I can't get my Symfony 5.2 session bag working with native file handling. Here is my bag...
class TestSessionBag extends AttributeBag implements SessionBagInterface
{
public const NAME = 'TestSessionBag';
public function __construct() {
}
public function getName() : string {
return self::NAME;
}
public function getStorageKey() : string {
return self::NAME;
}
public function setSomeText(string $text) {
$this->set('some-text',$text);
}
public function getSomeText() {
return $this->get('some-text');
}
}
Here is my controller...
class SessionBenchController extends AbstractController
{
public $requestStack;
public $sessionBag;
public function __construct(RequestStack $requestStack)
{
$this->requestStack = $requestStack;
try {
$this->sessionBag = $this->getSession()->getBag(TestSessionBag::NAME);
error_log('found existing bag');
} catch(\Exception $ex) {
error_log('constructing new bag');
$this->getSession()->registerBag(new TestSessionBag());
$this->sessionBag = $this->getSession()->getBag(TestSessionBag::NAME);
}
}
/**
* #Route("/session", name="app_session_bench")
*/
public function index(): Response
{
// $text = $this->getSession()->get('some-text');
$text = $this->sessionBag->get('some-text');
error_log('in index, text = '.$text);
return $this->render('session_bench/index.html.twig', [
'some_text' => $text
]);
}
/**
* #Route("/session/some-text", name="app_session_some_text")
*/
public function someText(Request $request): Response
{
$text = $request->request->get('text');
error_log('in someText, text = '.$text);
// $this->getSession()->set('some-text',$text);
$this->getSession()->getBag(TestSessionBag::NAME)->get('some-text');
return new JsonResponse(['success' => 1]);
}
public function getSession() : Session
{
return $this->requestStack->getSession();
}
}
The bag is never found in the constructor. It is constructed fine on the first request, but on the second request I get "Cannot register a bag when the session is already started".
In framework.yml I am using the native file handler...
session:
# handler_id: null
handler_id: 'session.handler.native_file'
save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
If I use the default handler, it seems to work. However it still does not find the bag in the constructor...the bag must be registered for every request. But the session is already started! So I am wondering why I don't get the same error as I did with native file handling.
I would assume the problem with the native file handling is the serialization but I can't find any documentation on it. I tried adding JSON serialization to the bag to no effect. What am I missing here?
Related
In this Symfony route
/**
* #Route("/board/{board}/card/{card}", name="card_show", methods={"GET"}, options={})
*/
public function show(Board $board, Card $card): Response
{
$card->getLane()->getBoard(); // Board instance
// ...
}
How is it possible to add the {board} parameter programatically, since it is already available in {card}? Now, I always need to add two parameters, when generating links to show action.
After some research I've found the RoutingAutoBundle (https://symfony.com/doc/master/cmf/bundles/routing_auto/introduction.html#usage) which would provide the functions I need, but it's not available for Symfony 5 anymore.
Thanks.
Okay, after some investigation I've found this question
Which lead me to this helpful answer.
My controller action (with #Route annotation) looks like this:
/**
* #Route("/board/{board}/card/{card}", name="card_show", methods={"GET"})
*/
public function show(Card $card): Response
{
}
We just have one argument ($card) in method signature, but two arguments in route.
This is how to call the route in twig:
path("card_show", {card: card.id})
No board parameter required, thanks to a custom router.
This is how the custom router looks like:
<?php // src/Routing/CustomCardRouter.php
namespace App\Routing;
use App\Repository\CardRepository;
use Symfony\Component\Routing\RouterInterface;
class CustomCardRouter implements RouterInterface
{
private $router;
private $cardRepository;
public function __construct(RouterInterface $router, CardRepository $cardRepository)
{
$this->router = $router;
$this->cardRepository = $cardRepository;
}
public function generate($name, $parameters = [], $referenceType = self::ABSOLUTE_PATH)
{
if ($name === 'card_show') {
$card = $this->cardRepository->findOneBy(['id' => $parameters['card']]);
if ($card) {
$parameters['board'] = $card->getLane()->getBoard()->getId();
}
}
return $this->router->generate($name, $parameters, $referenceType);
}
public function setContext(\Symfony\Component\Routing\RequestContext $context)
{
$this->router->setContext($context);
}
public function getContext()
{
return $this->router->getContext();
}
public function getRouteCollection()
{
return $this->router->getRouteCollection();
}
public function match($pathinfo)
{
return $this->router->match($pathinfo);
}
}
Now, the missing parameter board is provided programatically, by injecting and using the card repository. To enable the custom router, you need to register it in your services.yaml:
App\Routing\CustomCardRouter:
decorates: 'router'
arguments: ['#App\Routing\CustomCardRouter.inner']
My situation: I have a NavigatorController which is triggered by AJAX requests, and will
$this->forward("controllername")
the request. But how can I check if the controller exists based on controller name? Of course, BEFORE the actual forward happens and throws an error when the page controller does not exists.
You can actually use the
controller_resolver
service that Symfony uses in order to check if controller exists.
public function indexAction(Request $request)
{
$request->attributes->set('_controller', 'AppBundle\Controller\ExampleController::exampleAction');
try{
$this->get('debug.controller_resolver')->getController($request);
} catch (\Exception $e) {
$x = $e->getCode();
}
}
Hope it helps!
Also You can check by using Service:
namespace AppBundle\Service;
class ExampleService
{
/**
* #param string $controller
* #return bool
*/
public function has($controller)
{
list($class, $action) = explode('::', $controller, 2);
return class_exists($class);
}
}
In app/config/services.yml :
services:
app.controller.check:
class: AppBundle\Service\ExampleService
In Controller:
public function indexAction(Request $request)
{
$controller = 'AppBundle\Controller\DefaultController';
if($this->get('app.controller.check')->has($controller))
{
echo 'Exists';
}
else
{
echo "Doesn't exists";
}
}
I have a user object that has a property 'enabled'. I want every action to first check if the user is enabled before continuing.
Right now I have solved it with a Controller that every other controller extends, but using the setContainer function to catch every Controller action feels really hacky.
class BaseController extends Controller{
public function setContainer(ContainerInterface $container = null)
{
$this->container = $container;
$user = $this->getUser();
// Redirect disabled users to a info page
if (!$user->isEnabled() && !$this instanceof InfoController) {
return $this->redirectToRoute('path_to_info');
}
}
I have tried building this using a before filter (http://symfony.com/doc/current/event_dispatcher/before_after_filters.html), but could not get the User object..any tips?
EDIT:
This is my solution:
namespace AppBundle\Security;
use AppBundle\Controller\AccessDeniedController;
use AppBundle\Controller\ConfirmController;
use Symfony\Bundle\FrameworkBundle\Routing\Router;
use Symfony\Bundle\TwigBundle\Controller\ExceptionController;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
class UserEnabledListener
{
private $tokenStorage;
private $router;
public function __construct(TokenStorage $tokenStorage, Router $router)
{
$this->tokenStorage = $tokenStorage;
$this->router = $router;
}
public function onKernelController(FilterControllerEvent $event)
{
$controller = $event->getController();
/*
* $controller passed can be either a class or a Closure.
* This is not usual in Symfony but it may happen.
* If it is a class, it comes in array format
*/
if (!is_array($controller)) {
return;
}
$controller = $controller[0];
// Skip enabled check when:
// - we are already are the AccessDenied controller, or
// - user confirms e-mail and becomes enabled again, or
// - Twig throws error in template
if ($controller instanceof AccessDeniedController ||
$controller instanceof ConfirmController ||
$controller instanceof ExceptionController) {
return;
}
$user = $this->tokenStorage->getToken()->getUser();
// Show info page when user is disabled
if (!$user->isEnabled()) {
$redirectUrl = $this->router->generate('warning');
$event->setController(function() use ($redirectUrl) {
return new RedirectResponse($redirectUrl);
});
}
}
}
EDIT 2:
Ok so turns out checking for each controller manually is really bad, as you will miss Controllers from third party dependencies. I'm going to use the Security annotation and do further custom logic in a custom Exception controller or template etc.
You can use an event listener to listen for any new request.
You'll need to inject the user and then do your verification:
<service id="my_request_listener" class="Namespace\MyListener">
<tag name="kernel.event_listener" event="kernel.request" method="onKernelRequest" />
<argument type="service" id="security.token_storage" />
</service>
Edit: Here is a snippet to give an example
class MyRequestListener {
private $tokenStorage;
public function __construct(TokenStorage $tokenStorage)
{
$this->tokenStorage = $tokenStorage;
}
public function onKernelRequest(GetResponseEvent $event)
{
if (!$event->getRequest()->isMasterRequest()) {
// don't do anything if it's not the master request
return;
}
if ($this->tokenStorage->getToken()) {
$user = $this->tokenStorage->getToken()->getUser();
//do your verification here
}
}
In your case I would use the #Security annotation, which can be very flexible if you use the expression language.
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
/**
* #Security("user.isEnabled()")
*/
class EventController extends Controller
{
// ...
}
In the end it's only 1 line in each of your controller files, and it has the advantage of being very readable (a developer new to the project would know immediately what is going on without having to go and check the contents of a BaseController or any potential before filter...)
More documentation on this here.
You can override also getuser() function in your BaseController also.
/**
* Get a user from the Security Token Storage.
*
* #return mixed
*
* #throws \LogicException If SecurityBundle is not available
*
* #see TokenInterface::getUser()
*/
protected function getUser()
{
if (!$this->container->has('security.token_storage')) {
throw new \LogicException('The SecurityBundle is not registered in your application.');
}
if (null === $token = $this->container->get('security.token_storage')->getToken()) {
return;
}
if (!is_object($user = $token->getUser())) {
// e.g. anonymous authentication
return;
}
// Redirect disabled users to a info page
if (!$user->isEnabled() && !$this instanceof InfoController) {
return $this->redirectToRoute('path_to_info');
}
return $user;
}
I'm using the basic user login/logout system provided with Symfony and it works fine as long as people log in. In that case the $user object is always provided as needed.
The problem is then when logged out (or not lgged in yet) there is no user object. Is there a possibility to have (in that case) a default user object provided with my own default values?
Thanks for your suggestions
Because the solution mention above by #Chopchop (thanks anyway for your effort) didn't work here I wrote a little workaround.
I created a new class called myController which extends Controller. The only function i override is the getUser() function. There I implement it like this:
public function getUser()
{
$user = Controller::getUser();
if ( !is_object($user) )
{
$user = new \ACME\myBundle\Entity\User();
$user->setUserLASTNAME ('RaRa');
$user->setID (0);
// etc...
}
return $user;
}
This works fine for me now. The only problem is that you really have to be careful NOT to forget to replace Controller by myController in all your *Controller.php files. So, better suggestions still welcome.
Works in Symfony 3.3
Using the suggestion of #Sfblaauw, I came up with a solution that uses a CompilerPass.
AppBundle/AppBundle.php
class AppBundle extends Bundle
{
public function build(ContainerBuilder $container)
{
parent::build($container);
$container->addCompilerPass(new OverrideAnonymousUserCompilerPass());
}
}
OverrideAnonymousUserCompilerPass.php
class OverrideAnonymousCompilerPass implements CompilerPassInterface
{
public function process(ContainerBuilder $container)
{
$definition = $container->getDefinition('security.authentication.listener.anonymous');
$definition->setClass(AnonymousAuthenticationListener::class);
}
}
AnonymousAuthenticationListener.php
class AnonymousAuthenticationListener implements ListenerInterface
{
private $tokenStorage;
private $secret;
private $authenticationManager;
private $logger;
public function __construct(TokenStorageInterface $tokenStorage, $secret, LoggerInterface $logger = null, AuthenticationManagerInterface $authenticationManager = null)
{
$this->tokenStorage = $tokenStorage;
$this->secret = $secret;
$this->authenticationManager = $authenticationManager;
$this->logger = $logger;
}
public function handle(GetResponseEvent $event)
{
if (null !== $this->tokenStorage->getToken()) {
return;
}
try {
// This is the important line:
$token = new AnonymousToken($this->secret, new AnonymousUser(), array());
if (null !== $this->authenticationManager) {
$token = $this->authenticationManager->authenticate($token);
}
$this->tokenStorage->setToken($token);
if (null !== $this->logger) {
$this->logger->info('Populated the TokenStorage with an anonymous Token.');
}
} catch (AuthenticationException $failed) {
if (null !== $this->logger) {
$this->logger->info('Anonymous authentication failed.', array('exception' => $failed));
}
}
}
}
This file is a copy of the AnonymousAuthenticationListener that comes with Symfony, but with the AnonymousToken constructor changed to pass in an AnonymousUser class instead of a string. In my case, AnonymousUser is a class that extends my User object, but you can implement it however you like.
These changes mean that {{ app.user }} in Twig and UserInterface injections in PHP will always return a User: you can use isinstance to tell if it's an AnonymousUser, or add a method isLoggedIn to your User class which returns true in User but false in AnonymousUser.
you can redirect the user not authenticated and force a fake login (to create a user ANONYMOUS)
and set it as well on logout
public function logoutAction(){
$em = $this->getDoctrine()->getManager();
$user = $em->getRepository('VendorBundle:User')->findByUserName('annonymous');
$session = $this->getRequest()->getSession();
$session->set('user', $user);
}
and if user is not set
public function checkLoginAction(){
if(!$session->get('user')){
$em = $this->getDoctrine()->getManager();
$user = $em->getRepository('VendorBundle:User')->findByUserName('annonymous');
$session = $this->getRequest()->getSession();
$session->set('user', $user);
}
//this->redirect('/');
}
in you security.yml
security:
firewalls:
main:
access_denied_url: /check_login/
access_control:
- { path: ^/$, role: ROLE_USER }
This is only an example i haven't tested (and will probably don't, since i don't get the purpose of doing this:) )
Using Symfony 2.6
Like Gordon says use the authentication listener to override the default anonymous user.
Now you can add the properties that you need to the anonymous user, in my case the language and the currency.
security.yml
parameters:
security.authentication.listener.anonymous.class: AppBundle\Security\Http\Firewall\AnonymousAuthenticationListener
AnonymousAuthenticationListener.php
namespace AppBundle\Security\Http\Firewall;
...
use AppBundle\Security\User\AnonymousUser;
class AnonymousAuthenticationListener implements ListenerInterface
{
...
public function handle(GetResponseEvent $event)
{
...
try {
$token = new AnonymousToken($this->key, new AnonymousUser(), array());
...
}
}
}
AnonymousUser.php
class AnonymousUser implements UserInterface
{
public function getUsername() { return 'anon.'; }
}
In my Application I'm using a init function to init an action
the init function validate the user input
(for example the user is looking for an product what not exist -> the init function should redirect him to an errorpage "product ... not found")
/**
* #Route("/route/{var}", name="xyzbundle_xyz_index")
* #Template("VendorXyzBundle:xyz:index.html.twig")
*/
public function indexAction ($var)
{
$xyz = $this->initxyz($var);
...
.. more code
.
}
And there is a private function in this controller that should validate the from url given parameter and if it is wrong (dont exist in database etc), the private function should redirect
private function init($var)
{
if($this->databasesearchforexyz($var)){
// redirect to Errorpage (No xyz found named ...)
return $this->redirect($this->generateUrl('xyz_error_...'));
}
if($this->checksomethingelse($var)){
// redirect to some other error page
}
}
Please note, these are not my real method/variable/path/etc. names.
The problem is, it is not redirecting.
You can check if the init function returns an actual response, then you can return it directly from the main code. Like this:
public function indexAction ($var)
{
$xyz = $this->initxyz($var);
if ($xyz instanceof \Symfony\Component\HttpFoundation\Response) {
return $xyz;
}
...
.. more code
.
}
Btw, if you only need to check database existance you can use symfony's paramconverter
Here's some suggestion.
Return true from the init function if there's no redirect and return false if there's a redirect.
Example:
private function init($var) {
if ($error) {
// An error occurred, redirect
$this->redirect($this->generateUrl('xyz_error_...'));
return false;
}
// Else, everything alright
return true;
}
public function indexAction ($var) {
if (!$this->init($var)) {
// Failed to init, redirection happening
return;
}
// Continue as normal
}
Using the answer of #alex88, I aggregate an exception and an exception listener to do the redirect. That avoid me to repeat the condition over and over again, because my function could redirect the user under different scenarios.
1. Controller
namespace AppBundle\Controller;
use AppBundle\Exception\UserHasToBeRedirectedException;
class DefaultController extends Controller
{
public function indexAction(...)
{
...
$this->userHasToBeRedirected();
...
}
private function userHasToBeRedirected()
{
...
if ($userHasToBeRedirected) {
$response = $this->redirect($this->generateUrl(...));
throw new UserHasToBeRedirectedException($response);
}
...
}
}
2. Exception
namespace AppBundle\Exception;
use Exception;
use Symfony\Component\HttpFoundation\Response;
class UserHasToBeRedirectedException extends Exception
{
private $response;
public function __construct(Response $response)
{
$this->response = $response;
}
public function getResponse()
{
return $this->response;
}
public function setResponse(Response $response)
{
$this->response = $response;
return $this;
}
}
3. Exception Listener
namespace AppBundle\EventListener;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
use AppBundle\Exception\UserHasToBeRedirectedException;
class ExceptionListener
{
public function onKernelException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
...
if ($exception instanceof UserHasToBeRedirectedException) {
$response = $exception->getResponse();
$event->setResponse($response);
}
...
}
}
4. Register the service at service.yml
...
appBundle.exception_listener:
class: AppBundle\EventListener\ExceptionListener
tags:
- { name: kernel.event_listener, event: kernel.exception }
...
For more information:
Symfony Documantation about Events