I try to understand how ACL works but even if I set them for an item ($client in this case), everybody has access.
SET ACL
public function setACL($repository, $mask, $selectUser = false)
{
$objectIdentity = ObjectIdentity::fromDomainObject($repository);
$acl = $this->aclProvider->createAcl($objectIdentity);
if($selectUser === false){
$user = $this->tokenStorage->getToken()->getUser();
}else{
$user = $this->entityManager->getRepository('AppBundle:User')->find($selectUser);
}
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$acl->insertObjectAce($securityIdentity, $mask);
$this->aclProvider->updateAcl($acl);
return;
}
$selectUser is for setting it manually (via Console Comannd etc.) does it work that way at all?
GET ACL
public function getACL($repository, $granted)
{
if (is_array($repository)) {
foreach ($repository as $rp) {
if (false === $this->authorizationChecker->isGranted($granted, get_class($rp))) {
$this->get('log')->writeLog('Access denied.', __LINE__, 3);
return new JsonResponse(array(
'result' => 'error',
'message' => 'Not allowed'
));
}
}
} else {
if (false === $this->authorizationChecker->isGranted($granted, get_class($repository))) {
$this->get('log')->writeLog('Access denied.', __LINE__, 3);
return new JsonResponse(array(
'result' => 'error',
'message' => 'Not allowed'
));
}
}
return true;
}
Set ACL for $client
$this->get('global_functions')->setACL($client, MaskBuilder::MASK_OWNER);
But when I try to
Get ACL
$this->get('global_functions')->getACL($client, 'VIEW');
I get access with whatever user I am trying this...
Where am I wrong?
Solved it myself...
$this->authorizationChecker->isGranted($granted, get_class($repository)) should be $this->authorizationChecker->isGranted($granted, $repository)
Related
I would like to save sessions and cookies as discord does. What i mean? I mean when user sign in to discord account on browser and delete all cookies/session on browser by clicking padlock and cookies. When that will deleted everytime session file is created. And when i refresh site i was still logged on account. I want do something on this same way but when i use session, cookies, Header (to header i cant add expires date) And delete cookies by this same way it not adding that again because my script cant get any information about user. I thinking to do a JavaScript while to add every second sessionstorage or localstorage. And check that everytime when user open site but that is not good for optimalization. So anyone had idea how to do that?
Update
CreateInfo.php
<?php
namespace Client\Info;
use Client\Info\CheckInfo;
use Client\Info\SetInfo;
class CreateInfo
{
public function __construct()
{
$this->checkInfo = new CheckInfo();
$this->setInfo = new SetInfo();
$this->status = $this->checkInfo->getStatus();
}
public function control()
{
if($this->status['session'] && $this->status['cookie'] && $this->status['sameCookieSession']){
if(!$this->checkInfo->checkIpStatus()){
$this->setInfo->addIp(true, true, true);
}
}else if($this->status['session'] && $this->status['cookie'] && !$this->status['sameCookieSession']){
$this->setInfo->addCookie(true);
if(!$this->checkInfo->checkIpStatus()){
$this->setInfo->addIp(true, true, false);
}
}else if($this->status['session'] && !$this->status['cookie']){
$this->setInfo->addCookie(true);
if(!$this->checkInfo->checkIpStatus()){
$this->setInfo->addIp(true, false, false);
}
}else if(!$this->status['session'] && $this->status['cookie']){
$this->setInfo->addSession(true);
if(!$this->checkInfo->checkIpStatus()){
$this->setInfo->addIp(false, true, false);
}
}else{
$this->setInfo->setAll();
}
}
public function run()
{
$this->control();
}
}
CheckInfo.php
<?php
namespace Client\Info;
use Client\Info\InfoDatabase;
use Client\Cookie\CookieFunction;
use Client\Session\SessionFunction;
use Client\Ip\IpFunction;
class CheckInfo
{
public function __construct()
{
$this->infoDatabase = new InfoDatabase();
$this->cookieFunction = new CookieFunction();
$this->sessionFunction = new SessionFunction();
$this->ipFunction = new IpFunction();
$this->session = $this->sessionFunction->getSession('client');
$this->cookie = $this->cookieFunction->getCookie('client');
}
public function checkExist($data)
{
if(!isset($data) || empty($data)){
return false;
}
if(!$this->infoDatabase->checkExistInDb($data)){
return false;
}
return true;
}
public function getStatus()
{
if($this->checkExist($this->cookie)){
if($this->checkExist($this->session)){
if($this->cookie == $this->session){
return[
'session' => true,
'cookie' => true,
'sameCookieSession' => true
];
}else{
return[
'session' => true,
'cookie' => true,
'sameCookieSession' => false
];
}
}else{
return[
'session' => false,
'cookie' => true,
'sameCookieSession' => false
];
}
}else{
if($this->checkExist($this->session)){
return[
'session' => true,
'cookie' => false,
'sameCookieSession' => false
];
}else{
return[
'session' => false,
'cookie' => false,
'sameCookieSession' => false
];
}
}
}
public function checkIpStatus()
{
$ip = $this->ipFunction->getIp();
$result = false;
if($this->getStatus()['session']){
$result = $this->infoDatabase->checkExistIpInDb($this->session, $ip);
}else if($this->getStatus()['cookie']){
$result = $this->infoDatabase->checkExistIpInDb($this->cookie, $ip);
}
return $result;
}
}
SetInfo.php
<?php
namespace Client\Info;
use Client\Info\InfoDatabase;
use Client\Cookie\CookieFunction;
use Client\Session\SessionFunction;
use Client\Ip\IpFunction;
use Client\Currency\CurrencyFunction;
use App\Element\Random\RandomString;
class SetInfo
{
public function __construct()
{
$this->infoDatabase = new InfoDatabase();
$this->cookieFunction = new CookieFunction();
$this->sessionFunction = new SessionFunction();
$this->ipFunction = new IpFunction();
$this->currencyFunction = new CurrencyFunction();
$this->randomString = new RandomString();
$this->cookie = $this->cookieFunction->getCookie('client');
$this->session = $this->sessionFunction->getSession('client');
}
public function addIp($session, $cookie, $sameCookieSession)
{
$ip = $this->ipFunction->getIp();
if($sameCookieSession){
$this->infoDatabase->addIp($this->cookie, $ip);
}else{
if($session){
$this->infoDatabase->addIp($this->session, $ip);
}else if($cookie){
$this->infoDatabase->addIp($this->cookie, $ip);
}
}
}
public function addCookie($session)
{
if($session){
$this->cookieFunction->setCookie('client', $this->session);
}
}
public function addSession($cookie)
{
if($cookie){
$this->sessionFunction->setSession('client', $this->cookie);
}
}
public function setAll()
{
$rand = $this->randomString->generate(128);
$ip = $this->ipFunction->getIp();
$currency = $this->currencyFunction->getCurrencyCode();
$this->infoDatabase->addCookie($rand);
$this->infoDatabase->addIp($rand, $ip);
$this->infoDatabase->addCurrency($rand, $currency);
$this->cookieFunction->setCookie('client', $rand);
$this->sessionFunction->setSession('client', $rand);
}
}
I am trying to create a login script using CodeIgniter and the REST Controller (https://github.com/philsturgeon/codeigniter-restclient) however; I keep getting a null response from my model
this is my model function
public function login($data)
{
$checkEmail = $this->db->get_where('users', array('email' => $data['email']));
$emailRow = $checkEmail->row();
if(isset($emailRow)) {
if (password_verify($data['password'], $emailRow->password)) {
return $emailRow->id;
} else {
return false;
}
} else {
return false;
}
}
this is my controller
public function login_post()
{
$this->load->model('User_model');
$data = $this->_post_args;
if($this->form_validation->run() === FALSE) {
//does some unnecessary stuff thats pointless showing
$this->set_response([
'status' => FALSE,
'error' => $error
], REST_Controller::HTTP_BAD_REQUEST);
} else {
$login = $this->User_model->login($data);
if($login === TRUE) {
$user = $this->User_model->getUser($login);
$this->set_response([
'status' => TRUE,
'user' => $user
], REST_Controller::HTTP_ACCEPTED);
} else {
$this->set_response([
'status' => FALSE,
'error' => 'Nope'
], REST_Controller::HTTP_BAD_REQUEST);
}
}
}
everytime i run this, i get the 'nope' error message and $login is returning as null if i var_dump it? anybody got any ideas?
In your controller you are checking:
if($login === TRUE) {
Unfortunately, for your controller, the model will NEVER return TRUE so your code falls into your else{} block every single time.
Your model only returns FALSE or the value of $emailRow->id
As an immediate fix, you can try:
if($login !== FALSE) {
Welcome,
I wrote login system, it works but i think it is so bad code quality. Too many if. I want separate this code, cut down if amount and create some 'error login message' code. I need some tip to rewrite this controller method. It made my code more testable and pretty.
Thanks for every answer
/**
* #Route("/login", name="login")
*/
public function loginAction(Request $request)
{
$session = new Session();
if ($request->getMethod() == 'POST') {
$userData = $request->request->all();
$newUser = new User();
$foundUser = $this->getDoctrine()->getRepository('CmsUserBundle:User')->loadUsername($userData['username']);
if ($foundUser != null) {
$encodedPassword = md5($this->get('security.password_encoder')->encodePassword($newUser, $foundUser->getSalt()));
if ($encodedPassword == $foundUser->getPassword() && $foundUser->getIsActive() == true) {
$role = $this->getDoctrine()->getRepository('CmsUserBundle:Role')->findBy(array('id' => $foundUser->getRoles()))[0];
if($role->getIsActive() === TRUE) {
$token = new UsernamePasswordToken($foundUser, $foundUser->getPassword(), 'default', array($role->getRole()) );
$this->get('security.token_storage')->setToken($token);
$session->getFlashBag()->add('success', 'Pomyślnie zalogowano');
return $this->redirect($this->generateUrl('index'));
}
$session->getFlashBag()->add('success', 'Role access can recent disbaled');
} else {
$session->getFlashBag()->add('success', 'Invalid password or login');
}
} else {
$session->getFlashBag()->add('success', 'Bad data');
}
}
return $this->render('CmsUserBundle:Default:login.html.twig',
array(
'sessions' => $session->getFlashBag()->get('success'),
)
);
}
I am trying to block a user from logging in if they do not have a certain group# (permission level) is a user has the permission level of 1(bench) or 6(denied) I want a message to show up and kill the code, not allowing them to login - or allowing them to login enough to where the code recognizes they do not have permission and then stopping it, then showing the message.
As of now I have it set up as a redirect back to the index page (sign in page), but do not know how to get a message to display in that fashion.
I am trying to do it the following way, but am getting a non object error. Is there a better way to do it or am I just doing something wrong with the code?
The following code is giving me the error
Fatal error: Call to a member function hasPermission() on a non-object:
$denied_message = "You have been denied from using the site";
if($user->hasPermission('denied')) {
die($denied_message);}
$validate = new Validate();
$validation = $validate->check($_POST, array(
'username' => array('required' => true),
'password' => array('required' => true)
));
// added this line in
//if($user->hasPermission('1')) {
// die($permissionError);}
//Added to display denied users
$denied_message = "You have been denied from using the Sunday Funday League";
if($user->hasPermission('denied')) {
die($denied_message);}
if($validation->passed()) {
$user = new User();
$remember = (Input::get('remember') === 'on') ? true : false;
$login = $user->login(Input::get('username'), Input::get('password'), $remember);
if($login) {
Redirect::to('userIndex.php');
} else {
$tryagain = '<span class="signinpanel">' . "The information you entered did not match our records." . '</span>';
}
} else {
foreach($validation->errors() as $error) {
echo $error, '<br>';
}
}
}
}
Code for my permissions in my user class.
public function hasPermission($key) {
$group = $this->_db->get('groups', array('id', '=', $this->data()->group));
if($group->count()) {
$permissions = json_decode($group->first()->permissions, true);
if($permissions[$key] == true) {
return true;
}
}
return false;
}
Showing where $user is defined in user class.
public function __construct($user = null) {
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
if(!$user) {
if(Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if($this->find($user)) {
$this->_isLoggedIn = true;
} else {
// process Logout
}
}
} else {
$this->find($user);
}
}
I'm trying to make authentication with Laravel and MongoDB.
The problem is in my controller. This code does not make authentication :
if(!Input::exists('username') or !Input::exists('password')) {
App::abort(403, 'Forbidden request');
}
$credentials = array(
'username' => Input::get('username', null),
'password' => Input::get('password', null),
);
if(Auth::validate($credentials)) {
return 'Success';
} else {
return 'Failed';
}
But this one just works fine:
if(!Input::exists('username') or !Input::exists('password')) {
App::abort(403, 'Forbidden request');
}
$credentials = array(
'username' => Input::get('username', null),
'password' => Input::get('password', null),
);
$users = User::all();
$found = false;
foreach($users as $user) {
if($user->username == $credentials['username']
and Hash::check($credentials['password'], $user->password)) {
$found = true;
break;
}
}
if($found) {
return 'Success';
} else {
return 'Failed';
}
Both controllers are given the same username and password. First one always prints Failed, but second one gives true results.
The problem is you are using Auth::validate which only checks if the credentials are correct, but does not log the user in. You need to use Auth::attempt for a complete login. See the docs here http://laravel.com/docs/security#authenticating-users .
OK, Always remember that your model has to implement UserInterface.