bjyoungblood / bjyauthorize Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
I take the answer from @bjyoungblood #55 (comment) .
I implement my own UnauthorizedStrategy
like this :
<?php
namespace NovAuthorize\View;
use Zend\EventManager\EventManagerInterface;
use Zend\EventManager\ListenerAggregateInterface;
use Zend\Http\Response as HttpResponse;
use Zend\Mvc\Application;
use Zend\Mvc\MvcEvent;
use Zend\Stdlib\ResponseInterface as Response;
use Zend\View\Model\ViewModel;
use BjyAuthorize\Exception\UnAuthorizedException;
class UnauthorizedStrategy implements ListenerAggregateInterface
{
protected $listeners = array();
public function attach(EventManagerInterface $events)
{
$this->listeners[] = $events->attach(MvcEvent::EVENT_DISPATCH_ERROR, array($this, 'onDispatchError'), -5000);
}
public function detach(EventManagerInterface $events)
{
foreach ($this->listeners as $index => $listener) {
if ($events->detach($listener)) {
unset($this->listeners[$index]);
}
}
}
public function onDispatchError(MvcEvent $e)
{
$response = $e->getResponse();
$headers = $response->getHeaders();
$headers->addHeaderLine('Content-Type', 'application/json');
$response->setStatusCode(403);
$response->setHeaders($headers);
$e->stopPropagation();
}
}
Everything goes through fine, but there still is html content there. Maybe it comes from another controller, but I have no idea where it is. I try to getBody()
and getContent()
from the $response
but I cannot get anything.
I only want to return http status code since I try to implement the json api above this plugin :)
Thanks for reading
File: BjyAuthorize\Provider\Role\ZendDb.php
Method: getRoles()
service to instantiate the class TableGateway should not be 'zfcuser_zend_db_adapter' like ZendDb indentity provider or not?
Here we use name "guard", but in ZfcRbac they use "firewall". Can we come to a common agreement or no matter?
Is it possible to redirect to a given Route (zfcuser/login) instead of Showing a 403? Usually this is a better way for the Usability of a Page.
I don't get what is the resource in the configuration file.
Hey there,
I'm trying to integrate BjyAuthorize into my setup.
It's working quite fine so far, thank you for your effort of providing a nice ACL Layer for ZF2
What I'm wondering about are the Doctrine Entities Role.php.dist and User.php.dist.
The schema they are using is differnt from the one provided in schema.sql.
I tried to integrate a Role entity and was not able to do this with an extra auto increment id field. I changed the table and parent columen through options for BjyAuthorize/Provider/Role/Doctrine like here: https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Provider/Role/Doctrine.php#L47-L62
That works great and is easy to manage.
What seems not to be possible is changing the join table user_role_linker
(https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Provider/Identity/ZfcUserDoctrine.php#L41).
Would really like to have this being changeable like in Doctrine Role Provider.
I could prepare a pr for this, if nothing speaks against it.
Cheers
Requires a successful build, which depends on zendframework/zend-developer-tools#63 and eventually zendframework/zend-developer-tools#53
Looks like the composer package does not point to the latest commit. I' ve been told that is because the packagist hook isn't set up (or isn't set up properly?).
I'm having issue with /Service/Authorize.php:
38: $this->addRoleProvider(new $class($options, $serviceLocator));
44: $this->addResourceProvider(new $class($options, $serviceLocator));
50: $this->addRuleProvider(new $class($options, $serviceLocator));
61: $this->addGuard(new $class($options, $this)); <-- $this here is the BjyAuthorize\Service\Authorize
Is there a specific reason for Guards being passed the Service instead of the Locator?
The two Guards bundled with the module make any use of the Authorize Service passed.
As the Authorize Service doesn't have a getServiceLocator() method and the 'sm' property is set to private, there is no way to access the Service Locator from within a Guard. That creates a problem when one wants to retrieve something (say, a router config) from the Service Locator.
I see two ways of fixing this:
It's a simpel fix. I can attach a patch or make a pull request if you see this issue as valid.
I'm currently passing my custom Guard inside the bjyauthorize config twice - once as a resource provider and once as a rule provider. This gets me the Service Locator as the second argument when the constructor is called :)
I'm finding a way to use this plugin with restful webservice but still don't know how. When I activate the plugin, the route configuration for restful webservice doesn't work anymore. I request the url, it returns html instead.
Looking forward to your reply @bjyoungblood
Ping @iwalz
Well upgrading to the latest master solves the current error, but introduces a new one for me.
Uncaught exception 'Zend\Di\Exception\MissingPropertyException' with message 'Missing instance/object for parameter rules for BjyAuthorize\Guard\Controller::__construct'
It might be related to my own config, but disabling my own modules doesn't resolve the issue though
@japaveh yes, that's basically because you got Zend\Di crunching behind your locator. As soon as you enable a guard, $serviceLocator->has('BjyAuthorize\Guard\Controller') will return true even if no service by that name is defined (because Zend\Di can initialize it without service definition).
So that's basically the problem. The fact is that my latest patch puts the guard coming from the locator as prioritized. A solution may be to check if (!empty($guardOptions)) { /* construct / } else { / attempt to use locator */}.
This anyway is not optimal, since the maximum degree of flexibility is anyway provided by the locator.
For your specific case, the solution is to have following service definition:
return array(
'factories' => function (\Zend\ServiceManager\ServiceLocatorInterface $sl) {
return new \BjyAuthorize\Guard\Controller(
array(
array('controller' => 'admin', 'roles' => array(1)),
),
$sl
);
},
);
@Ocramius Well, with that definition I don't have any error anymore of course, but also no guards are loaded.
A second, more fundamental problem I have with that is I need to decouple the guard configuration between the service configuration and the rest of the rules. In version 1.0 I have the possibility to have a dedicated file for authorization (per module) and a small service configuration.
Besides that, is my specific case so different compared to the default example (shouldn't we split this issue into a new one?)
Hi,
I don't understand why but the following line :
... generate error:
Fatal error: Uncaught exception 'InvalidArgumentException' with message 'Invalid event subscriber "Closure" given, must be a service name, class name or an instance implementing Doctrine\Common\EventSubscriber'
in vendor\doctrine\doctrine-module\src\DoctrineModule\Service\EventManagerFactory.php:58
Stack trace: #0 [internal function]: DoctrineModule\Service\EventManagerFactory->createService(Object(Zend\ServiceManager\ServiceManager), 'doctrine.eventm...', 'doctrine.eventm...')
#1 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php(672): call_user_func(Array, Object(Zend\ServiceManager\ServiceManager), 'doctrine.eventm...', 'doctrine.eventm...')
#2 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php(763): Zend\ServiceManager\ServiceManager->createServiceViaCallback(Array, 'doctrine.eventm...', 'doctrine.eventm...')
#3 vendor\zendframework\ze in vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php on line 679
Hi there,
I'm using Doctrine2 so i don't need zend_db_adapter.
Is it possible to use this module with Doctrine ?
David
Meanwhile Zfc-ACL name is not available, and in order to add this module to the Zfc family :)
PD.- due is just a suggestion to discuss I will submit/close it.
Fatal error: Declaration of BjyAuthorize\Module::onBootstrap() must be compatible with that of Zend\ModuleManager\Feature\BootstrapListenerInterface::onBootstrap() in vendor\bjyoungblood\BjyAuthorize\Module.php on line 13
As of #37, the unauthorized strategy does not work with console application because of obvious incompatibilities between the request/response object APIs.
Fatal error: Class 'BjyAuthorize\Provider\Role\Doctrine' not found in vendor\bjyoungblood\bjy-authorize\src\BjyAuthorize\Service\Authorize.php on line 359
This is more a question than an issue.
In this file: https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Service/Authorize.php
From line 120 - line 141, the code are as below:
public function getIdentity()
{
return 'bjyauthorize-identity';
}
public function getAcl()
{
return $this->acl;
}
public function isAllowed($resource, $privilege = null)
{
if (!$this->loaded) {
$this->load();
}
try {
return $this->acl->isAllowed($this->getIdentity(), $resource, $privilege);
} catch (\Zend\Permissions\Acl\Exception\InvalidArgumentException $e) {
return false;
}
}
I am puzzled by this function:
public function getIdentity()
{
return 'bjyauthorize-identity';
}
It always return the identity as a constant string. However shouldn't the identity be a role fetched through the identity provider? It seems I can't not change the identity anyhow. Maybe I just still haven't found it yet. Anybody can help?
config/services.config.php needs the following:
'BjyAuthorize\View\RedirectionStrategy' => function (ServiceLocatorInterface $serviceLocator) {
return new View\RedirectionStrategy();
},
in \Provider\Identity\ZfcUserDoctrine.php
I beleive the query in the query builder is wrong. The alias is not consistant between the select/where parts and the from part.
Also i beleive it should use ->setParameter() to bind the parameter value. This seems to work;
$builder->select("r.role_id")
->from('user_role_linker', 'r')
->where('r.user_id = :user_id')
->setParameter('user_id', $authService->getIdentity()->getId());
It should work without using a named parameter, but i could not get it to work without it.
Please get this verified from another source, because i could be wrong.
"vendor/bjyoungblood/bjy-authorize/.git" folder exists if I install via composer, ["bjyoungblood/bjy-authorize": "dev-master",].
This doesn't happen on other modules like zfcuser or zfcbase. Is it expected?
Currently, the Route
and the Controller
guards are setting custom properties into the MvcEvent
.
This should be changed by eventually directly throwing exceptions.
No debug information. Console gives only this message:
ERROR: the server encountered an internal error and was unable to complete your request.
Tested on 889d090
called in vendor\bjyoungblood\bjy-authorize\src\BjyAuthorize\Service\Authorize.php on line 82 and defined in vendor\bjyoungblood\bjy-authorize\src\BjyAuthorize\Provider\Role\Doctrine.php on line 45
I updated my config following:
https://github.com/bjyoungblood/BjyAuthorize/blob/master/docs/doctrine.md
But i get:
Fatal error</b>: Uncaught exception 'BjyAuthorize\Exception\InvalidArgumentException' with message 'Config for "BjyAuthorize\Provider\Role\Doctrine" not set' in vendor\bjyoungblood\bjy-authorize\src\BjyAuthorize\Service\ObjectRepositoryRoleProviderFactory.php:35
Stack trace:
#0 [internal function]: BjyAuthorize\Service\ObjectRepositoryRoleProviderFactory->createService(Object(Zend\ServiceManager\ServiceManager), 'bjyauthorizepro...', 'BjyAuthorize\Pr...')
#1 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php(737): call_user_func(Array, Object(Zend\ServiceManager\ServiceManager), 'bjyauthorizepro...', 'BjyAuthorize\Pr...')
#2 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php(867): Zend\ServiceManager\ServiceManager->createServiceViaCallback(Array, 'bjyauthorizepro...', 'BjyAuthorize\Pr...')
#3 vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php( in <b>vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php</b> on line <b>744</b><br />
Currently, tags are following the release-x.y
naming. Should move to semver for better composer compatibility
Old tags should also be re-tagged.
Which is the best method to add an user to the user_role_linker table?
Hello Ben.
Thank you for the module.
I learn Zend and do a first my project.
But I find it hard to understand the file README.md.
I use zftsuser & https://github.com/zendframework/zf2-tutorial.
For example:
After registration, the new user does not have access to the router "/user";
I do not understand how to add roles to the database.
How can I give the role "admin" for the selected user.
You can help any examples?
My repo https://github.com/mamont77/fcontrol
Baet respect,
Ruslan.
Currently, naming of classes follows the schema
BjyAuthorize\Provider\Role\Config
I'm hereby suggesting that we use
BjyAuthorize\Provider\Role\ConfigRoleProvider
This will require some renaming work and to create "old" deprecated versions of the files to avoid major BC breaks.
Hi Ben,
I forgot to write a Doctrine Role Provider.
Here is it:
And the code to add to Module::getServiceConfiguration() :
'BjyAuthorize\Provider\Role\Doctrine' => function ($sm) {
$provider = new Provider\Role\Doctrine;
return $provider;
}
David
usually i do
./vendor/bin/doctrine-module orm:schema-tool:update --force
for updating the db with the specified entities of my module, but after installing BjyAuthorize and running that command, nothing was edited in the database.
My configuration :
<?php
return array(
'bjyauthorize' => array(
// set the 'guest' role as default (must be defined in a role provider)
'default_role' => 'guest',
/* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which
* roles the "identity role" should inherit from.
*
* for ZfcUser, this will be your default identity provider
*/
'identity_provider' => 'BjyAuthorize\Provider\Identity\ZfcUserZendDb',
/* role providers simply provide a list of roles that should be inserted
* into the Zend\Acl instance. the module comes with two providers, one
* to specify roles in a config file and one to load roles using a
* Zend\Db adapter.
*/
'role_providers' => array(
/* here, 'guest' and 'user are defined as top-level roles, with
* 'admin' inheriting from user
*/
'BjyAuthorize\Provider\Role\Config' => array(
'guest' => array(),
'user' => array('children' => array(
'admin' => array(),
)),
),
// this will load roles from the user_role table in a database
// format: user_role(role_id(varchar), parent(varchar))
'BjyAuthorize\Provider\Role\ZendDb' => array(
'table' => 'user_role',
'role_id_field' => 'role_id',
'parent_role_field' => 'parent',
),
),
// resource providers provide a list of resources that will be tracked
// in the ACL. like roles, they can be hierarchical
'resource_providers' => array(
'BjyAuthorize\Provider\Resource\Config' => array(
'pants' => array(),
),
),
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
'allow' => array(
array(array('guest', 'user'), 'pants', 'wear')
),
'deny' => array(
),
),
),
'guards' => array(
'BjyAuthorize\Guard\Controller' => array(
array('controller' => 'Main\Controller\UserController', 'action' => 'get', 'roles' => array('user')),
),
),
),
);
The errors :
Fatal error: Uncaught exception 'Zend\Di\Exception\MissingPropertyException' with message 'Missing instance/object for parameter rules for BjyAuthorize\Guard\Controller::__construct' in /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/Di/Di.php:699
Stack trace:
#0 /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/Di/Di.php(393): Zend\Di\Di->resolveMethodParameters('BjyAuthorize\Gu...', '__construct', Array, NULL, true, true)
#1 /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/Di/Di.php(225): Zend\Di\Di->createInstanceViaConstructor('BjyAuthorize\Gu...', Array, NULL)
#2 /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/Di/Di.php(174): Zend\Di\Di->newInstance('BjyAuthorize\Gu...', Array, true)
#3 /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/ServiceManager/Di/DiServiceFactory.php(104): Zend\Di\Di->get('BjyAuthorize\Gu...', Array)
#4 /vagrant/gift_portal/backend/zf2/ in /vagrant/gift_portal/backend/zf2/vendor/zendframework/zendframework/library/Zend/ServiceManager/ServiceManager.php on line 749
I couldn't decide where to open this issue as it concerns both modules, but i finally chose to create it here, sorry :)
Before i explain a bit more what the problem is, here are the different BjyAuthorize configurations i've been using. They all led to the same error. Following @Ocramius advice on IRC, i also commented out both event manager attachments in the Module onBootstrap method (#1 and #2) but it didn't remove the error either.
The error i'm getting is thrown as soon as i have both modules in the modules list in application.config.php
(BjyAuthorize or ScnSocialAuth alone works) it says : Request URI has not been set. Please set your correct home route key in the scn-social-auth.local.php config file
. It's thrown here in ScnSocialAuth module. It seems that the ZF2 router can't find the home
route key anymore.
It's getting to this part of ScnSocialAuth because AuthenticationDoctrineEntityFactory
calls zfcuser_auth_service
wich starts up the whole authentication chain, including ScnSocialAuth's.
Thanks for your help.
Pinging @SocalNick in case he has any idea.
Hi,
When I enable BjyAuthorize on my hosting provider I get random "Internal Server Errors". The log is not too specific:
[Sun Oct 07 01:42:32 2012] [warn] client xxx.xxx.xxx.xxxConnection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://myserver.com/en/
[Sun Oct 07 01:42:32 2012] [error] [client xxx.xxx.xxx.xxx] Premature end of script headers: index.php, referer: http://myserver.com/en/
Any idea on how to solve this?
EDIT
I've commented out all lines in "onRoute" in file src/BjyAuthorize/Guard/Route.php... The problem seems to start at:
$allowed = $service->isAllowed('route/' . $routeName);
At the momment there is no support in this module for role based access control (rbac).
This is a Feature request to cover that topic.
I think these are some posibilities:
Currently, interfaces define setters/getters also where not needed (like the identity provider interface). They should be removed.
As BjyAuthorize\Provider\Role\Doctrine
is already known by the SL it will not create an new service and hence the $options
are ignored.
/**
* @param string $class
* @param array $options
*
* @return object
*/
private function getOrCreateService($class, $options)
{
if ($this->serviceLocator->has($class)) {
return $this->serviceLocator->get($class);
}
return new $class($options, $this->serviceLocator);
}
I configured it, but always return error 403, with exception indexcontroller, all return error 403. What is this?
For now i simply added ZfcBase, ZfcUser and BiyAuthorize to my Zend Installation. I did the Configuration steps and all i see is:
Zend\ModuleManager\Exception\RuntimeException: Module (biyauthorize) could not be initialized. in vendor/zf2/library/Zend/ModuleManager/ModuleManager.php on line 139
There is something really wrong, any Ideas?
I would like to be able to trigger 403 error and have your module render a page
in controler | viewscript
if (!$this->allowed()) {
trigger 'error-unauthorized';
}
switch($error)
{
case 'error-unauthorized-controller':
$viewVariables['controller'] = $e->getParam('controller');
$viewVariables['action'] = $e->getParam('action');
break;
case 'error-unauthorized-route':
$viewVariables['route'] = $e->getParam('route');
break;
default:
/*
* do nothing if there is no error in the event or the error
* does not match one of our predefined errors (we don't want
* our 403.phtml to handle other types of errors)
*/
return;
}
is that possible? or do you have any advise on how work around that? perhaps i do it incorrectly.
thank you
Hi there,
I think it should be useful to display BjyAuthorize informations (like identity roles) into Zend Developer Tools like DoctrineOrmModule do (https://github.com/doctrine/DoctrineORMModule/blob/master/docs/developer-tools.md).
What do you think about it ?
Currently, the authorization service manages both instantiation and usage of the Zend\Permissions\Acl\Acl
instance. That's a bit messy and instantiation of the ACL instance should be moved to an own factory.
Every time I want to access an route defined with type segment
I get an 403 error.
At this time it's not to bad for me because im in develeopment but
later I need it working with iteral and segment.
When using a route guard, the routes for Console are not taken into account. Running a script now result in a fatal PHP error:
PHP Fatal error: Call to undefined method Zend\Console\Response::setStatusCode() in /home/www/noa/vendor/bjyoungblood/bjy-authorize/src/BjyAuthorize/View/UnauthorizedStrategy.php on line 92
Will console routes be supported in the future?
The previous logic using the providers based on an EntityManager
's connection should be removed. The newly implemented ones should be considered default
@bjyoungblood ping? Can you enable the hook for travis?
Hi there,
user_role_linker table name is hardcoded into BjyAuthorize\Provider\Identity\Doctrine and BjyAuthorize\Provider\IdentityZendDb classes.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.