Hi
I know that I can set the rest authentication in Phil Sturgeons rest API, but I only want authentication for some methods in the REST API.
I want some of my methods to be accessible for everyone with no authentication at all, and others to only be accessible to administrators/people authenticated users.
In .net I can simply set a [RequiresAuthentication] attribute over methods in a webservice, is there something similar I can do with Rest PHP in CodeIgniter?
Or Controller specific would be fine too.
"philsturgeon Phil Sturgeon
Why do people ask questions about my code on StackOverflow and random forums instead of just asking me?"
Go ask Phil Sturgeon.
Hello Jakob :) What you are trying to do is a bit tricky as Phil Sturgeons rest API Controller only supports setting the authentication method globally. To set it globaly you edit this line in the rest config file:
$config['rest_auth'] = '';
I have an untested theory though:
To set this setting per controller make sure the setting in the config file is as above (empty) and add this constructor to the controller you would like to specify authentication method for:
function __construct()
{
$this->load->config('rest');
//$this->_prepare_basic_auth(); //Uncomment to use basic
//$this->_prepare_digest_auth(); //Uncomment to use digest
parent::Controller();
}
Related
Im trying to add a SessionComponent to my controller in order to able to change the language of my app on the fly. The following snippet (specifically line 3) is the code i've tried according to http://book.cakephp.org/2.0/en/controllers/components.html#using-components
class AppSettingsController extends AppController
{
var $components = array('Session');
But when i try to run any of the actions of my Controller i get:
SessionComponent could not be found.
Create the class SessionComponent below in file:
src/Controller/Component/SessionComponent.php
As if the SessionComponent doesn't exist. All answers i have been able to find say that what i have already done ought to work. Do you have any idea what i might have missed or what i should look into to fix it?
From your post I conclude that you are referred to a CakePHP 2 documentation, but error message telling us that you are using CakePHP 3!
src/Controller/Component/SessionComponent.php
cakephp 3 has the following components:
Authentication
Cookie
Cross Site Request Forgery
Flash
Security
Pagination
Request Handling
and here is how to use sessions in your application:
http://book.cakephp.org/3.0/en/development/sessions.html#accessing-the-session-object
I'm in the process of building a RESTful API server. Everything is working as it should be as of now.
I'm using Phil Sturgeon RESTful server implementation for CodeIgniter which is pretty much popular.
https://github.com/chriskacerguis/codeigniter-restserver
What i need is to have a Basic API key authentication for some of the routes which this Package already provides, but it does apply to all the API Routes.
I do not want Authentication for all Routes..as some API should be called without Authentication
How do we achieve it..
Note : I cant switch the technology or framework as I'm currently using the Models which have been developed before and being used now.
Eg Route without Auth : $route['api/products'] = "api/Products/allProducts";
Eg Route with Auth : $route['api/devices/update'] = "api/Devices/updateDevice";
Try with:
$config['auth_override_class_method']['products']['allproducts'] = 'none';
$config['auth_override_class_method']['devices']['updatedevice'] = 'basic';
add the following code to "application/config/rest.php"
$config['auth_override_class_method']['Products']['allProducts'] = "none";
$config['auth_override_class_method']['Devices']['updateDevice'] = FALSE;
or you can just add this.
$config['auth_override_class_method']['Products']['allProducts'] = "none";
because your application automatically activates the token / is false so there is no need to add a route that activates the token again.
I want to implement a Phill Sturgeon CodeIgniter RESTServer library in my project. I copied the files rest.php, Format.php, REST_Controler.php in folders config,library,library respectively.
I created my controller called services with following code:
<?php
require(APPPATH.'/libraries/REST_Controller.php');
class services extends REST_Controller {
function Teams_get(){
$teamNames=$this->team_model->getTeamNames();
$this->response($teamNames);
}
TeamModel is autoloaded in my autoload.php. When I want to run Teams_get method in my browser result is:
{"status":false,"error":"Unknown method."}
I read here that I should change REST_Controler.php configuration file, but this change should only be done if POST methods are not working.
My services should be public, so I don't need authentication methods.
What's wrong here?
When calling your API, the URL should just be the name of the method, without the _get (or _post). That is added by the REST server depending on how the URL is called (GET vs POST).
So, to call your Teams_get method, you want to send a GET request to the URL /services/Teams (not /services/Teams_get).
Docs: https://github.com/philsturgeon/codeigniter-restserver#handling-requests
I have created a RESTful apps using Lithium php framework and now my question is how to secure it?
Is there any existing code for OAUTH or HTTP Digest Authentication that uses lithium framework?
Thanks for editing your question to actually ask something specific. Please see the following:
https://github.com/search?q=li3_oauth
http://li3.me/docs/lithium/security/auth/adapter/Http
While I'm not sure what sort of security you are looking for ...
There is built in security for Lithium, you can see two short tutorials to get you going here:
Simple Authentication in Lithium
Creating a user in M, V, C
The basics are covered in the "Simple Authentication" tutorial ... you'll need:
A database to keep track of you users
Bootstrap Auth via config/bootstrap.php
Setup Sessions & Auth adapters
Then it depends on if you are going to do authenticaion via forms, or by some other method.
The turtorials will show you how to setup a form, but you can also "secure" the route (url) that is being requested via the config/routes.php file like so ...
<?php
use lithium\net\http\Router;
use lithium\core\Environment;
use lithium\security\Auth;
// check if the user is logged in
$user = Auth::check('default');
// these routes are not behind a login
Router::connect('/login', 'Sessions::add');
Router::connect('/logout', 'Sessions::delete');
if ($user && $user["user"] == "admin") {
// these two routes will only work if a user is authenticated.
Router::connect('/{:controller}/{:action}/{:args}.{:type}');
Router::connect('/{:controller}/{:action}/{:args}');
}
// redirect the user to a login if no other routes match
Router::connect('/{:args}', array(), function($request) { header('Location: /login/url/'.str_replace('/','*',$request->url)); exit; });
?>
Can anyone link me to some Symfony resources, they are hard to find. I am having a little trouble understanding how to use it correctly. Like with CodeIgniter to use the security helper you would load it doing this:
$this->load->helper('security');
And you would use its functions you would do something like this:
$data = $this->input->xss_clean($data);
But with Smyfony to redirect someone to a 404 page, you need to use the sfAction class and the redirect404() api. So could anyone explain or link me a good tutorial?
I would highly recommend you set aside a few hours and read through the Practical Symfony tutorial. It goes through all the basics from project start to end.
Symfony, although a great framework, has a steep learning curve. This tutorial really helps you understand how it works, from the basics to more advanced stuff.
http://www.symfony-project.org/book/1_2/06-Inside-the-Controller-Layer#chapter_06_sub_skipping_to_another_action (scroll down a few paragraphs)
Using
http://www.symfony-project.org/api/1_4/sfAction
You have access to a number of 404 redirection methods (redirect404, forward404, forward404If, forward404Unless) which are detailed on the link above. You have access to all of these methods from within your actions:
public function executeAction(sfWebRequest $request)
{
$this->forward404();
}
I would recommend using forward404 instead of redirect404 as the latter will push the redirection back to the browser and show your user the 404 page's URL instead of the URL they attempted to access.
Configuring
You can configure the module and action that should be executed when a 404 is triggered in your application's config/settings.yml like this:
all:
.actions:
error_404_module: my_module # To be called when a 404 error is raised
error_404_action: my_action # Or when the requested URL doesn't match any route
Update:
For general information on Symfony check out the three books they have available online: http://www.symfony-project.org/doc/1_4/, 'Practical Symfony' being a great place to get started. There is also a complete API reference available: http://www.symfony-project.org/api/1_4/.