I'm new on Symfony functional test world and trying to test my first API controller with a lot of trouble...
I'm trying to test that endpoint :
$token = $em->getRepository(Token::class)->findOneBy(['value' => $tokenValue]);
if ($token && $this->getCurrentUser() && $token->getUser()->getId() === $this->getUser()->getId()) {
$em->remove($token);
$em->flush();
} else {
throw new NotFoundHttpException();
}
Problems: That controller use EntityManager, TokenInterface (not used, just for example), and a string token value.
I can provide entityManager interface with initializing it in static::$container, but can't with TokenInterface and don't know how to proceed for $tokenValue
Here's my test :
$this->tokenStorage = self::$container->get('security.token_storage');
$this->session = self::$container->get('session');
$this->currentUser = $this->generateFakeEntity(User::class, $currentUserData);
$token = new UsernamePasswordToken($this->currentUser, null, 'api', $this->currentUser->getRoles());
$this->tokenStorage->setToken($token);
$this->session->set('_security_api', serialize($this->tokenStorage->getToken()));
$this->session->save();
$cookie = new Cookie($this->session->getName(), $this->session->getId());
$this->client->getCookieJar()->set($cookie);
$this->client->request(Request::METHOD_DELETE, '/api/external/v1/fr/34pas40EasterEGGDigitemisKeyTesterCDouterCorrigerCAbdiquer2020ItIsNotABugItIsAFeature/34pas40/auth-tokens/1');
$this->assertResponseStatusCodeSame($expectedCode, $this->wrongStatusCodeError($expectedCode, self::PREFIX_SUPER_ADMIN . '/auth-tokens/', __METHOD__));
$tokenValue error :
Controller "App\Api\SuperAdminApiController::removeAuthTokenAction()" requires that you provide a value for the "$tokenValue" argument. Either the argument is nullable and no null value has been provided, no default value has been provided or because there is a non optional argument after this one.
TokenInterface error :
Symfony\Component\DependencyInjection\Exception\RuntimeException: Cannot autowire argument $token of "App\Api\SuperAdminApiController::removeAuthTokenAction()": it references interface "Symfony\Component\Security\Core\Authentication\Token\TokenInterface" but no such service exists. Did you create a class that implements this interface?
Question: How to proceed to inject that required arguments from a functional test?
Thank you in advance for your time :)
Related
I am trying to run tests in my Symfony test environment but keep getting an error.
Error: Call to a member function getContainer() on null
I figured I have problem with authentication of the user.
I have loaded a fixture to persist one user object into test database fort the needs of authentications (even if i do not know it that is needed).
protected function createAuthenticatedClient(): KernelBrowser
{
self::ensureKernelShutdown();
$client = static::createClient();
$session = $this->client->getContainer()->get('session');
$firewall = 'secured_area';
$token = new UsernamePasswordToken('admin', null, $firewall, array('ROLE_ADMIN'));
$session->set('_security_'.$firewall, serialize($token));
$session->save();
$cookie = new Cookie($session->getName(), $session->getId());
$client->getCookieJar()->set($cookie);
return $client;
}
I do not know what am I doing wrong?
I have to note that my project does the authentication trough x-api-key value in header.
This is a whole new world in Symfony regarding tests for me, so any guidance and help is highly appreciated.
I am running a Symfony 2.8 based web app using FOSUserBundle to manage users. Creating new users with a web form is absolutely no problem.
Now I would like to add a feature to create new users with a REST api. Of course submitting username, password, email, etc. to a controller is no big deal:
public function registerAction(Request $request) {
$requestJson = json_decode($request->getContent(), true);
$username = $requestJson[JSON_KEY_USERNAME];
$email = $requestJson[JSON_KEY_MAIL];
$password = $requestJson[JSON_KEY_PASSWORD];
...
$this->registerUser($username, $email, $password);
...
}
private function registerUser($username, $email, $password, $locale, $timezone, $currency) {
$userManager = $this->get('fos_user.user_manager');
$emailExist = $userManager->findUserByEmail($email);
$userNameExists = $userManager->findUserByUsername($username);
if ($emailExist || $userNameExists)
return false;
$user = $userManager->createUser();
$user->setUsername($username);
$user->setEmail($email);
$user->setPlainPassword($password);
...
$user->setLocked(0);
$user->setEnabled(0);
$userManager->updateUser($user);
return true;
}
However, this performs no validation at all. If for example the username is empty an NotNullConstraintViolationException is thrown when persisting the user object.
Of course I could manually re-implement the same validation process which is used by the RegistrationForm (username not empty, not taken, no invalid characters, password min length, e-mail format, etc.) and pass back the same error messages but this would mean to reinvent the wheel.
Is it somehow possible to run the exact same validation which is used by the RegistrationForm?
Symfony validator can work independently. In a controller you can use validator service like this:
$violations = $this->get('validator')->validate($user, null, ['your_groups_here']);
// Or inject Symfony\Component\Validator\Validator\ValidatorInterface into a service.
It will return a ConstraintViolationListInterface, you can loop trough this object.
You can check FOSUserBundle validation groups here: https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/config/validation.xml
So I'm using Lexik JWT bundle (Symfony 2.8) to authenticate over Google and when user is logging in it works well. My Success handler looks like this:
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
$user = $token->getUser();
$jwt = $this->jwtManager->create($user);
$response = new JsonResponse();
$event = new AuthenticationSuccessEvent(['token' => $jwt], $user, $response);
$this->dispatcher->dispatch(Events::AUTHENTICATION_SUCCESS, $event);
$redirectResponse = new RedirectResponse('http://localhost:3000?token='.$event->getData()['token']."&username=".$user->getUsername());
return $redirectResponse;
}
So I'm redirecting user to some localhost and passing token as "token" get variable and that works well. Later I can pass that token value trough header and I get authenticated.
Problem is - I want to get the same token from my controller. I'm using the similar code:
$jwtManager = $this->get('lexik_jwt_authentication.jwt_manager');
$tokenStorage = $this->get('security.token_storage');
$token = $tokenStorage->getToken();
$user = $token->getUser();
$jwt = $jwtManager->create($user);
$response = new JsonResponse();
$event = new AuthenticationSuccessEvent(['token' => $jwt], $user, $response);
$token = $event->getData()['token'];
echo $token;
And I really get some token, but that's not the same one I get from success handler. Tried passing it as header "Autorization" parameter, but it doesn't work. I'm getting 401 error and message:
Unable to verify the given JWT through the given configuration. If the \"lexik_jwt_authentication.encoder\" encryption options have been changed since your last authentication, please renew the token. If the problem persists, verify that the configured keys/passphrase are valid.
What I'm doing wrong here? Why I'm getting different token and how can I get token I'm getting form success handler?
Found the solution. It goes like:
$user = $this->get('security.token_storage')->getToken()->getUser();
$jwtManager = $this->get('lexik_jwt_authentication.jwt_manager');
$token = $jwtManager->create($user);
I know this is an old question, but I found a solution that let you use the token anywhere, not just in the controller.
Instead of using TokenInterface, use TokenStorageInterface
public function __construct(TokenStorageInterface $tokenStorage) {
$this->token = $tokenStorage->getToken();
$this->user = $this->token->getUser();
}
How do I create and access Symfony 2 session variables in my controllers.
I used like this.
$session = new Session();
$session->start();
$session->set('loginUserId',$user['user_id']);
I want to know how to use the above session variable in all my controllers to access.
One way of using Sessions in Symfony in controller is:
setting:
$this->get('session')->set('loginUserId', $user['user_id']);
getting:
$this->get('session')->get('loginUserId');
If you use standard framework edition
From the docs:
Symfony sessions are designed to replace several native PHP functions.
Applications should avoid using session_start(),
session_regenerate_id(), session_id(), session_name(), and
session_destroy() and instead use the APIs in the following section.
and:
While it is recommended to explicitly start a session, a sessions will
actually start on demand, that is, if any session request is made to
read/write session data.
So sessions is started automatically and can be accessed e.g. from controllers via:
public function indexAction(Request $request)
{
$session = $request->getSession();
...
}
or:
public function indexAction()
{
$session = $this->getRequest()->getSession();
// or
$session = $this->get('session');
...
}
than:
// store an attribute for reuse during a later user request
$session->set('foo', 'bar');
// get the attribute set by another controller in another request
$foobar = $session->get('foobar');
// use a default value if the attribute doesn't exist
$filters = $session->get('filters', array());
http://symfony.com/doc/current/components/http_foundation/sessions.html
use Symfony\Component\HttpFoundation\Session\Session;
$session = new Session();
$session->start();
// set and get session attributes
$session->set('name', 'Drak');
$session->get('name');
// set flash messages
$session->getFlashBag()->add('notice', 'Profile updated');
// retrieve messages
foreach ($session->getFlashBag()->get('notice', array()) as $message) {
echo '<div class="flash-notice">'.$message.'</div>';
}
Thanks for your valuable suggestions
i have created a login system where i want to store the id's of users in session variables
this is my controller for login system
use Symfony\Component\HttpFoundation\Session\Session;
class successController extends Controller
{
public function successAction(Request $request)
{
--some code for form--
$repository = $em->getRepository('RepairStoreBundle:users');
$query = $repository->auth($name,$password);
$error="sorry invalid username or password";
if($query== false)
{
return $this->render('RepairLoginBundle:login:login.html.php', array(
'form' => $form->createView(),'error'=>$error,));
}
else
{
$role=$query[0]['role'];
$id=$query[0]['id'];
if($role == 1)
{
$session = new Session();
$session->start();
$session->set('id',$id);
$result=$repository->display();
return $this->render('RepairLoginBundle:login:success.html.php',array('result'=>$result,));
}
else
{
$session = new Session();
$session->start();
$session->set('id',$id);
$res= $repository->edit($id);
return $this->render('RepairLoginBundle:login:user.html.php',array('res'=>$res));
}
}
}
}
when admin logins with role=1 it will render to success.html.php
in this view how can i get the session variable which i have set in the controller.
i have used $session->get('id');
it is giving me server error please help with this
Upfront Authentication should better be done with the Security Component in Symfony2.
Read more about it in The Book - Security. You should probably also take a look at FOSUserBundle
Accessing the session from a PHP template in symfony2:
echo $app->getSession()->get('whatever');
Session Handling
There is an article in the official documentation:
Components/HttpFoundation - Session Data Management
The API documentation for the Session Component can be found here:
http://api.symfony.com/master/Symfony/Component/HttpFoundation/Session/Session.html
In the symfony2 standard-edition you can get the session from within a controller with:
$session = $this->getRequest()->getSession();
As you already have the request as an argument in successAction you could access the session with:
$session = $request->getSession();
Set a value with ( $value needs to be serializable ):
$session->set('key',$value);
Get a value with:
$session->get('key');
Saving (and closing) the session can be done with:
$session->save();
You should also loook at the SessionBag class.
you create a SessionBag and register it with the session. see:
Symfony API
In the registered SessionBag - which implements AttributeBagInterface - you can get and set your key/value's as desired.
TIP: If you want to get the current User and you have a container aware controller ( container injected )
you can use:
$user = $this->container->get('security.context')->getToken()->getUser();
if you are extending Symfony's Controller class in the standard-edition - the shorter way is:
$user = $this->get('security.context')->getToken()->getUser();
or even shorter (Symfony > 2.1.x):
$user = $this->getUser();
Alternative ( If your controller is not container aware ):
Define the controller as a service and inject #security.context:
YAML:
# src/Vendor/YourBundle/Resources/config/services.yml
services:
my.controller.service:
class: Vendor\YourBundle\Controller\successController
arguments: ["#security.context"]
Vendor\YourBundle\Controller\successController:
protected $securityContext;
public function __construct(SecurityContextInterface $securityContext)
{
$this->securityContext = $securityContext;
}
then in your action:
$user = $this->securityContext->getToken()->getUser();
Note:: you have to use the service in your routing aswell if you choose the controller-as-service variant. example routing.yml :
[...]
route_name:
pattern: /success
defaults: { _controller: my.controller.service:successAction }
[...]
[...]
Note... you can also inject the session with "#session"
# src/Vendor/YourBundle/Resources/config/services.yml
[...]
arguments: ["#security.context","#session"]
Note injecting the whole container is resource-heavy. advanced developers inject their needed services one-by-one and not the whole container.
Tip: Normally Controller classes are written with a capital first letter - example: *S*uccessController
General TIP: You have unnecessary dublicate code in your example:
// 'if' and 'else' execute the same stuff here
// result: dublicate code = more code = harder to read
if($role == 1)
{
$session = new Session();
$session->start();
[...]
}
else
{
$session = new Session();
$session->start();
[...]
}
should better be ...
// better: put this stuff before the if/else statement
$session = new Session();
$session->start();
if($role == 1)
{
[...]
}
else
{
[...]
}