Ladies and gentlemen,
I am working hard on a new webapplication which is based on the Zend Framework.
Almost the whole webapplication will be secured with a login(username and password).
My idea is to check if the visitor can be authenticated and if not check if the user is requesting a login route. If he is not trying to login he will be redirected to the login page.
<?php
class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
{
/**
* Bootstrap::_initRouterRewrites()
*
* #return void
*/
protected function _initRouterRewrites()
{
$frontController = Zend_Controller_Front::getInstance();
$this->router = $frontController->getRouter();
$this->router->addRoute(
'default',
new Zend_Controller_Router_Route('/',
array('controller' => 'index',
'action' => 'index'))
)
->addRoute(
'login',
new Zend_Controller_Router_Route('/inloggen.html',
array('controller' => 'auth',
'action' => 'login'))
);
}
/**
* Bootstrap::_initZendSession()
*
* #return void
*/
protected function _initZendSession()
{
// Ensure that both the session and the db resources are bootstrapped
$this->bootstrap(array('db', 'session'));
// Actually start the session
Zend_Session::start();
}
/**
* Bootstrap::_initAuthentication()
*
* #return void
*/
protected function _initAuthentication()
{
// Instantiate auth object
$auth = Zend_Auth::getInstance();
// Check if visitor has an identity
if (!$auth->hasIdentity())
{
}
}
}
When I use the method $this->router->getCurrrentRoute() inthe _initAuthentication method I get the following error: "Current route is not defined".
What can I do to check if the current route is login?
Thanks in advance!
At the time of bootstrapping routing has run yet. What you need here is a FrontController Plugin that hooks into the request lifecycle at the appropriate place . In your case that is probably going to be during routeShutdown after the routing has determined where to dispatch the request.
From http://devzone.zend.com/1692/zend-framework-mvc-request-lifecycle/:
Use plugins like this in bootstrap.php:
protected function _initPlugins() {
$front = Zend_Controller_Front::getInstance();
$front->registerPlugin(new Plugin_Checkaccess());
}
and in plugins/Checkaccess.php
`
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$request = $this->getRequest();
$controllerName = strtolower($request->getControllerName());
$actionName = strtolower($request->getActionName());
if ('user' == $controllerName)
{
$session = new Zend_Session_Namespace('USER');
$notLogged = array('login','register');
if(!in_array($actionName, $notLogged) && !$session->user){
$request->setControllerName("index");
$request->setActionName("index");
$this->_response->setRedirect('/');
//$this->_response->setRedirect('/?redirectTo='.$this->_request->getRequestUri());
}elseif(in_array($actionName, $notLogged) && $session->user){
$request->setControllerName("user");
$request->setActionName("index");
$this->_response->setRedirect('/home');
}
return;
}
}
}`
Related
Im building project on Laravel 7.3 with multiple Jobs that run at the same time.
I need to make each Job write logs to different daily rotated file. The name of the log file should be based on model, that Job is processing.
The issue is I cant find smart solution.
What I have tried:
1) creating multiple channels in config/logging.php.
That works as expected but at the moment there are about 50 different Jobs and amount keeps growing. Method is ugly and hardly maintained.
2) setting up Config(['logging.channels.CUSTOMCHANNEL.path' => storage_path('logs/platform/'.$this->platform->name.'.log')]);.
Messing with Config variable was bad idea because of many Jobs running one time. As a result messages from one job often were written in another Job log.
3) using Log::useDailyFiles()
Seems like this stops working since laravel 5.5 or 5.6. Just getting error Call to undefined method Monolog\Logger::useDailyFiles(). Any thoughts how to make with work in laravel 7?
4) using tap parameter for channel in config/logging.php.
Example in laravel docs
No ideas how to pass model name into CustomizeFormatter to setup file name.
Im almost sure there is smart solution and Im just missing something.
Any suggests? Thanks!
You could inherit the log manager to allow a dynamic configuration
<?php
namespace App\Log;
use Illuminate\Support\Str;
use Illuminate\Log\LogManager as BaseLogManager;
class LogManager extends BaseLogManager
{
/**
* Get the log connection configuration.
*
* #param string $name
* #return array
*/
protected function configurationFor($name)
{
if (!Str::contains($name, ':')) {
return parent::configurationFor($name);
}
[$baseName, $model] = explode(':', $name, 2);
$baseConfig = parent::configurationFor($baseName);
$baseConfig['path'] = ...; //your logic
return $baseConfig;
}
}
Likewise about Laravel's log service provider except this one can be totally replaced
<?php
namespace App\Log;
use Illuminate\Support\ServiceProvider;
class LogServiceProvider extends ServiceProvider
{
/**
* Register the service provider.
*
* #return void
*/
public function register()
{
$this->app->singleton('log', function ($app) {
return new LogManager($app);
});
}
}
EDIT: I've just seen that Laravel's log service provider is missing from config/app.php, this is because it's "hard-loaded" by the application. You still can replace it by inheriting the application itself
<?php
namespace App\Foundation;
use App\Log\LogServiceProvider;
use Illuminate\Events\EventServiceProvider;
use Illuminate\Routing\RoutingServiceProvider;
use Illuminate\Foundation\Application as BaseApplication;
class Application extends BaseApplication
{
/**
* Register all of the base service providers.
*
* #return void
*/
protected function registerBaseServiceProviders()
{
$this->register(new EventServiceProvider($this));
$this->register(new LogServiceProvider($this));
$this->register(new RoutingServiceProvider($this));
}
}
And finally in bootstrap/app.php, replace Illuminate\Foundation\Application with App\Foundation\Application
For example, if you try this
app('log')->channel('single:users')->debug('test');
Laravel will use the single channel's config and write to users.log if your resolution logic is
$baseConfig['path'] = $model + '.log';
I got a solution that I've been using since Laravel 4 that works, although it doesn't follow 'Laravel' way of doing things.
class UserTrackLogger
{
/**
* #var $full_path string
*/
protected $full_path;
/**
* #var $tenant string
*/
protected $tenant;
/**
* #var $user User
*/
protected $user;
/**
* #var $request Request
*/
protected $request;
public static function log(string $message, Request $request, User $user, array $data = []): void
{
/** #noinspection PhpVariableNamingConventionInspection */
$userTrack = new static($request, $user);
$userTrack->write($message, $data);
}
protected function __construct(Request $request, User $user)
{
$this->request = $request;
$this->user = $user;
$this->tenant = app()->make('tenant')->tenant__name;
$path = storage_path() . "/logs/{$this->tenant}/users";
$filename = $this->user->username_with_name;
$this->full_path = Formatter::formatPath("{$path}/{$filename}.log");
self::makeFolder($this->full_path);
}
protected function write(string $message, array $data = []): void
{
$formatter = $this->getFormat();
$record = [
'message' => $message,
'context' => $data,
'extra' => [],
'datetime' => date(Utility::DATETIME_FORMAT_DEFAULT),
'level_name' => 'TRACK',
'channel' => '',
];
file_put_contents($this->full_path, $formatter->format($record), FILE_APPEND);
}
protected function getFormat(): FormatterInterface
{
$ip = $this->request->getClientIp();
$method = strtoupper($this->request->method());
$format = "[%datetime%][{$this->tenant}][{$this->user->username}][{$this->user->name}]: $ip $method %message% %context%\n";
return new LineFormatter($format, null, true);
}
protected static function makeFolder(string $full_path): bool
{
$path = dirname($full_path);
if ( !is_dir($path) ) {
return mkdir($path, 0755, true);
}
return false;
}
}
And when I want to log something, I do UserTrackLogger::log($request->fullUrl(), $request, $user, $data);
What I would suggest is creating a logger similar to this but extends RotatingFileHandler.
Invoice app development is going on using Laravel. I store date and amount format for every users in settings table.
When user login to their account how to set Session variable? Please give any suggestions. I am using Laravel 5.3.
Of course the docs tell us how to store session data*, but they don't address the OP's question regarding storing session data at login. You have a couple options but I think the clearest way is to override the AuthenticatesUsers trait's authenticated method.
Add the override to your LoginController:
/**
* The user has been authenticated.
*
* #param \Illuminate\Http\Request $request
* #param mixed $user
* #return mixed
*/
protected function authenticated(Request $request, $user)
{
$this->setUserSession($user);
}
Then you can set your session up as:
protected function setUserSession($user)
{
session(
[
'last_invoiced_at' => $user->settings->last_invoiced_at,
'total_amount_due' => $user->settings->total_amount_due
]
);
}
If you want to be a bit more clever you can create a listener for the Login or Authenticated events and set up the session when one of those events* fires.
Create a listener such as SetUpUserSession:
<?php
namespace app\Listeners;
use Illuminate\Auth\Events\Login;
class SetUserSession
{
/**
* #param Login $event
* #return void
*/
public function handle(Login $event)
{
session(
[
'last_invoiced_at' => $event->user->settings->last_invoiced_at,
'total_amount_due' => $event->user->settings->total_amount_due
]
);
}
}
*Links go to 5.4 but this hasn't changed from 5.3.
I've used the Auth class to manage user data, like this:
public function index(){
$user_id = Auth::user()->id;
}
But you have to add 'use Auth;' before class declaration. Then you can add any data to session variable.
Laravel fires an event when a new login is made to the application.
When an event fires you may add a listener for it, then add a session .
This is the content of a listener I made.
<?php
namespace App\Listeners\Auth;
use Illuminate\Auth\Events\Login;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Queue\InteractsWithQueue;
class UserLoggedIn
{
/**
* Create the event listener.
*
* #return void
*/
public function __construct()
{
//
}
public function handle(Login $event)
{
if ($event->user->hasRole('subsidiary_admin')) {
\Session::put('subsidiary_admin', $event->user->subsidiaryBoUser->subsidiary_id);
\Session::put('subsidiary', $event->user->subsidiaryBoUser->subsidiary);
}
}
}
and I register it on the eventServiceProvider like this
'Illuminate\Auth\Events\Login' => [
'App\Listeners\Auth\UserLoggedIn',
],
You can store data in the session using two different methods either a Request instance or using the global helper/function provided.
Request Instance
public function methodA(Request $request) {
$request->session()->put('KEY', 'VALUE');
}
Global Helper
public function methodB() {
session(['key' => 'value']);
}
You can find more details on both methods in the documentation.
Here's what I am doing:
I have this on my helper file:
\App\Helpers\helpers.php:
function signedUser()
{
return [
'id' => Auth::id(),
'group_id' => Auth::user()->group_id,
'group_name' => Auth::user()->group->name,
'avatar' => Auth::user()->avatar,
'first_name' => Auth::user()->first_name,
'full_name' => Auth::user()->full_name,
];
}
On my User Model:
public function group()
{
return $this->belongsTo('App\Models\Group');
}
public function getFullNameAttribute()
{
$full_name = ucfirst($this->first_name) . ' ' . ucfirst($this->middle_name[0]) . '. ' . ucfirst($this->last_name);
return $full_name;
}
Then I can accessed the variables on both controllers and blade files like so:
dump(signedUser()['full_name']);
{{ signedUser()['full_name'] }}
In ZF1 I used to declare variables in the application.ini
brandname = "Example"
weburl = "http://www.example.com/"
assetsurl = "http://assets.example.com/"
And in the Bootstrap I did this so i could access them in the view
define('BRANDNAME', $this->getApplication()->getOption("brandname"));
define('WEBURL', $this->getApplication()->getOption("weburl"));
define('ASSETSURL', $this->getApplication()->getOption("assetsurl"));
Whats the ZF2 way to do this, I know that i can create an array in the local.php config file like:
return array(
'example' => array(
'brandname' => 'Example',
'weburl' => 'http://www.example.com/',
'asseturl' => 'http://assets.example.com/',
),
);
When I want to access that variable in the controller I can do
$config = $this->getServiceLocator()->get('Config');
$config['example']['brandname']);
So far so good... but how do i access this variable in the view?
I don't want to create a view variable for it in every controller. And when i try the above in a view phtml file i get an error.
Zend\View\HelperPluginManager::get was unable to fetch or create an instance for getServiceLocator
Any ideas?
You could create a sinmple view helper to act as a proxy for your config, (totally un tested).
Module.php
public function getViewHelperConfig()
{
return array(
'factories' => array(
'configItem' => function ($helperPluginManager) {
$serviceLocator = $helperPluginManager->getServiceLocator();
$viewHelper = new View\Helper\ConfigItem();
$viewHelper->setServiceLocator($serviceLocator);
return $viewHelper;
}
),
);
}
ConfigItem.php
<?php
namespace Application\View\Helper;
use Zend\View\Helper\AbstractHelper;
use Zend\ServiceManager\ServiceManager;
/**
* Returns total value (with tax)
*
*/
class ConfigItem extends AbstractHelper
{
/**
* Service Locator
* #var ServiceManager
*/
protected $serviceLocator;
/**
* __invoke
*
* #access public
* #param string
* #return String
*/
public function __invoke($value)
{
$config = $this->serviceLocator->get('config');
if(isset($config[$value])) {
return $config[$value];
}
return NULL;
// we could return a default value, or throw exception etc here
}
/**
* Setter for $serviceLocator
* #param ServiceManager $serviceLocator
*/
public function setServiceLocator(ServiceManager $serviceLocator)
{
$this->serviceLocator = $serviceLocator;
}
}
You could then do something like this in your view, assuming you have them set in your config of course :)
echo $this->configItem('config_key');
echo $this->configItem('web_url');
I would personally tend to just pass the values through to the view every time though, keeping the view a dumb as possible.
I answered this before on a different post.
/* Inside your action controller method */
// Passing Var Data to Your Layout
$this->layout()->setVariable('stack', 'overflow');
// Passing Var Data to Your Template
$viewModel = new ViewModel(array( 'stack' => 'overflow' ));
/* In Either layout.phtml or {Your Template File}.phtml */
echo $this->stack; // Will print overview
That's it... No need to mess with view helpers, event manager, service manager, or anything else.
Enjoy!
I'm using Symfony 2.3 and I can't find a good solution to add a security on two tables.
I have an user and this user can get an application, he can access to his application with this path: /application/{id}
So I'd like to secure this page if the user is link to the application. I do something to check in my controller but this not very clean:
/**
*
* #param int $idApplication
* #return UserApplication
*/
public function testUserApplication($idApplication){
//get the application
$applicationRepository = $this->getDoctrine()->getRepository('PhoneApplicationBundle:Application');
$application = $applicationRepository->find($idApplication);
if($application==null){
return null;
}
$userApplicationRepository = $this->getDoctrine()->getRepository('PhoneApplicationBundle:UserApplication');
$userApplication = $userApplicationRepository->findOneBy(array(
'user' => $this->getUser(),
'application' => $application
));
return $userApplication;
}
I don't know if I can do this using the security.
I try an other solution creating a service which check this
class Test
{
/** #var \Doctrine\ORM\EntityManager */
private $doctrine;
/**
* Constructor
*
* #param Doctrine $doctrine
*/
public function __construct(Doctrine $doctrine)
{
$this->doctrine = $doctrine;
}
public function userApplication($idApplication){
//get the application
$applicationRepository = $this->doctrine->getRepository('PhoneApplicationBundle:Application');
$application = $applicationRepository->find($idApplication);
if($application==null){
return null;
}
$userApplicationRepository = $this->doctrine->getRepository('PhoneApplicationBundle:UserApplication');
$userApplication = $userApplicationRepository->findOneBy(array(
'user' => $this->getUser(),
'application' => $application
));
return $userApplication;
}
}
service.yml:
parameters:
phone_application.test_user_application.class: Phone\ApplicationBundle\Service\Test
services:
phone_application.test_user_application:
class: %phone_application.test_user_application.class%
arguments: [#doctrine]
But I don't realy understand how to use this in a controller
Thanks for help.
First
If you want to use a service in your controller, do
$serv = $this->get('nameoftheservice);
//then
$serv->yourFunctionOfTheService();
In your case :
$serv = $this->get('phone_application.test_user_application');
//then
$serv->userApplication($id);
Second
Another way to do it :
If the $user object is fully available in your controller just do :
//get the app
$application = $this->getDoctrine()->getRepository('PhoneApplicationBundle:Application')->find($idApplication);
//check if this user owns this app, considering you have sets the right doctrine annotation for relation in your entity file
if($user->getApplications()->contains($application)) {
//do your stuff
}
else
throw new \Exception('No right there ! ');
<?php
class PI_Controller_Plugin_AssetGrabber extends Zend_Controller_Plugin_Abstract
{
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
/*
The module name
*/
$moduleName = $request->getModuleName();
/*
This modules requires the user to be loggedin in order to see the web pages!
*/
$loginRequiredModules = array('admin');
if (in_array($moduleName,$loginRequiredModules)) {
$adminLogin = new Zend_Session_Namespace('adminLogin');
if (!isset($adminLogin->loggedin)) {
/*--------------------------------------
Here I want to redirect the user
*/
$this->_redirect('/something');
}
}
}
}
I'm trying to do a redirect $this->_redirect('/something') but doesn't work! Do you know how can I do a redirect in this case?
Best Regards,
... rest of code
if (!isset($adminLogin->loggedin)) {
$baseUrl = new Zend_View_Helper_BaseUrl();
$this->getResponse()->setRedirect($baseUrl->baseUrl().'/something');
}
... rest of code
<?php
class AlternativeController extends Zend_Controller_Action
{
/**
* Redirector - defined for code completion
*
* #var Zend_Controller_Action_Helper_Redirector
*/
protected $_redirector = null;
public function init()
{
$this->_redirector = $this->_helper->getHelper('Redirector');
}
public function myAction()
{
/* Some Awesome Code */
$this->redirector('targetAction', 'targetController');
return; //Never reached!
}
}
You need to get the redirector helper, then you can define the targetAction and targetController with the redirector. That should do it.
Either use Zend_Controller_Action_HelperBroker to get the redirect helper or do the redirect directly from the Request object.
See the examples given in
Redirect in Front Controller plugin Zend