I am trying to impersonate via an external link. For example https://example.com/?_switch_user=email. So when clicking on a button it will redirect the user and impersonate immediately. That works fine. The issue is when i try to impersonate a new user, it results to a 500 error. As expected because there is a impersonation active. My question is: is it possible to first run https://example.com/?_switch_user=_exit on the background and then redirect to the new user externally.
This is my code so far:
/**
* #Route("/admin/client/{email}", name="client-impersonate")
*/
public function impersonate($email)
{
// first run someting to exit the active impersonation and then redirect below
return $this->redirect('https://example.com/?_switch_user='.$email);
}
My backup solution would be to create some kind of listener on example.com to first check if there is an active impersonation and "exit" that first.
But i was wondering if i can do it also with the code above. (before redirecting)
Related
My today goal is to make URL unavailable to other registered users if one of the user opened that URL and make it available when this user leaves it. Right now I have only idea how to block it - using cache, but problem is with unblocking as user can go everywhere or even just close the browser. I know that there is option for set cache timer, but in my case this is NOT an option - system must know if there is some user in that URL. Can someone help me with some ideas how to achieve this?
Only thing I can personally think of is using JWT or sessions to check if a logged in user is on that page, then a condition to check if the current user is not equal user that is trying to get on the page, and if it doesn't match just redirect that user to somewhere else.
export const blockAccess = expressAsyncHandler(async (req, res, next) => {
//check if the user is currently on the page
if (req.session.promoPage) {
//if they are, redirect new user's that're trying to access the page to the home page
if (req.session.promoPage.userId !== req.user.id) {
res.redirect('/')
}
}
next() //next here is a function that tells the program to move on to the next middleware function or route etc....
})
I have put my application down for maintenance using php artisan down command.
My custom maintenance page as a email input to accept the email from the user and store in my database to notify the user when the site is back up and running again.
But when I submit the form using POST, I get redirected to the maintenance mode page.
I want one particular route to bypass the maintenance mode. Is it possible?
Okay so I found a way to go about this problem.
In my app/routes file, I have a route as follows:
// app/routes.php
Route::resource('subscriber', 'SubscriberController');
Now this will route will match any request URI for the form subscriber*
In my app/start/global.php file, I did the following inside App::down()
// app/start/global.php
App::down(function() {
if(Request::is('subscriber*')) {
return null;
}
return Response::view('maintenance', array(), 503);
})
Now only for URIs of starting with subscriber, the maintenance mode page will not be displayed.
:D
I am in the process of building a website (via MODx), and I don't want "non-logged in" users to be able to see the home page, but instead be redirected to an "under construction" page.
In my snippet, this is what I have so far:
<?php
if (! $modx->user->hasSessionContext($modx->context->get('key')) ) {
$modx->sendRedirect('https://google.com');
} else {
return '';
}
Sadly, this appears to not do anything, regardless of whether or not the user is logged in. (It apppears to be a problem with the second line, the actual redirect worked fine when I tested it)
I am unable to figure out what is wrong, and any help is greatly appreciated!
The snippet that is in the page is [[!notloggedin]]
These are right out of Bob's guides, but basically what you want to do is check to see if the user has an ID or username, if not, they are not logged in.
You probably want to do a bit of digging and see if you can implement your redirect in a plugin rather than a snippet possibly an onRequest event - so you are not rendering the page/resource before you discover that the user needs to be redirected.
There are various methods. One easy method is to use this code:
if ($modx->user->get('username') == '(anonymous)') {
/* user is not logged in */
}
Here is the official method for seeing if the user is logged in to the current context:
if ($modx->user->hasSessionContext($modx->context->get('key'))) {
/* user is logged in */
}
If you know the name of the current context (e.g., web), you can use this method. The name of the context is required:
if $modx->user->isAuthenticated('web') {
/* user is logged in to web context */
}
If your site is simply not yet ready to be publicly available, MODX already allows for this.
See the following System Settings:
site_status
site_unavailable_message
site_unavailable_page
Alternatively, just set all your resources to 'unpublished', except for your custom error page. Logged in users will still be able to view all resources.
So I've got a Backbone application + web homepage. Right now, if you login to my website, I create a global object with your user details from the database. However, you can still just hit one of the routes in the application directly.
How should I handle users who are not "logged in" and redirect them to a "you must login page"?
Is this a standard operation? Basically, I have a REST url setup that returns just
{ sessionId: [php-session-id-here] }
If they are logged in, it would return something more like this:
{
sessionId: [php-sess-id],
userId: [user-id-from-db],
firstName: [f-name],
lastName: [l-name]
}
Ideas? Thanks!
What I've done in the past is to include on every page along with jQuery (actually, added to the jQuery file) an extension on the AJAX method to check for a custom code that I send when a user isn't logged in. When that value was seen it redirected the user to the login page regardless of what was going down.
This was because that site had a time out on login, so a user could get logged out while sitting on a page and then the AJAX request would just fail. If you don't have a timeout on the login the odds of ever seeing this issue are slim. Just ignore requests that come from users that aren't logged in.
If you need help coding this, start here: Extending Ajax: Prefilters, Converters, and Transports.
Really shouldn't require anything as complex as pseudo-code:
JS needs to do some AJAX, so JS talks to server
PHP checks for login if needed
If not logged in, send back the abort message (I used a converter to catch a "notLoggedIn" dataType. However this could also be done with a transport, they are just more complex.)
JS sees the abort message and does a window.location redirect rather than return AJAX message.
If you want, you could load a lightbox with a login form and send that via AJAX to PHP where a re-login can take place, if you remember the AJAX attempt that failed you can send it again after login. Then the user doesn't even need to leave the page to log back in.
If you're using jQuery, you can set a global ajaxSetting that allows you to do certain things upon certain http codes. Some pages I read recommend adding to your JSON a url field to point to where to login, but I figure that's just up to you. So the only modifications you'd need to implement what I've mentioned is 1. change the http code to something reasonable like 401 (unauthorized) and implement the http code handler. But I wouldn't call this standard, I'd just say that's what several people have done (including myself).
<?php
function IsLoggedIn()
{
if(isset($_SESSION['id'])) // Change that to what you want
{
return 1;
}
else
{
return 0;
}
}
?>
Then in your code, you could use something like:
if(isLogged()){ header('Location: http://google.com'); }
With Symfony's Action Security if a user has not been identified he will be forwarded to the default login action as defined in the applications settings.yml file. How would I forward the user to the originally requested action after the user is successfully authenticated?
On first hit to your login action, store referer to the user session:
if(!$this->getUser()->hasParameter('referer'))
{
$this->getUser()->setParameter('referer',$this->getRequest()->getReferer());
}
and then when login succeeds, redirect user to stored referer with:
$this->redirect($this->getUser()->getParameter('referer'));
You have complete example in sfGuardPlugin:
http://www.symfony-project.org/plugins/sfGuardPlugin
More simply...
$this->getUser()->setReferer($this->getRequest()->getReferer());
like
setReferer($referer)
{
if (!$this->hasAttribute('referer'))
$this->setAttribute('referer', $referer);
}
A related problem, but instead trying to perform the forward from a different action:
If you have an action protected by sfGuard which is attempting to redirect to the referrer, you will get a redirect loop after signing in. This is because the sign-in page of sfGuard wil become the referrer. A parameter or attribute can be saved over multiple requests if stored in the sign-in action as above, meaning the action might be redirecting to an incorrect page if already signed in. The solution is to use a flash which will be forgotten. This can be accomplished with the following code in the executeSignin method of sfGuardAuthActions:
if ($this->getUser()->hasFlash('referer'))
{
$this->getUser()->setFlash('referer', $this->getUser()->getFlash('referer'));
}
else
{
$this->getUser()->setFlash('referer', $this->getRequest()->getReferer());
}
By resetting the flash in the first block, it won't be forgotten between login attempts, and by using a flash, signing in from other pages can't interfere with your action.