I'm using Doctrine 1.2 with Zend Framework 1 .
I have a lot of controllers and I have left sidebar and right sidebar inside my layout, and I have visitors and authentication users within active session .
I have done a basic caching method like :
$frontend= array('lifetime' => 3600);
$backend= array('cache_dir' => '/data/cache/FileName');
$cache = Zend_Cache::factory('core', 'File', $frontend, $backend);
if ((!$result = $cache->load('fileName'))) {
/* my code here*/
$cache->save($page, 'fileName');
} else {
$this->_helper->viewRenderer->setNoRender();
$this->getResponse()->appendBody($result);
}
But every time I need to cash page in controllers I repeat this code in every controller so I would like to create helper to manage my cash for all cases and scenarios with set of parameters like (file Name, life time, is log in user, other) and cashing files from layout like left sidebar and able to delete cash files .
so I call methods only from my controllers and handle it from one place .
What is the best way to build this caching technique helper in Zend framework and if you have any
examples please help me and provide me with best way to build it.
Thanks.
you can use Zend_Cache_Frontend_Page and start your the caching in your zend bootstrap.php.
like :
$frontendOptions = array(
'lifetime' => '604800000',
'content_type_memorization' => false,
'default_options' => array(
'cache' => true,
'make_id_with_cookie_variables' => false,
'make_id_with_session_variables' => false,
'cache_with_get_variables' => true,
'cache_with_post_variables' => true,
'cache_with_session_variables' => true,
'cache_with_files_variables' => true,
'cache_with_cookie_variables' => true,
),
'regexps' => array(
'$' => array('cache' => true),
)
);
$backendOptions = array('cache_dir' => $yourDirectoryPath);
$cache = Zend_Cache::factory('Page', 'File', $frontendOptions, $backendOptions);
$cache->start();
Follow the tutorial from Zend Cache manual
http://framework.zend.com/manual/1.12/en/zend.cache.theory.html
Do you really need to cache the pages, why not just cache the expensive data?
In Zend Framework 1, plugins are loaded on every controller,ZF1 Custom Plugins
or use Action helpers in only in certain places ZF1 Action Helpers
Related
I am using the Silex / Symfony security service and try to implement a automatic login when the specific parameters are passed in the request query.
I've looked into the modules and also search on the internet for a solution and always found something like the following:
$user = (new \Portal\UserProvider($app['databases']['read']))->loadUserByUsername($subscriber_id);
$token = new \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken($user, $user->getPassword(), 'secured', $user->getRoles());
$app['security.token_storage']->setToken($token);
Unfortunately, this does not work for my app. I don't know whats wrong but the security module keeps redirecting me to /login/ as specified in the registration process:
/**
* Registers the security firewall.
*/
private function registerSecurity()
{
$this->register(new \Silex\Provider\SecurityServiceProvider(), array(
'security.firewalls' => array(
'login' => array(
'pattern' => '^/(login/|terms|imprint|animation|error)',
),
'secured' => array(
'pattern' => '^/',
'form' => array(
'login_path' => '/login/',
'check_path' => '/login_check'
),
'logout' => array(
'logout_path' => '/logout'
),
'users' => $this->share(function () {
return new \Portal\UserProvider($this['databases']['read']);
}),
),
'unsecured' => array(
'anonymous' => true
),
),
'security.encoder.digest' => $this->share(function () {
return new \Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder('sha1', false, 1);
}),
'security.access_rules' => array(
array('^/login', 'ROLE_GUEST'),
),
'security.role_hierarchy' => $this->share(function () {
return array();
})
));
$this->boot();
}
Is there anything I have to consider about
reloading
order of registering the SecurityServiceProvider, SessionServiceProvider
this manual token setting
?
You're using the 'form' authentication provider, but this won't work (or maybe I'm not understanding you correctly?). In order to be able to:
try to implement a automatic login when the specific parameters are passed in the request query
You need to hook into the Security service. In order to do that you have to create a Listener and register it. You'll also need a Provider
This is not an easy path as the security component works with many concepts.
You can see a working example in this repo (which implements an OAuth service)
If your security flow is easy and you don't need roles, you can just use a before middleware (and forget about the security component) like so:
<?php
$app->before(function (Request $request, Application $app) {
$session = $request->getSession();
if (false === $session->get('logged', false)) {
if (null !== $request->get('blah', null)) {
$session->set('logged', true);
}
else {
return new RedirectResponse('/login-url');
}
}
});
You could use Silex's guard. It works well with get Request. And standard form could be use as complement.
In your secured Security.firwall, add the guard parameter :
"guard" => array ("authenticator" => array("app.myauthenticator") )
And create your custom class, to validate login.
Just read the Silex cookbook.
I am using Silex 2.0 (I know - it's development version and not fully released yet) along with CNAM's JWT security provider (see: https://github.com/cnam/security-jwt-service-provider) to write an API for an open source application I am writing.
In short, there are three types of users that I care about:
Sitewide admins (ROLE_ADMIN) that have complete access
Commissioners (ROLE_COMMISH) who create objects they own, and can edit their own objects
Anonymous users who access read-only information.
As such, there are three sections of routes that go along with these "roles":
/admin/* where administrators can perform their uber actions
/commish/* where commissioners or admins can perform their actions on their objects
/* where all users can read information
The issue that I've come across is that while I can setup 3 firewalls, one for each, there are times in the 3rd route category (GET /object/1 for instance) where it needs to be accessibly anonymously, but if the user provides a valid JWT token, I need to access that user in order to perform some additional logic on the data I hand back in the response.
As I have it setup currently (more on my config below), it's all-or-nothing: I either restrict an entire firewall to only authenticated users with a certain role, or I open it up to anonymous users (and therefore cannot view user information).
Is it possible to have a route that anyone can hit, but logged in users can also be seen?
Current security configuration:
$app['users'] = function () use ($app) {
return new UserProvider($app);
};
$app['security.jwt'] = [
'secret_key' => AUTH_KEY,
'life_time' => 86400,
'algorithm' => ['HS256'],
'options' => [
'header_name' => 'X-Access-Token'
]
];
$app['security.firewalls'] = array(
'login' => [
'pattern' => 'login|register|verify|lostPassword|resetPassword',
'anonymous' => true,
],
'admin' => array(
'pattern' => '^/admin',
'logout' => array('logout_path' => '/logout'),
'users' => $app['users'],
'jwt' => array(
'use_forward' => true,
'require_previous_session' => false,
'stateless' => true,
)
),
'commish' => array(
'pattern' => '^/commish',
'logout' => array('logout_path' => '/logout'),
'users' => $app['users'],
'jwt' => array(
'use_forward' => true,
'require_previous_session' => false,
'stateless' => true,
)
)
);
$app['security.role_hierarchy'] = array(
'ROLE_ADMIN' => array('ROLE_MANAGER'),
);
$app->register(new Silex\Provider\SecurityServiceProvider());
$app->register(new Silex\Provider\SecurityJWTServiceProvider());
Additionally, I've attempted another approach where I match all routes under a single firewall, but then protect certain ones by using securty.access_rules configuration, but it does not work. An example of what I've tried:
$app['security.firewalls'] = array(
'api' => array(
'pattern' => '^/',
'logout' => array('logout_path' => '/logout'),
'anonymous' => true,
'jwt' => array(
'use_forward' => true,
'require_previous_session' => false,
'stateless' => true
)
)
);
$app['security.access_rules'] = array(
array('^/admin', 'ROLE_ADMIN'),
array('^/commish', 'ROLE_MANAGER'),
array('^/', 'IS_AUTHENTICATED_ANONYMOUSLY')
);
You can use $app['security.jwt.encoder'] to decode jwt and either create a custom trait and extending the route object or using midddlewareeeither on the route level or an easier way would be to use a middleware on the application level. I had similar issue and this is how i solved it, something like below
ex.
$app->before(function (Request $request, Application $app) {
$request->decodedJWT = $app['security.jwt.encoder']->
decode($request->headers->get('X-Access-Token'));
});
and then you can access the decoded jwt form any route by doing this
$app->get('/object/1', function(Request $request) {
$decodedJWT = $request->decodedJWT;
// do whatever logic you need here
})
So: so far I have not found this to be possible through the "normal" way, which is disappointing. I will not mark what I detail below as the "answer" for a few days, hoping that someone can chime in and offer a better, more "official" way to solve the dilemma.
TL;DR: I manually check the request headers for the access token string, then decode the token using the JWT classes in order to load the user account in routes outside of the firewall. It's incredibly hacky, it feels downright dirty, but it's the only solution to the issue that I see at the moment.
Technical Details: First, you must acquire the token value from the request header. Your controller method will have been handed a Symfony\Component\HttpFoundation\Request object, from which you can access $request->headers->get('X-Access-Token'). In most instances the user will not be authenticated, so this will be empty, and you can return null.
If not empty, you must then use Silex's instance of JWTEncoder to decode the token contents, create a new token instance of JWTToken, set the context to the decoded value from the encoder, and finally you can access the username property from said token - which can then be used to grab the corresponding user record. An example of what I came up with:
$request_token = $request->headers->get('X-Access-Token','');
if(empty($request_token)) {
return null;
}
try {
$decoded = $app['security.jwt.encoder']->decode($request_token);
$token = new \Silex\Component\Security\Http\Token\JWTToken();
$token->setTokenContext($decoded);
$userName = $token->getTokenContext()->name;
//Here, you'd use whatever "load by username" function you have at your disposal
}catch(\Exception $ex) {
return null;
}
And obviously, any code calling this function would need to know that because the request is outside of the firewall, there is zero guarantee that a user will be returned (hence the hacky try-catch that silences exceptions by just returning null).
Edit: I've updated the code here to use Silex's built-in DI container (provided by Pimple) so there's no need to create a new instance of the JWT encoder by hand. I'm also marking #user5117342 's answer as the correct one, as using some sort of Silex middleware approach is far more robust.
Edit (April 2016): Using the updated cnam/security-jwt-service 2.1.0 along with symfony/security 2.8, there's a slight update that makes the code above a little simpler:
$request_token = $request->headers->get('X-Access-Token','');
if(empty($request_token)) {
return null;
}
try {
$decodedToken = $app['security.jwt.encoder']->decode($request_token);
$userName = $decodedToken->name;
//Here, you'd use whatever "load by username" function you have at your disposal
}catch(\Exception $ex) {
return null;
}
The issue with the newer dependencies is that the JWTToken constructor requires 3 parameters which are difficult to obtain in most service layers, not to mention is quite out of place. As I was updating my Composer dependencies, I ended up finding out that I didn't actually need to create a JWTToken in order to get the username I needed.
Of course, it's to be noted I'm only using this method on public (anonymous) API routes to provide some niceties to users who are logged in - my app doesn't deal with sensitive data so I'm not overly concerned with this avenue outside of the firewalls. At worst a black hat user would end up seeing non-sensitive data that they normally wouldn't, but that's it. So YMMV.
Your are must be use regular expression e.g.
$app['security.firewalls'] = array(
'login' => [
'pattern' => 'login|register|oauth',
'anonymous' => true,
],
'secured' => array(
'pattern' => '^/api|/admin|/manager',
'logout' => array('logout_path' => '/logout'),
'users' => $app['users'],
'jwt' => array(
'use_forward' => true,
'require_previous_session' => false,
'stateless' => true,
)
),
);
I generated model files successfully, but for some reason I cannot call on known record attributes as if they had concrete accessors, even though I should be able to so via Doctrine_Record::__call(). I checked the doctrine manual for build options but did not see anything relevant to my problem.
$conns['core_rw'] = Doctrine_Manager::connection('mysql://ccast:#127.0.0.1/core', 'core_rw');
Doctrine_Core::generateModelsFromDb('/path/to/lib/Hobis/App/Model', array_keys($conns),
array(
'baseClassPrefix' => 'Base_',
'baseClassesDirectory' => 'Base',
'classPrefix' => 'Hobis_App_Model_',
'classPrefixFiles' => false,
'generateBaseClasses' => true,
'generateTableClasses' => true
)
);
After models were generated, I tried this:
$conns['core_rw'] = Doctrine_Manager::connection('mysql://ccast:#127.0.0.1/core', 'core_rw');
$widget = Hobis_App_Model_WidgetTable::getInstance()->findOneById(1337);
// Works
var_dump($widget->get('id'));
// Does not work
var_dump($widget->getId());
I have configured the CUrlManager in the config/main.php to use clean URL:
'urlManager' => array(
'showScriptName' => FALSE,
'urlFormat' => 'path',
'rules' => require(dirname(__FILE__) . '/routes.php'),
),
The clean URL function works perfectly, but I would like to prevent the default <controller>/<action> pattern match to occur.
This is my config/route.php:
<?php
return array(
'books' => 'book/index'
);
Now people can go to the same book page by 2 different URLs:
http://www.mysite.com/books
http://www.mysite.com/book/index
I want to disable the second URL pattern. Is this possible?
You can enable useStrictParsing in your url manager component.
I have ZF 1 where i got working Bootstrap.php with lots of routing and other preDispatch stuff.
But in ZF2 there is no Bootstrap.php concept anymore? Or i mean how can i do this same in Zf2?
<?php
class Bootstrap extends Zend_Application_Bootstrap_Bootstrap {
protected function _initPdispatch() {
$this->bootstrap('frontController');
require_once APPLICATION_PATH . '/controllers/plugin/LanguageSelector.php';
$plugin = new LanguageSelector();
$front = Zend_Controller_Front::getInstance();
$front->registerPlugin($plugin);
return $plugin;
}
protected function _initRoutes() {
$front = Zend_Controller_Front::getInstance();
$router = $front->getRouter();
$dynamic1 = new Zend_Controller_Router_Route(
'/:variable1',
array(
'controller' => 'router',
),
// array('variable1' => '^[a-zA-Z0-9_-]*$')
array('variable1' => '^[\w.-]*$')
);
$router->addRoute('dynamic1', $dynamic1);
}
One of the best features of ZF2 is something that I actually hated at first, which are the routes. It's both great and annoying because now you're required to set the routes for all of your modules.
Part of understanding ZF2 (more quickly) is understanding modules. If you can get past this, you will begin to adapt much more quickly. (At least that's how it was for me). So, what in ZF2 is a module? Anything!
Anyway, all of the config files for every module and for the application eventually get merged within the Zend Framework, so that means you can define routes anywhere really.
That said, you don't need to "bootstrap" your routes anymore as that is part of your ModuleName/config/module.config.php file. now.
Now, I'm not an expert on regex routes within ZF2, but it would be something like:
// MyModule/config/module.config.php
return array(
'router' => array(
'routes' => array(
'dynamic1' => array(
'type' => 'regex',
'options' => array(
'route' => '/[:variable1]'
)
)
)
)
);
Somewhere in there you define the regex. Additionally, I saw in their docs that you can also define a regex route manually:
use Zend\Mvc\Router\Http\Regex;
// ...
$route = Regex::factory(array(
'regex' => '/blog/(?<id>[a-zA-Z0-9_-]+)(\.(?<format>(json|html|xml|rss)))?',
'defaults' => array(
'controller' => 'Application\Controller\BlogController',
'action' => 'view',
'format' => 'html',
),
'spec' => '/blog/%id%.%format%',
));
$router->addRoute($route);
You should be able to add this as a service or put it in onBootstrap() within the Application module if you're using the Skeleton Application.
Keep in mind, that was their example and again, I'm not an expert on this. Here is some more information.
Hope this helps!