationPolicy.REQUIRE
)
#Service
public class RDBMSIdentityProvider implements ExternalIdentityProvider {
#Override
public ExternalUser authenticate(Credentials credentials)
throws ExternalIdentityException, LoginException {
//i can get username / password from credentials object
//how to get additional parameters from http request object?
}
Any input is highly appreciated.
Thanks!
The correct way to handle this is to have a custom AuthenticationHandler which creates an instance of a specific Credentials object with whatever parameters you need in it.
That said, if you are integrating with LinkedIn (and this is in AEM), you would be better served by integrating with the existing OAuth AuthenticationHandler. There is OOTB support for Facebook and Twitter, but the OAuth provider is designed to be pluggable for different OAuth Service Providers.

Zend Framework: Module Name in Bootstrap

I need to know how to get the current module name in the bootstrap file of my zend application. On the load of the page I'm doing a request to a webservice to get the current user information by sending a hashed cookie and a token. The problem is that I only need to do this in two of my 3 modules so i need to be able to ask for example.
if ($moduleName !== "filteredmodule"){
// do the request
}
Thanks.
Bootstrap is for getting the application ready. I suggest you do this kind of call in a Controller Plugin (which you can use to get the current called module) or in the init() function of your controller.
This is how to get the current module via controller plugin:
<?php
final class YourApp_Controller_Plugin_YourPluginName extends Zend_Controller_Plugin_Abstract {
public function preDispatch(Zend_Controller_Request_Abstract $request) {
$module = $request->getModuleName(); //This is the module
Docs: http://framework.zend.com/manual/en/zend.controller.plugins.html
One thing regarding Ashley's answer:
If you want to do
$module = $request->getModuleName();
as soon as possible, then do it in routeShutdown().
As the documentation states, "routeStartup() is called before Zend_Controller_Front calls on the router to evaluate the request against the registered routes. routeShutdown() is called after the router finishes routing the request."
So router dependant request parameters like module, controller, action or any other parameters specified in the route will be accessible in routeShutdown() and later functions.

Zend Controller Plugins vs Subclassing Action Controller

I've got a pretty standard ACL system in my application. There's a Login controller and a bunch of other controllers redirecting back to Login if user is not authorized. I use a Controller Plugin for checking the ID and redirecting and I obviously don't want Login controller and Error controller to perform such a redirect.
Now I've read several times that using Controller Plugins is a better practice than subclassing the Action Controller. Yet what I see is it's much easier to extend all my controllers from this abstract base controller class which performs the necessary checking in its init method, except for the Login controller which extends Zend_Controller_Action directly.
So the question is, is there a way to attach the plugin to the controllers selectively? Of course I can always make an array out of certain controllers, send it to a plugin through a setter method and do something like:
$controller = $request->getParam('controller');
if (count($this->exceptions))
if (in_array($controller, $this->exceptions)) return;
//...check ID, perform redirect, etc...
Yet something tells me it's not the best way doing it.
And advices?
EDIT 1: #Billy ONeal
Thank you for your reply, but I don't quite catch. I can do
public function init()
{
$this->getRequest()->setParam('dropProtection', true);
}
(or run some method that sets some private variable of the plugin) in my login controller, and then say if 'dropProtection' is not true then check the user ID. But the actual dispatch process looks like this:
Plugin::dispatchLoopStartup
Plugin::preDispatch
Controller::init
Plugin::postDispatch
Plugin::preDispatch
Plugin::postDispatch
Plugin::dispatchLoopShutdown
So I cannot check this 'dropProtection' param earlier than in Plugin::postDispatch and that's a bit late. (by the way, why the preDispatch and postDispatch are being called twice?)
If you want to do it earlier, I think you can use the first method (passing an array of exceptions to the plugin) and test the module name or the controller name in routeShutdown.
Personnaly I use an action helper to check the auth in all my actions. It's more flexible and give me more control. It's only one line for each private action.
And DON'T SUBCLASS your action controller. I did it on one of my project and now my base class is a piece of shit. Use action helper instead.
is there a way to attach the plugin to the controllers selectively?
Of course. Just don't register the plugin if the request doesn't contain the parameters you're looking for. Alternately, assume all pages are protected, and have those pages which should not be protected call some method on your plugin during the init stage.
If you want to protect just a single controller, you could reverse that -- have the plugin only take action if there's some method called during the init stage.
Finally, you could make the entire logged-in section of the page it's own module, which would allow you to have the plugin check for that module before checking credentials and redirecting.