I am making simple api wrapper, so all requests to https://example.comA/api/me must be catched on kernel response level and forwarded to https://api.example.comB/me and all was fine however I cannot get the currently logged in User in that kernel response because it returns null:
namespace App\Manager\Api\Event;
use App\Provider\Core\Api\CoreApi;
use GuzzleHttp\Exception\BadResponseException;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\Security\Core\Security;
class ApiWrapperEventListener
{
private $coreApi;
private $security;
public function __construct(CoreApi $coreApi, Security $security)
{
$this->coreApi = $coreApi;
$this->security = $security;
}
public function onKernelResponse(ResponseEvent $event)
{
if (!$event->isMasterRequest()) return;
$request = $event->getRequest();
if ('/api' === substr($request->getPathInfo(), 0, 4)) {
dump($this->security->getUser()); // returns NULL
die;
try {
$response = $this->coreApi->call($request->getMethod(), $request->getPathInfo(), json_decode($request->getContent(), true) ?? []);
$event->setResponse(new JsonResponse($response));
} catch (BadResponseException $error) {
dump($error);
die;
}
}
}
}
I guess Symfony is firing those events before I get the User, is there a way to get this right?
I have to note that in other places like controllers or services I get the User right.
Ok i know what was the problem.
The response controller event has no User when 404 or 500 given.
In my case I was catching 404, passing to listener and modifying the request to 200.
This approach wasn't good, so i decided to move this to Controller itself.
/**
* #Route("/api/v1/{uri}", name="api", requirements={"uri"=".+"})
*/
public function api(
Request $request,
CoreApi $coreApi
):Response
{
try
{
$response = $coreApi->call($request->getMethod(), $request->getPathInfo(), json_decode($request->getContent(), true) ?? []);
return new JsonResponse($response);
}
catch(BadResponseException $error)
{
return new Response($error->getResponse()->getBody()->getContents(), $error->getResponse()->getStatusCode());
}
}
Related
I've been testing the new Slim 4 framework and redirects work fine for me in normal classes, but I cannot seem to get them working in middleware, where a response is dynamically generated (apparently?) by the Request Handler. When I try to redirect with a Location header, it simply fails to redirect, and my route continues to the original location.
Here’s a basic version of my authentication middleware for testing:
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
class AuthMiddleware extends Middleware {
public function __invoke(Request $request, RequestHandler $handler): Response {
$response = $handler->handle($request);
$loggedInTest = false;
if ($loggedInTest) {
echo "User authorized.";
return $response;
} else {
echo "User NOT authorized.";
return $response->withHeader('Location', '/users/login')->withStatus(302);
}
}
}
Has anybody got this to work? And if so, how did you accomplish it? Thanks in advance.
I think I see the problem with this code.
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
class AuthMiddleware extends Middleware {
public function __invoke(Request $request, RequestHandler $handler): Response {
$response = $handler->handle($request);
$loggedInTest = false;
if ($loggedInTest) {
echo "User authorized.";
return $response;
} else {
echo "User NOT authorized.";
return $response->withHeader('Location', '/users/login')->withStatus(302);
}
}
}
When you call $handler->handle($request), that processes the request normally and calls whatever closure is supposed to handle the route. The response hasn't been completed yet, you can still append stuff to it, but the headers are already set, so you can't do a redirect, because the headers are done.
Maybe try this:
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Slim\Psr7\Response;
class AuthMiddleware extends Middleware {
public function __invoke(Request $request, RequestHandler $handler): ResponseInterface {
$loggedInTest = false;
if ($loggedInTest) {
$response = $handler->handle($request);
echo "User authorized.";
return $response;
} else {
$response = new Response();
// echo "User NOT authorized.";
return $response->withHeader('Location', '/users/login')->withStatus(302);
}
}
}
If the login test fails, we never call $handler->handle(), so the normal response doesn't get generated. Meanwhile, we create a new response.
Note that the ResponseInterface and Response can't both be called Response in the same file, so I had to remove that alias, and just call the ResponseInterface by its true name. You could give it a different alias, but I think that would only create more confusion.
Also, I commented out the echo before the redirect. I think this echo will force headers to be sent automatically, which will break the redirect. Unless Slim 4 is doing output buffering, in which case you're still not going to see it, because the redirect will immediately send you to a different page. Anyway, I commented it out to give the code the best chance of working but left it in place for reference.
Anyway, I think if you make that little change, everything will work. Of course, this post is almost a year old, so you've probably solved this on your own, switched to F3, or abandoned the project by now. But hopefully, this will be helpful to someone else. That's the whole point of StackOverflow, right?
eimajenthat is right, except that you cannot create an instance of interface.
Try this instead:
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Slim\Psr7\Response;
class AuthMiddleware extends Middleware {
public function __invoke(Request $request, RequestHandler $handler): Response {
global $app; // Assuming $app is your global object
$loggedInTest = false;
if ($loggedInTest) {
$response = $handler->handle($request);
echo "User authorized.";
return $response;
} else {
$response = $app->getResponseFactory()->createResponse();
// echo "User NOT authorized.";
return $response->withHeader('Location', '/users/login')->withStatus(302);
}
}
}
I was growing so frustrated by Slim 4 and redirect issues that I took a look at FatFreeFramework and had the exact same problem. So I knew it was something I was doing. My code was putting the app into a never-ending redirect loop. I can make it work by validating the redirect URL like so in FatFreeFramework:
class Controller {
protected $f3;
public function __construct() {
$isLoggedIn = false;
$this->f3 = Base::instance();
if ($isLoggedIn == false && $_SERVER['REQUEST_URI'] != '/login') {
$this->f3->reroute('/login');
exit();
}
}
}
Therefore, although I haven't actually taken the time to test it, I'm assuming I could fix it in Slim 4 by doing something like:
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
class AuthMiddleware extends Middleware {
public function __invoke(Request $request, RequestHandler $handler): Response {
$response = $handler->handle($request);
$loggedInTest = false;
if (!$loggedInTest && $_SERVER['REQUEST_URI'] != '/user/login') {
return return $response->withHeader('Location', '/users/login')->withStatus(302);
} else {
return $response;
}
}
}
Does anybody have another idea for how to break a continuous redirect loop? Or is the $_SERVER variable the best option?
Thanks in advance.
Use 2 response
namespace App\middleware;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Slim\Psr7\Response as Response7;
use Psr\Http\Message\ResponseInterface as Response;
final class OtorisasiAdmin {
public function __invoke(Request $request, RequestHandler $handler): Response {
$session = new \Classes\session();
$session->start();
$isAdmin=($session->has("login","admin"))?true:false;
if(!$isAdmin){
$response = new Response7();
$error = file_get_contents(__dir__."/../../src/error/404.html");
$response->getBody()->write($error);
return $response->withStatus(404);
}
$response=$handler->handle($request);
return $response;
}
}
I'm trying to return a permanent (301) redirect response from a event subscriber hooked into the kernel events in Synfony PHP.
My subscriber is as follow:
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpFoundation\RedirectResponse;
class KernelSubscriber implements EventSubscriberInterface {
public function __construct() {
// some stuff here but not relevant for this example
}
public static function getSubscribedEvents(): array {
return [ KernelEvents::REQUEST => 'onRequest' ];
}
public function onRequest(GetResponseEvent $event): void {
// if conditions met
// 301 redirect to some internal or external URL
if(!$event->isMasterRequest()) return;
}
}
If this were a controller I would return $this->redirectToRoute('route') or something like that but returning from the onRequest method is in a much different context.
How can I return a response (a redirect, in particular) from this event subscriber?
Should be something like:
$event->setResponse(new RedirectResponse($route));
In my case the event had no setResponse method, but I could use the send method from the Response class.
$response = new RedirectResponse('https://stackoverflow.com/', 302);
$response->send();
For me what worked was to inject the urlGenerator and then check for the user token and make a new RedirectResponse to my logout ourl.
public function onKernelController(ControllerEvent $event)
{
if (!$event->isMainRequest()) {
return;
}
$session = $event->getRequest()->getSession();
$ssoSessionTime = $session->get('sso.expiration_time');
if (($ssoSessionTime - time()) < 0) {
$logoutUrl = $this->urlGenerator->generate('logout');
$response = new RedirectResponse($logoutUrl);
return $response->send();
}
}
Here I check that the timestamp given by my authenticator is not smaller than current time. If it is I send a new RedirectResponse
Use the below method to set the redirect response / redirect url.
$event->setController(function() use ($redirectUrl) {
return new RedirectResponse($redirectUrl);
});
I want to check if a user is logged in. Therefor I have an Class witch returns true or false. Now I want a middleware which checks if the user is logged in.
$app->get('/login', '\Controller\AccountController:loginGet')->add(Auth::class)->setName('login');
$app->post('/login', '\Controller\AccountController:loginPost')->add(Auth::class);
Auth Class
class Auth {
protected $ci;
private $account;
//Constructor
public function __construct(ContainerInterface $ci) {
$this->ci = $ci;
$this->account = new \Account($this->ci);
}
public function __invoke($request, \Slim\Http\Response $response, $next) {
if($this->account->login_check()) {
$response = $next($request, $response);
return $response;
} else {
//Redirect to Homepage
}
}
}
So when the user is logged in the page will render correctly. But when the user is not autoriesed I want to redirect to the homepage. But how?!
$response->withRedirect($router->pathFor('home');
This doesn't work!
You need to return the response. Don't forget that the request and response objects are immutable.
return $response = $response->withRedirect(...);
I have a similar auth middleware and this is how I do it which also adds a 403 (unauthorized) header.
$uri = $request->getUri()->withPath($this->router->pathFor('home'));
return $response = $response->withRedirect($uri, 403);
Building off of tflight's answer, you will need to do the following to make everything work as intended. I tried to submit this as a revision, given that the code provided in tflight's answer would not work on the framework out of the box, but it was declined, so providing it in a separate answer:
You will need the following addition to your middleware:
protected $router;
public function __construct($router)
{
$this->router = $router;
}
Additionally, when declaring the middleware, you would need to add the following the constructor:
$app->getContainer()->get('router')
Something similar to:
$app->add(new YourMiddleware($app->getContainer()->get('router')));
Without these changes, the solution will not work and you will get an error that $this->router does not exist.
With those changes in place you can then utilize the code provided by tflight
$uri = $request->getUri()->withPath($this->router->pathFor('home'));
return $response = $response->withRedirect($uri, 403);
make basic Middleware and inject $container into it so all your middleware can extends it.
Class Middleware
{
protected $container;
public function __construct($container)
{
$this->container = $container;
}
public function __get($property)
{
if (isset($this->container->{$property})) {
return $this->container->{$property};
}
// error
}
}
make sure your Auth middleware on the same folder with basic middleware or you can use namespacing.
class Auth extends Middleware
{
public function __invoke($request, $response, $next)
{
if (!$this->account->login_check()) {
return $response->withRedirect($this->router->pathFor('home'));
}
return $next($request, $response);
}
}
Use:
http_response_code(303);
header('Location: ' . $url);
exit;
I have implemented following code to run a code on before any action of any controller. However, the beforeFilter() function not redirecting to the route I have specified. Instead it takes the user to the location where the user clicked.
//My Listener
namespace Edu\AccountBundle\EventListener;
use Symfony\Component\DependencyInjection\Container;
use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
class BeforeControllerListener
{
public function onKernelController(FilterControllerEvent $event)
{
$controller = $event->getController();
if (!is_array($controller))
{
//not a controller do nothing
return;
}
$controllerObject = $controller[0];
if (is_object($controllerObject) && method_exists($controllerObject, "beforeFilter"))
//Set a predefined function to execute Before any controller Executes its any method
{
$controllerObject->beforeFilter();
}
}
}
//I have registered it already
//My Controller
class LedgerController extends Controller
{
public function beforeFilter()
{
$commonFunction = new CommonFunctions();
$dm = $this->getDocumentManager();
if ($commonFunction->checkFinancialYear($dm) == 0 ) {
$this->get('session')->getFlashBag()->add('error', 'Sorry');
return $this->redirect($this->generateUrl('financialyear'));//Here it is not redirecting
}
}
}
public function indexAction() {}
Please help, What is missing in it.
Thanks Advance
I would suggest you follow the Symfony suggestions for setting up before and after filters, where you perform your functionality within the filter itself, rather than trying to create a beforeFilter() function in your controller that is executed. It will allow you to achieve what you want - the function being called before every controller action - as well as not having to muddy up your controller(s) with additional code. In your case, you would also want to inject the Symfony session to the filter:
# app/config/services.yml
services:
app.before_controller_listener:
class: AppBundle\EventListener\BeforeControllerListener
arguments: ['#session', '#router', '#doctrine_mongodb.odm.document_manager']
tags:
- { name: kernel.event_listener, event: kernel.controller, method: onKernelController }
Then you'll create your before listener, which will need the Symony session and routing services, as well as the MongoDB document manager (making that assumption based on your profile).
// src/AppBundle/EventListener/BeforeControllerListener.php
namespace AppBundle\EventListener;
use Doctrine\ODM\MongoDB\DocumentManager;
use Symfony\Bundle\FrameworkBundle\Routing\Router;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
use AppBundle\Controller\LedgerController;
use AppBundle\Path\To\Your\CommonFunctions;
class BeforeControllerListener
{
private $session;
private $router;
private $documentManager;
private $commonFunctions;
public function __construct(Session $session, Router $router, DocumentManager $dm)
{
$this->session = $session;
$this->router = $router;
$this->dm = $dm;
$this->commonFunctions = new CommonFunctions();
}
public function onKernelController(FilterControllerEvent $event)
{
$controller = $event->getController();
if (!is_array($controller)) {
return;
}
if ($controller[0] instanceof LedgerController) {
if ($this->commonFunctions->checkFinancialYear($this->dm) !== 0 ) {
return;
}
$this->session->getFlashBag()->add('error', 'Sorry');
$redirectUrl= $this->router->generate('financialyear');
$event->setController(function() use ($redirectUrl) {
return new RedirectResponse($redirectUrl);
});
}
}
}
If you are in fact using the Symfony CMF then the Router might actually be ChainRouter and your use statement for the router would change to use Symfony\Cmf\Component\Routing\ChainRouter;
There are a few additional things here you might want to reconsider - for instance, if the CommonFunctions class needs DocumentManager, you might just want to make your CommonFunctions class a service that injects the DocumentManager automatically. Then in this service you would only have to inject your common functions service instead of the document manager.
Either way what is happening here is that we are checking that we are in the LedgerController, then checking whether or not we want to redirect, and if so we overwrite the entire Controller via a callback. This sets the redirect response to your route and performs the redirect.
If you want this check on every single controller you could simply eliminate the check for LedgerController.
.
$this->redirect() controller function simply creates an instance of RedirectResponse. As with any other response, it needs to be either returned from a controller, or set on an event. Your method is not a controller, therefore you have to set the response on the event.
However, you cannot really set a response on the FilterControllerEvent as it is meant to either update the controller, or change it completely (setController). You can do it with other events, like the kernel.request. However, you won't have access to the controller there.
You might try set a callback with setController which would call your beforeFilter(). However, you wouldn't have access to controller arguments, so you won't really be able to call the original controller if beforeFilter didn't return a response.
Finally you might try to throw an exception and handle it with an exception listener.
I don't see why making things this complex if you can simply call your method in the controller:
public function myAction()
{
if ($response = $this->beforeFilter()) {
return $response;
}
// ....
}
public function onKernelController(FilterControllerEvent $event)
{
$request = $event->getRequest();
$response = new Response();
// Matched route
$_route = $request->attributes->get('_route');
// Matched controller
$_controller = $request->attributes->get('_controller');
$params = array(); //Your params
$route = $event->getRequest()->get('_route');
$redirectUrl = $url = $this->container->get('router')->generate($route,$params);
$event->setController(function() use ($redirectUrl) {
return new RedirectResponse($redirectUrl);
});
}
Cheers !!
In my Application I'm using a init function to init an action
the init function validate the user input
(for example the user is looking for an product what not exist -> the init function should redirect him to an errorpage "product ... not found")
/**
* #Route("/route/{var}", name="xyzbundle_xyz_index")
* #Template("VendorXyzBundle:xyz:index.html.twig")
*/
public function indexAction ($var)
{
$xyz = $this->initxyz($var);
...
.. more code
.
}
And there is a private function in this controller that should validate the from url given parameter and if it is wrong (dont exist in database etc), the private function should redirect
private function init($var)
{
if($this->databasesearchforexyz($var)){
// redirect to Errorpage (No xyz found named ...)
return $this->redirect($this->generateUrl('xyz_error_...'));
}
if($this->checksomethingelse($var)){
// redirect to some other error page
}
}
Please note, these are not my real method/variable/path/etc. names.
The problem is, it is not redirecting.
You can check if the init function returns an actual response, then you can return it directly from the main code. Like this:
public function indexAction ($var)
{
$xyz = $this->initxyz($var);
if ($xyz instanceof \Symfony\Component\HttpFoundation\Response) {
return $xyz;
}
...
.. more code
.
}
Btw, if you only need to check database existance you can use symfony's paramconverter
Here's some suggestion.
Return true from the init function if there's no redirect and return false if there's a redirect.
Example:
private function init($var) {
if ($error) {
// An error occurred, redirect
$this->redirect($this->generateUrl('xyz_error_...'));
return false;
}
// Else, everything alright
return true;
}
public function indexAction ($var) {
if (!$this->init($var)) {
// Failed to init, redirection happening
return;
}
// Continue as normal
}
Using the answer of #alex88, I aggregate an exception and an exception listener to do the redirect. That avoid me to repeat the condition over and over again, because my function could redirect the user under different scenarios.
1. Controller
namespace AppBundle\Controller;
use AppBundle\Exception\UserHasToBeRedirectedException;
class DefaultController extends Controller
{
public function indexAction(...)
{
...
$this->userHasToBeRedirected();
...
}
private function userHasToBeRedirected()
{
...
if ($userHasToBeRedirected) {
$response = $this->redirect($this->generateUrl(...));
throw new UserHasToBeRedirectedException($response);
}
...
}
}
2. Exception
namespace AppBundle\Exception;
use Exception;
use Symfony\Component\HttpFoundation\Response;
class UserHasToBeRedirectedException extends Exception
{
private $response;
public function __construct(Response $response)
{
$this->response = $response;
}
public function getResponse()
{
return $this->response;
}
public function setResponse(Response $response)
{
$this->response = $response;
return $this;
}
}
3. Exception Listener
namespace AppBundle\EventListener;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
use AppBundle\Exception\UserHasToBeRedirectedException;
class ExceptionListener
{
public function onKernelException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
...
if ($exception instanceof UserHasToBeRedirectedException) {
$response = $exception->getResponse();
$event->setResponse($response);
}
...
}
}
4. Register the service at service.yml
...
appBundle.exception_listener:
class: AppBundle\EventListener\ExceptionListener
tags:
- { name: kernel.event_listener, event: kernel.exception }
...
For more information:
Symfony Documantation about Events