After finding this question I got my Silex sessions to at least get an ID assigned, but I'm not seeing the session data get saved across different page views:
require(__DIR__.'/vendor/autoload.php'); // Composer autoload
$app = new Silex\Application();
$app['debug'] = true;
$app['db'] = $app->share(function() { // Database connector as a service
return new PDO('mysql:host=localhost;dbname=myawesome_db', 'user', 'paswd');
});
$app['session.db_options'] = array(
'db_table' => 'php_sessions',
'db_id_col' => 'session_id',
'db_data_col' => 'session_value',
'db_time_col' => 'session_time',
);
$app['session.storage.pdohandler'] = $app->share(function () use ($app) {
return new Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler(
$app['db'],
$app['session.db_options'],
$app['session.storage.options']
);
});
$app['session.storage'] = $app->share(function() use ($app) {
return new Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage(
$app['session.storage.options'],
$app['session.storage.pdohandler']
);
});
$app->register(new Silex\Provider\SessionServiceProvider()); // Start session management
$app['session']->start();
$app->get('/session-set', function() use ($app) {
$app['session']->set('foobar', 'test');
$app['session']->save();
$out = "User session is: ".$app['session']->getId()."<br />\n";
$out .= "Session variable is: ".var_export($app['session']->get('foobar'), true)."<br />\n";
return $out;
});
$app->get('/session-get', function() use ($app) {
$out = "User session is: ".$app['session']->getId()."<br />\n";
$out .= "Session variable is: ".var_export($app['session']->get('foobar'), true)."<br />\n";
return $out;
});
$app->run(); // Off into the sunset
The /session-set page shows a value for the foobar session variable, but the /session-get page does not. Anyone able to help me figure out why?
My solution turned out to be that the PDO database connection was not set up properly (one of the column names was wrong). However, by default, the PDO MySQL connection doesn't throw Exceptions when it errors out, it just sets the ErrorInfo() detail. Once I turned on Exception throwing for my PDO connection, I found the error and fixed it. I also submitted a patch to Symfony to ensure that the session PDO object has Exception-throwing enabled, to avoid others hitting this problem.
Related
I found a post on Laravel.io on how to load Laravel sessions into Ratchet which is outdated and uses Laravel 5.4 so I've altered a few things to get this to work with Laravel 8.x
public function onOpen(ConnectionInterface $conn)
{
// Attach connection
$this->clients->attach($conn);
// Create a new session handler for this client
$session = (new SessionManager(App::getInstance()))->driver();
// Get the cookies
$cookiesRaw = $conn->httpRequest->getHeader('Cookie');
$cookies = [];
if(count($cookiesRaw)) {
$cookies = Header::parse($cookiesRaw)[0]; // Array of cookies
}
// Get the laravel's one - todo: try catch
$sessionId = Crypt::decrypt(urldecode($cookies[Config::get('session.cookie')]), false);
var_dump($sessionId);
// Set the session id to the session handler
$session->setId($sessionId);
// Bind the session handler to the client connection
$conn->session = $session;
var_dump($conn->session->getId());
}
I then altered the send message too because I am receiving unexpected results.
public function onMessage(ConnectionInterface $conn, MessageInterface $msg)
{
$conn->session->start();
$sessionId = $conn->session->getId();
var_dump($sessionId);
if(!is_null(($decoded = json_decode(base64_decode($msg), true))) && array_diff(['message'], array_keys($decoded)))
return;
var_dump($decoded['message']);
return;
}
I test this with JS front-end like so:
class WebRTC
{
socket;
constants;
timerId;
constructor(protocol, fqdns, port) {
this.constants = {
protocol: protocol,
fqdns: fqdns,
port: port
};
this.listenChanges();
}
listenChanges() {
this.socket = new WebSocket(`${this.constants.protocol}://${this.constants.fqdns}:${this.constants.port}`);
this.socket.onmessage = e => {
console.log(atob(e.data));
};
this.socket.onerror = () => {
this.socket.close();
};
this.socket.onopen = () => {
console.info('Connected to WebRTC Chat Server...');
this.socket.send(btoa(JSON.stringify({
message: '{{ session()->getId() }}' // Expected session
})));
clearInterval(this.timerId);
this.socket.onclose = () => {
this.timerId = setInterval(() => {
this.listenChanges();
}, 1000);
};
};
}
}
new WebRTC('ws', '127.0.0.1', '8080');
& When the connection opens, I sent the session()->getId() which is the expected session I need. However, my output in the CLI is:
onOpen() : $sessionId
string(81) "b0e41cf0d856bdfc8427e1fdde62d5a154519f9c|MLXa9H2BbnQmySt2hRB360UANxLGHyz6iRMxGcoG"
onOpen() : $conn->session->getId()
string(40) "qyaDOQjNFlbrbjvvKRE1m5sN0dsGqqAsoMfkeqyU"
onMessage(): $conn->session->getId()
string(40) "qyaDOQjNFlbrbjvvKRE1m5sN0dsGqqAsoMfkeqyU"
JS blade formatted actual session that is sent as a message
string(40) "MLXa9H2BbnQmySt2hRB360UANxLGHyz6iRMxGcoG"
Here, my expected onMessage() method receive the dependency injected $conn (ConnectionInterface) with the ->session->getId() of the actual session()->getId() so I can make Auth::user() work.
Any ideas on what I'm doing wrong? I tried the var_dump($conn->session->get(Auth::getName())); as the Laravel.Io says to do but it returns null on the var_dump and my user is logged in.
This should then give me access to use User::find() or Auth::user().
Good day,
Im trying to develop a web platform using Slim framework. I've done it in MVC way. some of my APIs are used to render the view and some is just built to get data from the db.
for example :
$app->get('/api/getListAdmin', function () use ($app) {
$data = ...//code to get admins' list
echo json_encode($data);
})->name("getListAdmin");
$app->get('/adminpage', function () use ($app) {
// **** METHOD 1 :// get the data using file_get_contents
$result = file_get_contents(APP_ROOT.'api/getListAdmin');
// or
// **** METHOD 2 :// get data using router
$route = $this->app->router->getNamedRoute('getListAdmin');
$result = $route->dispatch();
$result = json_decode($result);
$app->render('adminpage.php', array(
'data' => $result
));
});
I'm trying to call the db handling Api '/api/getListAdmin' within the view related apis '/adminpage'.
based on solutions i have found in the web i tried method 1 and 2 but:
method 1 (using file_get_contents) take a long time to get the data (few seconds on my local environment).
method 2 (router->getNamedRoute->dispatch) seems dosnt work becuz it will render the result in the view even if i use $result = $route->dispatch(); to store the result in a variable but seems dispatch method still render to result to the screen.
I tried to create a new slim app only for db related API but still calling one of them takes quite long time 2 to 3 seconds.
Really appreciate it if some one can help me on what i'm doing wrong or what is the right way to get data from another api.
Thanks
Method 1
This could be another method, creating a Service layer, where redundant code is deleted:
class Api {
function getListAdmin() {
$admins = array("admin1", "admin2", "admin3"); //Retrieve your magic data
return $admins;
}
}
$app->get('/api/getListAdmin', function () use ($app) {
$api = new Api();
$admins = $api->getListAdmin();
echo json_encode($admins);
})->name("getListAdmin");
$app->get('/adminpage', function () use ($app) {
$api = new Api();
$admins = $api->getListAdmin();
$app->render('adminpage.php', array(
'data' => $admins
));
});
Method 2
If you are ok with an overkill method, you could use Httpful:
$app->get('/adminpage', function () use ($app) {
$result = \Httpful\Request::get(APP_ROOT.'api/getListAdmin')->send();
//No need to decode if there is the JSON Content-Type in the response
$result = json_decode($result);
$app->render('adminpage.php', array(
'data' => $result
));
});
I have already written an application in a procedural way and am trying to move into into a Laravel framework. I'm having trouble with the SOAP exchange section as I am getting an ID value that authenticates the user but cannot access that value (as a cookie) later in the program to authenticate the search.
Here is my code so far:
<?php namespace App;
use Artisaninweb\SoapWrapper\Facades\SoapWrapper;
use Illuminate\Http\RedirectResponse;
class SoapController {
private $auth_response;
private $cookie;
private $search_client;
private $search_response;
public function soapExchange() {
// create SOAP client and add service details
SoapWrapper::add(function ($service) {
$service
->name('WoSAuthenticate')
->wsdl('http://search.webofknowledge.com/esti/wokmws/ws/WOKMWSAuthenticate?wsdl')
->trace(true)
->cache(WSDL_CACHE_NONE);
});
SoapWrapper::service('WoSAuthenticate', function($service) {
// call authenticate() method to get SID cookie
$auth_response = $service->call('authenticate', []);
$cookie = $auth_response->return;
// test for cookie return
// print($cookie);
});
// create SOAP client and add service details
$search_client = new SoapWrapper;
$search_client::add(function ($service) {
$service
->name('WoSSearch')
->wsdl('http://search.webofknowledge.com/esti/wokmws/ws/WokSearch?wsdl')
->trace(true)
->cache(WSDL_CACHE_NONE);
});
if (isset($auth_response->return)) {
// if there is an SID returned then add it to the cookie attribute of the search client
$search_client->__setCookie('SID', $cookie);
} else {
// route to relevant view to display throttle error
return redirect('throttle');
}
}
}
I am successfully retrieving the response from the Web API call and getting a code to authenticate the user, saved as $cookie. However, I need then to create another SoapWrapper for performing the search and this needs the ID code attached by using the __setCookie method. If nothing is returned by the authenticate call then it redirects to an error message via throttle.blade.php elsewhere.
Surely there is a way to return a value created from a function so that it can be used elsewhere?
** EDIT **
Looked into employing SoapClient instead and including all operations within a single function. It all relates to a specific Web API anyway so I guess separation of concerns is not so much of an issue. FYI the new class I am trying is this:
<?php namespace App\Models;
use SoapClient;
use Illuminate\Http\RedirectResponse;
class SoapWrapper {
public function soapExchange() {
// set WSDL for authentication and create new SOAP client
$auth_url = "http://search.webofknowledge.com/esti/wokmws/ws/WOKMWSAuthenticate?wsdl";
// array options are temporary and used to track request & response data
$auth_client = #new SoapClient($auth_url);
// set WSDL for search and create new SOAP client
$search_url = "http://search.webofknowledge.com/esti/wokmws/ws/WokSearch?wsdl";
// array options are temporary and used to track request & response data
$search_client = #new SoapClient($search_url);
// run 'authenticate' method and store as variable
$auth_response = $auth_client->authenticate();
// call 'setCookie' method on '$search_client' storing SID (Session ID) as the response (value) given from the 'authenticate' method
// check if an SID has been set, if not it means Throttle server has stopped the query, therefore display error message
if (isset($auth_response->return)) {
$search_client->__setCookie('SID',$auth_response->return);
} else {
return Redirect::route('throttle');
}
}
}
Maybe try $GLOBALS?
<?php
$GLOBALS[data] = "something";
function abc(){
echo $GLOBALS[data];
}
?>
use Artisaninweb\SoapWrapper\Facades\SoapWrapper;
class SoapController extends Controller {
public $resultSoapStatus;
public $resultSoapAuthority;
public function heySoap{
SoapWrapper::add(function ($service) ...
$data = [
'MerchantID' => $MerchantID,
'Amount' => $Amount,
'Description' => $Description,
'Email' => $Email,
'Mobile' => $Mobile,
'CallbackURL' => $CallbackURL
];
SoapWrapper::service('test', function ($service) use ($data) {
$resultSoap = $service->call('PaymentRequest', [$data]);
$this->resultSoapStatus = $resultSoap->Status;
$this->resultSoapAuthority = $resultSoap->Authority;
});
if($this->resultSoapStatus == 100 && strlen($this->resultSoapAuthority) == 36)
{
//Do Something
}
else
{
return Redirect::back();
}
}
}
Enjoy bro
EDIT:
Read the discussion about the bug at: https://github.com/tymondesigns/jwt-auth/issues/83
MY ORIGINAL QUESTION:
I'm implement with jwt-auth my protected resources that require an authenticated user with bellow code:
Route::group(['middleware' => ['before' => 'jwt.auth', 'after' => 'jwt.refresh']], function() {
// Protected routes
});
When user 'sign in' on API an Authorization token is created, and sent on response Authorization header to client application that call the resource. So, client applications when intercept a Authorization token on header of any response, set a variable/session/whatever with this token value, to send again to API on next request.
The first request for a protected resource after 'login' works fine, but the next client application request to API with a refreshed token, gives the following error (API mount all responses in json format):
{
"error": "token_invalid"
}
What can be happen with refreshed tokens? My refresh token implementation (set as a after middleware) is wrong? Or isn't necessary to manually refresh all Authorization token that come with client apps requests?
UPDATE:
I update the jwt-auth RefreshToken middleware as propose here, but the token_invalid persist.
BUG:
I guess that I found what happens. Note that in the refresh method, old token is added to blacklist cache case enabled:
// Tymon\JWTAuth\JWTManager
public function refresh(Token $token)
{
$payload = $this->decode($token);
if ($this->blacklistEnabled) {
// invalidate old token
$this->blacklist->add($payload);
}
// return the new token
return $this->encode(
$this->payloadFactory->setRefreshFlow()->make([
'sub' => $payload['sub'],
'iat' => $payload['iat']
])
);
}
And note that in add to blacklist method the key is the jti param from old token payload:
// Tymon\JWTAuth\Blacklist
public function add(Payload $payload)
{
$exp = Utils::timestamp($payload['exp']);
// there is no need to add the token to the blacklist
// if the token has already expired
if ($exp->isPast()) {
return false;
}
// add a minute to abate potential overlap
$minutes = $exp->diffInMinutes(Utils::now()->subMinute());
$this->storage->add($payload['jti'], [], $minutes);
return true;
}
Thus, when has on blacklist method is called, the old token jti param is the same that the new, so the new token is in blacklist:
// Tymon\JWTAuth\Blacklist
public function has(Payload $payload)
{
return $this->storage->has($payload['jti']);
}
If you don't need the blacklist functionality just set to false on jwt.php configuration file. But I can't say if it expose to some security vulnerability.
Read the discussion about the bug at: https://github.com/tymondesigns/jwt-auth/issues/83
When I get this issue, the solution that I found to get my project working was to generate a new token with data from older token on each new request.
My solution, that works for me, is bad, ugly, and can generate more issues if you have many async requests and your API(or business core) server is slow.
For now is working, but I will investigate more this issue, cause after 0.5.3 version the issue continues.
E.g:
Request 1 (GET /login):
Some guest data on token
Request 2 (POST /login response):
User data merged with guest data on old token generating a new token
Procedural code example(you can do better =) ), you can run this on routes.php out of routes, I say that is ugly haha:
// ----------------------------------------------------------------
// AUTH TOKEN WORK
// ----------------------------------------------------------------
$authToken = null;
$getAuthToken = function() use ($authToken, $Response) {
if($authToken === null) {
$authToken = JWTAuth::parseToken();
}
return $authToken;
};
$getLoggedUser = function() use ($getAuthToken) {
return $getAuthToken()->authenticate();
};
$getAuthPayload = function() use ($getAuthToken) {
try {
return $getAuthToken()->getPayload();
} catch (Exception $e) {
return [];
}
};
$mountAuthPayload = function($customPayload) use ($getLoggedUser, $getAuthPayload) {
$currentPayload = [];
try {
$currentAuthPayload = $getAuthPayload();
if(count($currentAuthPayload)) {
$currentPayload = $currentAuthPayload->toArray();
}
try {
if($user = $getLoggedUser()) {
$currentPayload['user'] = $user;
}
$currentPayload['isGuest'] = false;
} catch (Exception $e) {
// is guest
}
} catch(Exception $e) {
// Impossible to parse token
}
foreach ($customPayload as $key => $value) {
$currentPayload[$key] = $value;
}
return $currentPayload;
};
// ----------------------------------------------------------------
// AUTH TOKEN PAYLOAD
// ----------------------------------------------------------------
try {
$getLoggedUser();
$payload = ['isGuest' => false];
} catch (Exception $e) {
$payload = ['isGuest' => true];
}
try {
$payload = $mountAuthPayload($payload);
} catch (Exception $e) {
// Make nothing cause token is invalid, expired, etc., or not exists.
// Like a guest session. Create a token without user data.
}
Some route(simple example to save user mobile device):
Route::group(['middleware' => ['before' => 'jwt.auth', 'after' => 'jwt.refresh']], function () use ($getLoggedUser, $mountAuthPayload) {
Route::post('/session/device', function () use ($Response, $getLoggedUser, $mountAuthPayload) {
$Response = new \Illuminate\Http\Response();
$user = $getLoggedUser();
// code to save on database the user device from current "session"...
$payload = app('tymon.jwt.payload.factory')->make($mountAuthPayload(['device' => $user->device->last()->toArray()]));
$token = JWTAuth::encode($payload);
$Response->header('Authorization', 'Bearer ' . $token);
$responseContent = ['setted' => 'true'];
$Response->setContent($responseContent);
return $Response;
});
});
at the moment, I initialize database in following way:
$di->set('db', function() use ($config){
return new \Phalcon\Db\Adapter\Pdo\Mysql(
array(
"host" => $config->database->host,
"username" => $config->database->username,
"password" => $config->database->password,
"dbname" => $config->database->name
)
);
});
but when mysql credentials are wrong, or database doesn't exist, Phalcon returns blank page without any error message. Such situations are real headache, because small error in login/password/host causes almost untraceable error.
I think that Pdo constructor stops PHP code execution in this case.
So how do you initialize database connection in Phalcon when you want website to tell you about problem with database?
I ended with following code:
$di->set('db', function() use ($config){
try {
$db = new \Phalcon\Db\Adapter\Pdo\Mysql(
array(
"host" => $config->database->host,
"username" => $config->database->username,
"password" => $config->database->password,
"dbname" => $config->database->name
)
);
} catch (Exception $e) {
die("<b>Error when initializing database connection:</b> " . $e->getMessage());
}
return $db;
});
Please tell me if there is a better way.
I use this configuration:
$di->set('db', function () use ($config) {
$connection = new \Phalcon\Db\Adapter\Pdo\Mysql(array(
"host" => $config->database->host,
"username" => $config->database->username,
"password" => $config->database->password,
"dbname" => $config->database->dbname,
"options" => array(
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
)
));
if (APPLICATION_ENV == 'development') {
$eventsManager = new Phalcon\Events\Manager();
$logger = new Phalcon\Logger\Adapter\File($config->application->logsDir . "sql_debug.log");
//Listen all the database events
$eventsManager->attach('db', function ($event, $connection) use ($logger) {
if ($event->getType() == 'beforeQuery') {
$logger->log($connection->getSQLStatement(), Logger::INFO);
}
});
//Assign the eventsManager to the db adapter instance
$connection->setEventsManager($eventsManager);
}
return $connection;
}, true);
there is one more option for utf8 and if application enviroment is development, it logs all the sql calls to sql_debug.log. You can see, that I'm using $config, its defined like this:
switch (APPLICATION_ENV) {
case 'development':
$config = new Phalcon\Config\Adapter\Ini(__DIR__ . '/../app/config/config_dev.ini');
break;
case 'testing':
$config = new Phalcon\Config\Adapter\Ini(__DIR__ . '/../app/config/config_test.ini');
break;
case 'production':
$config = new Phalcon\Config\Adapter\Ini(__DIR__ . '/../app/config/config_production.ini');
break;
}
and in config file you would find something like this:
[database]
adapter = Mysql
host = localhost
username = root
password =
dbname = db_name
You can make it more general. Sou you can catch all the errors that may occur and display them nicely.
I'm using below bootstrap file (config) for developement as described here.
<?php
error_reporting(-1);
$debug = new Phalcon\Debug();
$debug->listen();
/** Read the configuration */
$config = include __DIR__ . '/../config/config.php';
/** Read auto-loader */
include __DIR__ . "/../app/config/loader.php";
/** Read services */
include __DIR__ . "/../app/config/mvc/services.dev.php";
/** Handle the request */
$application = new \Phalcon\Mvc\Application();
$application->setDI($di);
if (!empty($_SERVER['REQUEST_URI'])) {
$uriParts = explode('?', $_SERVER['REQUEST_URI']);
$uri = $uriParts[0];
} else {
$uri = '/';
}
echo $application->handle($uri)->getContent();
Which concludes that interesting part is here:
$debug = new Phalcon\Debug();
$debug->listen();
Does setting error reporting in your phalcon.ini help?
extension=phalcon.so
error_reporting = E_ALL | E_STRICT
display_errors = On