Closed sujit-baniya closed 4 years ago
Not even working with
public function loginPost(LoginRequest $login)
{
if (!$login->isValid()) {
return [
'status' => 400,
'errors' => $login->getErrors()
];
}
// application specific login logic
$user = $this->users->findOne(['username' => $login->getField('username')]);
if (
$user === null
|| !password_verify($login->getField('password'), $user->password)
) {
return [
'status' => 400,
'error' => 'No such user'
];
}
// create token
$token = $this->authTokens->create(['userID' => $user->id]);
$this->auth->start(
$token
);
if ($this->auth->getActor() === null) {
throw new ForbiddenException();
}
dump($this->auth->getActor());
}
Have you tried accessing Actor in a new request after that? Do you have ActorProviderInterface
connected to your ORM entity?
https://spiral.dev/docs/security-authentication#actor-provider-and-token-payload
Yes, I did try accessing Actor, Please check this file: https://github.com/itsursujit/go-php/blob/master/app/src/Database/User.php
ActorProviderInterface Connted to ORM entity: https://github.com/itsursujit/go-php/blob/master/app/src/Repository/UserRepository.php
Still can't access authenticated user: https://github.com/itsursujit/go-php/blob/master/app/src/Controller/HomeController.php#L43
Also Please check this video: https://storyxpress.co/video/k8x5q34nms4w3a0ke
You did not connect UserBootloader so no user can be located. I'll make the error more obvious in the next release.
How would I connect UserBootloader?
See the PR I sent you, add it to App, same as FakerBootloader
I merged it.
Still can't make it work
https://github.com/itsursujit/go-php/blob/master/app/src/Controller/HomeController.php#L43
Still getting: Invalid Login Attempt or user not found
@wolfy-j Anything I'm missing here?
Sorry, I can't check at the moment (work). Will take a look closer to the evening.
Make sure to activate HttpAuth and check if the value of the cookie was set. https://spiral.dev/docs/security-authentication#installation-and-configuration
I'd applied everything mentioned in the link above
Can you check if the cookie was set?
Cookies are not set
Have only:
array(2)
[
· ['csrf-token'] = string(16) bGeBK+Jl0sBJKSWD
· ['sid'] = string(26) bu0jf4n1cmmt1k1v74v982tatl
]
The cookie token
must be set after the successfull authentication. If it wasn't I'd have to check your build again. It is def working on production for us so it seems like some misconfiguration.
I checked again: https://www.loom.com/share/3a7304c0b34b4e7ebf9d013f4894b13d
No such cookies storing... Any suggestions I should be looking into?
@wolfy-j Probably the cookies is not accessible via other controller or browser. This is because.
I did dump($this->cookies->getAll()
and I could see token
right after validating login data
public function loginPost(LoginRequest $login)
{
$this->session->getSection('auth')->clear();
if (!$login->isValid()) {
return [
'status' => 400,
'errors' => $login->getErrors()
];
}
// application specific login logic
$user = $this->users->findOne(['username' => $login->getField('username')]);
if (
$user === null
|| !password_verify($login->getField('password'), $user->password)
) {
$uri = $this->router->uri('login', [
'error' => 'Invalid Users'
]);
return $this->response->redirect($uri);
}
// create token
$this->auth->start(
$this->authTokens->create(['userID' => $user->id])
);
// dump($this->cookies->getAll());
$this->session->getSection('auth')->set('token', $this->auth->getToken());
return $this->response->redirect($this->router->getRoute('home')->uri());
}
Any suggestions after above finding?
I've set
And I could login with following code
LoginController.php
:But When I tried to access protected route,
home
HomeController.php
, I'm not getting the details of authorized userHere, I'm getting Forbidden. I'm following as per this documentation: https://spiral.dev/docs/security-authentication#actor-provider-and-token-payload
Here the browser testin : https://storyxpress.co/video/k8wzh5q7nz2rsgwv3
home/index
: https://github.com/itsursujit/go-php/blob/master/app/src/Controller/HomeController.php#L43 Am I doing something wrong?[UPDATED:
$this->auth
on Controller returningnull
]