Closed SteveFortune closed 10 years ago
First: are you using current stable version (1.0.3) or dev-master (future v2 in a few days). If you are using stable I urge you to use dev master as v1 is conceptually broken.
Let me know which version you use so I can provide better help :)
Envoyé de mon iPhone
Le 9 janv. 2014 à 01:44, Steve Fortune notifications@github.com a écrit :
I've been struggling with this issue for a few days now and I can't seem to figure out whats going on.
I'm building a simple REST service as a proof of concept, mainly to test a few PHP libraries out: zfc_rbac, along with this OAuth 2 library to authenticate requests.
When I try to use either Route or Controller Guards in my module zfc_rbac config, my application hangs for a few seconds then responds with no data and a status code of 0.
I have my config set up like so:
'zfc_rbac' => array(
// This is my custom provider that pulls a User entity implementing IdentityInterface based on an access token 'identity_provider' => 'Application\Rbac\IdentityProvider\OAuth2IdentityProvider', // I get the same issue with or without this line 'guest_role' => 'public', 'guards' => array( // If I comment this k=>v out it starts responding normally again 'ZfcRbac\Guard\ControllerGuard' => array( array( 'controller' => 'Application\Controller\Article', 'actions' => array( 'create', 'update', 'delete', ), 'roles' => array( 'member', ), ), ), ), 'protection_policy' => \ZfcRbac\Guard\GuardInterface::POLICY_ALLOW, 'role_provider' => array( 'ZfcRbac\Role\InMemoryRoleProvider' => array( 'admin' => array( 'children' => array( 'member', ), 'permissions' => array( 'user.edit', 'user.delete', 'user.approve', ), ), 'member' => array( 'permissions' => array( 'article.edit', 'article.delete', 'article.create', 'category.edit', 'category.delete', 'category.create', ), ), ), ), 'unauthorized_strategy' => array( 'template' => 'error/403' ),
), Simply removing the Guard config takes it back to functioning properly again.
I've registered an UnauthorizedStrategy in my module's onBoostrap method and when I have used the AuthorizationService and thrown an UnauthorizedException in my service classes the app responds appropriately by giving a 403.
The app is running over localhost using MAMP and is located in a subfolder, i.e. http://localhost/
/public/ and I haven't tried running it on a remote development server yet. I even resorted to manually setting breakpoints in the ZfcRbac source to try and track the issue down with no luck.
— Reply to this email directly or view it on GitHub.
Thanks !
I'm using dev-master.
It's a bit hard to say where the problem comes from. It could come from your identity provider. Did you check if it appropriately returns the right Identity? Does your identity has any roles that you didn't specified in your config (like a "guest" role) ? In your case, your guest role is called "public". If no identity is found, ZfcRbac will automatically try to fetch the role called "public" from your provider, but you didn't provide any value for it. This may be an issue.
At the moment my identity provider implements ZfcRbac/Identity/IdentityProviderInterface
. It returns a User object from getIdentity
that implements ZfcRbac/Identity/IdentityInterface
correctly (I've tested this out), or returns null
if there is no identity present for the request (i.e. an invalid no no access token).
I got the impression from the comments for ZfcRbac/Identity/IdentityProviderInterface
that getIdentity
should return null if there was no Identity present. Is that correct?
Yes, if you return null, ZfcRbac automatically uses the guest role (which is in your case called "public"). Try to add an empty role with no permissions called "public".
Gotcha, will give it a go asap and post the results. Thanks for your help :)
Ive tried defining a 'public' role both with and without any permissions and it diesnt make any difference.
Mmmhhhh we'll need a bit more code then, it's hard to spot a problem right now.
You can also try my OAuth2 module (https://github.com/zf-fr/zfr-oauth2-server-module)
Do you still have this issue?
I havent had a chance to work on it lately - I just settled for checking user permissions in my model services in the end, as described in the cookbook. That looks like a cool module though.
Ill give a go over the next week or so and let you know if it makes a difference to the issue with the guards.
Ill also try using guards on a remote dev server to determine whether its an issue with my local environment.
Thanks for your help!
There's also https://github.com/zfcampus/zf-oauth2 which you can try.
This is based on the library he already used :). Its just a wrapper.
I've made a completely new oauth implementation for doctrine ;)
Envoyé de mon iPhone
Le 20 janv. 2014 à 04:45, Kyle Spraggs notifications@github.com a écrit :
There's also https://github.com/zfcampus/zf-oauth2 which you can try.
— Reply to this email directly or view it on GitHub.
@bakura10, have you tried your OAuth2 library with zfc-rbac?
Not yet :).
@SteveFortune still having issues?
@danizord @bakura10, still haven't had a chance to work on it lately. I've actually got a sprint next week over which my job is to implement access control with zfc-rbac so I'll let you know.
Out of interest, has anyone been able to recreate this issue?
I don't
Me neither. I'm closing for now. If you still have this issue please reopen the issue :).
OK will do. Thanks for your help!
I've been struggling with this issue for a few days now and I can't seem to figure out whats going on.
I'm building a simple REST service as a proof of concept, mainly to test a few PHP libraries out: zfc_rbac, along with this OAuth 2 library to authenticate requests.
When I try to use either Route or Controller Guards in my module
zfc_rbac
config, my application hangs for a few seconds then responds with no data and a status code of 0.I have my config set up like so:
Simply removing the Guard config takes it back to functioning properly again.
I've registered an
UnauthorizedStrategy
in my module's onBoostrap method and when I have used theAuthorizationService
and thrown anUnauthorizedException
in my service classes the app responds appropriately by giving a 403.The app is running over localhost using MAMP and is located in a subfolder, i.e.
http://localhost/<subfolder>/public/<routes>
and I haven't tried running it on a remote development server yet.I even resorted to manually setting breakpoints in the ZfcRbac source to try and track the issue down with no luck.