I have made PHP Slim server. Authentication for it and CSRF.
I want to use it as a REST Server.
I have a created an App using IonicFramework which uses Angular.
I want to authenticate myself with this code
let hheaders:Headers=new Headers();
hheaders.append('Access-Control-Allow-Origin' , '*');
hheaders.append('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT');
hheaders.append('Accept','application/json');
let options = new RequestOptions({ headers:hheaders});
let data = new FormData();
data.append("email", this.myForm.email);
data.append("password", this.myForm.password);
data.append("csrf_name", this.myForm.csrf_name);
data.append("csrf_value", this.myForm.csrf_value);
return this.http.post('http://10.1.3.101:8088/public/auth/signinservice',data,this.options)
.map(res => res.json())
.toPromise();
But I always get Failed CSRF check! I do not know what is the problem. At this point the Slim Server is basic. It is very simple and similar to this Github project with new methods in AuthController.php
like
public function getSignInService($request, $response){
$nameKey = $this->csrf->getTokenNameKey();
$valueKey = $this->csrf->getTokenValueKey();
$name = $request->getAttribute($nameKey);
$value = $request->getAttribute($valueKey);
$tokenArray = [
$nameKey => $name,
$valueKey => $value
];
return $response->write(json_encode($tokenArray));
}
and
public function postSignInService($request, $response, $args){
$auth = $this->auth->attempt(
$request->getParam('email'),
$request->getParam('password')
);
if(!$auth){
$data = array('status' => 'error');
$newResponse = $response->withJson($data, 203);
return $newResponse;
}
$data = array('status' => 'Successful login');
$newResponse = $response->withJson($data, 200);
return $newResponse;
}
and added routes for the methods.
How could i successfully authenticate with Ionic v3 and Angular v5?
Related
I am currently building a Financial micro service application using Laravel/Lumen micro framework.Everything have been working perfectly as expected. My problem now is that i am trying to make a network request to my internal services via Api call from ApiGateway using GuzzleHttp client. The problem is that when i make request to the internal service, it always throws an exception of ClientException.
ClientException.
Client error: GET http://127.0.0.1:8081/v1/admin resulted in a 401
Unauthorized response: {"error":"Unauthorized.","code":401}
I have tried to make network request to the same internal services using postman; and it works fine. However, for some reason still fail to work with GuzzleHttp. I don't know what i am doing wrong. Please your assist will be appreciated.
Here is the httpClient.php in ApiGateway.
//Constructor method
public function __construct() {
$this->baseUri = config('services.auth_admin.base_uri');
}
public function httpRequest($method, $requestUrl, $formParams = [], $headers = []) {
//Instantiate the GazzleHttp Client
$client = new Client([
'base_uri' => $this->baseUri,
]);
//Send the request
$response = $client->request($method, $requestUrl, ['form_params' => $formParams, 'headers' => $headers]);
//Return a response
return $response->getBody();
}
//Internal Service Communication in ApiGateway**
public function getAdmin($header) {
return $this->httpRequest('GET', 'admin', $header);
}
InternalServiceController.php
public function getAdmin(Request $request) {
return $this->successResponse($this->authAdminService->getAdmin($request->header()));
}
I am using Lumen version: 5.8 and GuzzleHttp Version: 6.3
You pass your headers as formParams (third index instead of fourth).
Try below:
return $this->httpRequest('GET', 'admin', [], $header);
I am making some assumptions here which I hope should be helpful to you.
PHP does not support skipping optional parameters and thus you should pass an empty array [] when calling httpRequest().
public function httpRequest($method, $requestUrl, $formParams = [], $headers = [], $type='json', $verify = false) {
//Instantiate the GazzleHttp Client
$client = new Client([
'base_uri' => $this->baseUri,
]);
//the request payload to be sent
$payload = [];
if (!$verify) {
$payload['verify'] = $verify; //basically for SSL and TLS
}
//add the body to the specified payload type
$payload[$type] = $formParams;
//check if any headers have been passed and add it as well
if(count($headers) > 0) {
$payload['headers'] = $headers;
}
//Send the request
$response = $client->request($method, $requestUrl, $payload);
//Return a response
return $response->getBody();
}
Now you need to call it in this manner when you are not passing in any form_params or body
//Internal Service Communication in ApiGateway**
public function getAdmin($header) {
return $this->httpRequest('GET', 'admin', [], $header);
}
I've been struggling with this for hours now, if not days and can't seem to fix it.
My Requests to Cloud Functions are being denied with error code: 401: UNAUTHENTICATED.
My Code is as follow:
putenv('GOOGLE_APPLICATION_CREDENTIALS=' . FIREBASE_SERIVCE_PATH);
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->addScope(Google_Service_CloudFunctions::CLOUD_PLATFORM);
$httpClient = $client->authorize();
$promise = $httpClient->requestAsync("POST", "<MyCloudFunctionExecutionUri>", ['json' => ['data' => []]]);
$promise->then(
function (ResponseInterface $res) {
echo "<pre>";
print_r($res->getStatusCode());
echo "</pre>";
},
function (RequestException $e) {
echo $e->getMessage() . "\n";
echo $e->getRequest()->getMethod();
}
);
$promise->wait();
I'm currently executing this from localhost as I'm still in development phase.
My FIREBASE_SERIVCE_PATH constant links to my service_account js
My Cloud Function index.js:
const functions = require('firebase-functions');
const admin = require('firebase-admin');
admin.initializeApp();
// CORS Express middleware to enable CORS Requests.
const cors = require('cors')({
origin: true,
});
exports.testFunction = functions.https.onCall((data, context) => {
return new Promise((resolve, reject) => {
resolve("Ok:)");
});
});
// [END all]
My Cloud Function Logs:
Function execution took 459 ms, finished with status code: 401
What am I doing wrong so I get Unauthenticated?
PS: My testFunction works perfectly when invoked from my Flutter mobile app who uses: https://pub.dartlang.org/packages/cloud_functions
Update:
I have followed this guide: https://developers.google.com/api-client-library/php/auth/service-accounts but in the "Delegating domain-wide authority to the service account" section, it only states If my application runs in a Google Apps domain, however I wont using Google Apps domain, and plus I'm on localhost.
First of all thanks to Doug Stevenson for the answer above! It helped me to get a working solution for callable functions (functions.https.onCall).
The main idea is that such functions expect the auth context of the Firebase User that already logged in. It's not a Service Account, it's a user record in the Authentication section of your Firebase project. So, first, we have to authorize a user, get the ID token from response and then use this token for the request to call a callable function.
So, below is my working snippet (from the Drupal 8 project actually).
use Exception;
use Google_Client;
use Google_Service_CloudFunctions;
use GuzzleHttp\Psr7;
use GuzzleHttp\Psr7\Request;
use GuzzleHttp\Promise;
use GuzzleHttp\RequestOptions;
$client = new Google_Client();
$config_path = <PATH TO SERVICE ACCOUNT JSON FILE>;
$json = file_get_contents($config_path);
$config = json_decode($json, TRUE);
$project_id = $config['project_id'];
$options = [RequestOptions::SYNCHRONOUS => TRUE];
$client->setAuthConfig($config_path);
$client->addScope(Google_Service_CloudFunctions::CLOUD_PLATFORM);
$httpClient = $client->authorize();
$handler = $httpClient->getConfig('handler');
/** #var \Psr\Http\Message\ResponseInterface $res */
$res = $httpClient->request('POST', "https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=<YOUR FIREBASE PROJECT API KEY>", [
'json' => [
'email' => <FIREBASE USER EMAIL>,
'password' => <FIREBASE USER PASSWORD>,
'returnSecureToken' => TRUE,
],
]);
$json = $res->getBody()->getContents();
$data = json_decode($json);
$id_token = $data->idToken;
$request = new Request('POST', "https://us-central1-$project_id.cloudfunctions.net/<YOUR CLOUD FUNCTION NAME>", [
'Content-Type' => 'application/json',
'Authorization' => "Bearer $id_token",
], Psr7\stream_for(json_encode([
'data' => [],
])));
try {
$promise = Promise\promise_for($handler($request, $options));
}
catch (Exception $e) {
$promise = Promise\rejection_for($e);
}
try {
/** #var \Psr\Http\Message\ResponseInterface $res */
$res = $promise->wait();
$json = $res->getBody()->getContents();
$data = json_decode($json);
...
}
catch (Exception $e) {
}
Callable functions impose a protocol on top of regular HTTP functions. Normally you invoke them using the Firebase client SDK. Since you don't have an SDK to work with that implements the protocol, you'll have to follow it yourself. You can't just invoke them like a normal HTTP function.
If you don't want to implement the protocol, you should instead use a regular HTTP function, and stop using the client SDK in your mobile app.
Im currently building a login system using angular 2 framework (ionic). This login have 2 post data which are:
Email
Password
I've built the API and ran using postman. Everything is fine. It's returning desired response. But the angular 2 POST doesnt seems to do what it should do. For example this is my request code:
var data = JSON.stringify({email: email, password: password});
this.http.post('https://dev.domain.com/api/login', data)
.subscribe(
res => {
console.log(res);
loading.dismiss();
},
err => {
console.log("Error occured");
loading.dismiss();
}
);
Laravel returns 200 response and desired data but Angular 2 is always identifying the response as error. This is my Laravel codes:
public function login(Request $request) {
$data = $request->json()->all();
$email = $data['email'];
$password = $data['password'];
if (Auth::attempt(['email' => $email, 'password' => $password])) {
$user = User::where('email', $email)->first();
return response()->json(['data' => $user])->header('Content-Type', 'application/json');
} else {
$returnData = array(
'status' => 'error',
'message' => 'An error occurred!'
);
return response()->json($returnData, 500)->header('Content-Type', 'application/json');
}
}
I tried installing CORS plugin. Still seems to not solve this issue.
Can anyone help me on this? Thanks
Change your HTTP status code From 500 to 200 or leave empty.
return response()->json($returnData, 200)->header('Content-Type', 'application/json');
OR
return response()->json($returnData)->header('Content-Type', 'application/json');
I am creating rest api for symfony 2,but not able to pass JSON data to post method. $userform->isValid()always failed.
curl -v -H "Accept: application/json" -X POST -d '{"username":"hitesh","userpassword":"hitesh123"}' http://localhost/us/serenify/web/app_dev.php/user/login
This is the data I am passing for test purpose.
public function loginAction(Request $request)
{
return $this->processForm(new User(),$request);
}
private function processForm(User $user,$request)
{
$userform = $this->createForm(new UserType(), $user);
$content = $this->getRequest();
$userform->submit($content);
$key = md5(microtime().rand());
if ($userform->isValid())
{
if(trim($data['username'])=="" || trim($data['userpassword']==""))
{
$data=array(
"success"=>'false',
"msg"=>'username or password is blank'
);
$response = new Response(json_encode($data));
$response->setStatusCode(203);
$response->headers->set('Content-Type', 'application/json');
}
else
{
$username=trim($data['username']);
$userpassword=trim(md5($data['userpassword']));
$user = $this->getDoctrine()
->getRepository('SerenifyUserBundle:User')
->findOneBy(array('username' => $username, 'userpassword' => $userpassword));
if (!$user)
{
$data=array(
"success"=>'false',
"msg"=>'username or password is wrong'
);
$response = new Response(json_encode($data));
$response->setStatusCode(404);
$response->headers->set('Content-Type', 'application/json');
}
else
{
$data=array(
"success"=>'true',
"msg"=>'user has sucessfully logged in',
"username" => $username,
"sessionis" => $key,
);
$response = new Response(json_encode($data));
$response->setStatusCode(404);
$response->headers->set('Content-Type', 'application/json');
}
$response = new Response(json_encode($data));
}
}
else
{
$data=array(
"success"=>'false',
"msg"=>'invalid form content'
);
$response = new Response(json_encode($data));
$response->setStatusCode(404);
$response->headers->set('Content-Type', 'application/json');
}
return $response;
}
Above is my controller code.
When I print request value is does not show in JSON format.
Anyway to test or pass JSON data? I am creating login functionality.
FOSRestBundle was created for these purposes. And I think you should start to use it in your project. It has no overhead and is easy to use.
https://github.com/FriendsOfSymfony/FOSRestBundle
Regards.
I recently have had a need to something like this as I am extensively using AngularJS whose $http service sends data as JSON to my controllers.
I found a solution by implementing service which listens to incoming requests unpacks JSON and exposes it to Request object.
Check "The right way" section of this link.
I'm trying to build an API with api key and secret using laravel and guzzle. I am building both the api and the client using laravel.
I have a problem when I try to access a simple controller to get a json with a list of users from the database. It works fine when I'm not using the authentication, it fails when I do beacause I need to change to using post method so that the api gets the secret and the app_id:
GuzzleHttp \ Exception \ ServerException (500)
Server error response [url] http://myapi.api/api/v1/users [status code] 500 [reason phrase] Internal Server Error
On my client:
$_app_id = 'APP001';
$_app_key = '28e336ac6c9423d946ba02d19c6a2632';
$_api_url = 'http://myapi.api/api/v1/users';
$enc_request = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $_app_key, json_encode($request_params), MCRYPT_MODE_ECB));
$params = array();
$params['enc_request'] = $enc_request;
$params['app_id'] = $_app_id;
$client = new GuzzleHttp\Client();
$result = $client->post($_api_url, array(
'body' => $params
));
$res=$result->json();
var_dump($res);
On my API:
Route::group(array('prefix' => 'api/v1'), function(){
Route::resource('users', 'UsersController');
});
Route::filter('my.filter', function()
{
$applications = array(
'APP001' => '28e336ac6c9423d946ba02d19c6a2632', //randomly generated app key
);
try {
$enc_request = $_REQUEST['enc_request'];
$app_id = $_REQUEST['app_id'];
if( !isset($applications[$app_id]) ) {
throw new Exception('Application does not exist!');
}
$params = json_decode(trim(mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $applications[$app_id], base64_decode($enc_request), MCRYPT_MODE_ECB )));
if( $params == false ){
throw new Exception('Request is not valid');
$result['success'] = false;
}else{
$result['success'] = true;
}
} catch( Exception $e ) {
$result = array();
$result['success'] = false;
$result['errormsg'] = $e->getMessage();
}
if($result['success']==false){
return Response::make('Unauthorized', 401);
//I have tested and the APP never gets inside here, authentication is correct
}
});
My controller:
class UsersController extends BaseController {
public function index()
{
$users = User::orderBy('username', 'asc');
return Response::json(array(
'error' => false,
'users' => $users->get()->toArray()),
200
);
}
}
If I remove the filter and simply change post to get on my client, I can see the json that comes from my users controller. As soon as I change it back to post, I get my error again.
Route resource uses the store method to post to the same uri as the index method. As stated within here and scrolling down to the 'Actions Handled By Resource Controller' part.
I ended up changeing body to query and it worked fine as it was and could use the resource classes and guzzle at the same time.