Closed robbelroot closed 6 years ago
tuupola
commented
6 years ago Try using something like this instead:
$app->add(new Tuupola\Middleware\JwtAuthentication([
"path" => ["/"],
"ignore" => ["/persons/login"],
"secret" => "mysecret.."
]));My guess is you do not have routes such as /api/persons/login defined. Instead you have /persons/loginand the app is installed in subfolder. Slim does not see the subfolder it is installed to.
robbelroot
commented
6 years ago I think it's working now, thanks for your fast reply, i really appreciate it.
tuupola
commented
6 years ago Glad you fixed it!
Misiu
commented
5 years ago @tuupola I know that this issue is very old but I have the exact same issue. I've created a very simple Slim 4 app. I only have one two routes:
<?php
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Factory\AppFactory;
use \Tuupola\Middleware\JwtAuthentication as JwtAuthentication;
require __DIR__ . '/../../vendor/autoload.php';
$app = AppFactory::create();
//because in folder
$app->setBasePath("/api");
$app->add(new JwtAuthentication([
"path" => "/",
"ignore" => ["/foo"],
"secret" => "supersecretkeyyoushouldnotcommittogithub",
"algorithm" => ["HS256"],
"error" => function (Response $response, $arguments) {
$data["status"] = "error";
$data["message"] = $arguments["message"];
$payload = json_encode($data, JSON_PRETTY_PRINT);
$response->getBody()->write($payload);
return $response->withHeader('Content-Type', 'application/json');
}
]));
$app->addRoutingMiddleware();
// Define Custom Error Handler
$customErrorHandler = function (
Request $request,
Throwable $exception,
bool $displayErrorDetails,
bool $logErrors,
bool $logErrorDetails
) use ($app) {
$payload = ['error' => $exception->getMessage()];
$response = $app->getResponseFactory()->createResponse();
$response->getBody()->write(
json_encode($payload, JSON_UNESCAPED_UNICODE)
);
return $response;
};
$errorMiddleware = $app->addErrorMiddleware(true, true, true);
$errorMiddleware->setDefaultErrorHandler($customErrorHandler);
$app->get('/', function (Request $request, Response $response, $args) {
$response->getBody()->write("Hello world!");
return $response;
});
$app->get('/foo', function (Request $request, Response $response, array $args) {
$payload = json_encode(['hello' => 'world'], JSON_PRETTY_PRINT);
$response->getBody()->write($payload);
return $response->withHeader('Content-Type', 'application/json');
});
$app->run();my composer.json file:
{
"require": {
"slim/slim": "4.*",
"slim/psr7": "^0.6.0",
"tuupola/slim-jwt-auth": "^3.4"
}
}
I have my app in subfolder, so I call my API using url like so:
https://subdomain.example.com/api
https://subdomain.example.com/api/foo
When I add Authorization header I get response for both routes, but without that header I can't get ignore to work.
I did a quick test and I moved everything from api folder to root and ignore started working, but I really need that subfolder.
Any ideas what might be wrong/missing?
Misiu
commented
5 years ago @tuupola it looks like $app->setBasePath("/api"); isn't used by your middleware.
after changing this:
"path" => "/",
"ignore" => ["/foo"],to this:
"path" => "/api",
"ignore" => ["/api/foo"],the ignore started working
tuupola
commented
4 years ago I guess the result of these two lines is different on Slim 4. Can you open a bug report for this so it does not get forgotten.
seth100
commented
3 years ago Hi,
is there any news on this issue with Slim v4? I'm still facing this issue (using HttpBasicAuthentication)
Thanks
I have my slim app in the /api folder.
My config is set like: $app->add(new Tuupola\Middleware\JwtAuthentication([ "path" => ["/api"], "ignore" => ["/api/persons/login"], "secret" => "mysecret.." ]));
If i remove that "path" and "ignore" setting, it's working for all routes, i get a 401 error.
But if i use the code above, where i expect that the api path and all sub-paths are protected (except) /api/persons/login. It's not working, all endpoints are open, no 401 error at all.