Closed priyanksaini2010 closed 3 years ago
I have implemented Firewall like following
firewalls: api_register: pattern: ^/register anonymous: true
login: pattern: ^/api/login stateless: true anonymous: true switch_user: true provider: user_provider json_login: check_path: /api/login_check username_path: email password_path: password success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure
and Roles as role_hierarchy: ROLE_STORE_MEMBER: [ROLE_USER] ROLE_STORE_PARTNER: [ROLE_USER] ROLE_CUSTOMER: [ROLE_USER] ROLE_WHOLESALER: [ROLE_USER] ROLE_ADMIN: [ROLE_USER] ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
My Admin Roles is 1. row id: 1 first_name: womb last_name: weq2 email: sheldon@gmail.io roles: ["ROLE_ADMIN", "ROLE_SUPER_ADMIN", "ROLE_ALLOWED_TO_SWITCH"] password: $argon2id$v=19$m=65536,t=4,p=1$onWSKysp1oJQorCzA7mLXA$6u3YfRjTYJ8atTByQz4ATW0rw8ZGebnASE8u1l7BLYw confirmation_token: gTKBGjX7c3B49ajowZVUITf0NslxAi7jBV9A2cO-Sf0 password_requested_at: 2021-02-18 06:43:10 store_id: 1 deleted_at: NULL
But when i am making request to switch user i am still getting token to userid 1
$curl = curl_init();
curl_setopt_array($curl, array( CURLOPT_URL => 'https://xxx.loc/api/login_check?_switch_user=workspace.priyank.sainsi@gmail.com', CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => 'POST', CURLOPT_POSTFIELDS =>'{"email":"sheldon@orderspark.io","password":"TheOrderSpark1","_remember_me":0,"_switch_user":"workspace.priyank.sainsi@gmail.com"}', CURLOPT_HTTPHEADER => array( 'HTTP_X_SWITCH_USER: workspace.priyank.sainsi@gmail.com', 'Content-Type: application/json' ), ));
$response = curl_exec($curl);
curl_close($curl); echo $response;
Thanks in advance
Hey, can you please create a small application with the minimum code required to reproduce the issue?
Closing due to the lack of feedback.
I have implemented Firewall like following
firewalls: api_register: pattern: ^/register anonymous: true
and Roles as role_hierarchy: ROLE_STORE_MEMBER: [ROLE_USER] ROLE_STORE_PARTNER: [ROLE_USER] ROLE_CUSTOMER: [ROLE_USER] ROLE_WHOLESALER: [ROLE_USER] ROLE_ADMIN: [ROLE_USER] ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
My Admin Roles is 1. row id: 1 first_name: womb last_name: weq2 email: sheldon@gmail.io roles: ["ROLE_ADMIN", "ROLE_SUPER_ADMIN", "ROLE_ALLOWED_TO_SWITCH"] password: $argon2id$v=19$m=65536,t=4,p=1$onWSKysp1oJQorCzA7mLXA$6u3YfRjTYJ8atTByQz4ATW0rw8ZGebnASE8u1l7BLYw confirmation_token: gTKBGjX7c3B49ajowZVUITf0NslxAi7jBV9A2cO-Sf0 password_requested_at: 2021-02-18 06:43:10 store_id: 1 deleted_at: NULL
But when i am making request to switch user i am still getting token to userid 1
$curl = curl_init();
curl_setopt_array($curl, array( CURLOPT_URL => 'https://xxx.loc/api/login_check?_switch_user=workspace.priyank.sainsi@gmail.com', CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => 'POST', CURLOPT_POSTFIELDS =>'{"email":"sheldon@orderspark.io","password":"TheOrderSpark1","_remember_me":0,"_switch_user":"workspace.priyank.sainsi@gmail.com"}', CURLOPT_HTTPHEADER => array( 'HTTP_X_SWITCH_USER: workspace.priyank.sainsi@gmail.com', 'Content-Type: application/json' ), ));
$response = curl_exec($curl);
curl_close($curl); echo $response;
Thanks in advance