Open vozax opened 3 months ago
apps-caraga
commented
3 months ago The /me endpoint just returns the info of current user based from the session data. It does not point to a table. As to the users table that is 'not found', it may be hidden or protected by the authorization.tableHandler.
apps-caraga
commented
3 months ago This particular config hides the users table and prevents any operation on it. It's the recommended simplest way to prevent unauthorized access to users data, but it also prevents the current users from accessing their own data.
'middlewares' => 'dbAuth,authorization', 'authorization.tableHandler' => function ($operation, $tableName) { return $tableName != 'users'; },
Instead of this, you may try the following to just hide the password column (as well as any other column that you want to hide). Couple it with multiTenancy handler to limit access only to current users' own data. You can also check on the type of $operation to further customize your actions.
'authorization.columnHandler' => function ($operation, $tableName, $columnName) { return !($tableName == 'users' && $columnName == 'password'); },
apps-caraga
commented
3 months ago It seems to override the session values and destroy the session.
I think it doesn't override the session value, rather, the problem maybe due to different session drivers or path @mevdschee ? Like Codeigniter has its own file or even database table to save its session data while php-crud-api also has a different save path for its session.
vozax
commented
3 months ago It seems to override the session values and destroy the session.
I think it doesn't override the session value, rather, the problem maybe due to different session drivers or path @mevdschee ? Like Codeigniter has its own file or even database table to save its session data while php-crud-api also has a different save path for its session.
I made them both to use the PHPSESSID generated by the native session. The issue is when app is opened CODIGNITER regenerate the session id but when login is called, the API regenerate the SESSION ID and when SESSION Is changed for either of them they again try to re-generate the ID (due to security reasons).
apps-caraga
commented
3 months ago Can you share your use case for this? Maybe, if you are just accessing the php-crud-api endpoints from the codeigniter app, you don't need to maintain user session in the php-crud-api and just use the codeigniter session. It is possible to use apiKeyDbAuth middleware to validate the requests from CI. You just have to retrieve the apiKeyDbAuth.apiKeyColumn when you login to the CI app.
Is there a way to access the session variables of php-crud-api which is installed on https://domain.com/folder/ from Codeigniter app on https://domain.com
I tried setting their session name similar but It seems to override the session values and destroy the session.
Also, I can't seem to find any info in the documentation about updating user info in the database. i tried PUT on /me/ endpoint and /records/users/ endpoint. It says table not found, however, table is there with name,email and passwords stored in it.
Any help will be appreciated.