I have rerouted all the traffic to my main domain let's say www.example.com and my first page is www.example.com/login so any entry in the subdomain will be redirected to main domain so something.example.com/login will end up on the same page as www.example.com/login (but the subdomain will stay in the url). The reason I am doing this is that i have multi 'clients' and 'users' every user is responsible for one or more client and its all set in the database and working perfectly so i can login with user1 i will see some tasks for user1 on client1 and when i login with user2 i will see tasks from user2 on client2 etc...
Now i need to do one more thing to make it look a bit better, when someone opens example.com and login with user1 credentials i want him to be redirected to client1.example.com and at the same time when someone opens client1.example.com i want him to see the logo from that client.
All the database queries and other login issues are handled but i am facing couple of issues:
how to redirect to the correct client (subdomain) ?
and vice versa if a (super admin) user which responsible for managing clients and users logs in how to redirect him to main domain (example.com) without?
One more issue but i think it will be solved when i can solve the other issues is when a user manages more than one client, i want to give him the ability to switch clients something like user1 have a menu to switch to client1 or client2 but any redirection i make is logging the user out. how can i maintain the session with this feature ?
p.s when different users logs in the (theme) colors and logos of the application are being called from database according to the client and thats why i need to read the subdomain on the first page so i can change the login logo according to the subdomain
this is a piece of my code to see how i am achieving this if anyone is interested
$currentUrl = $request->getHttpHost();
$baseUrl = $this->container->getParameter('base_url');
$subdomain = str_replace('.'.$baseUrl, '',$currentUrl);
if (sizeof($user->getClients()) > 0) {
$filter = $this->em->getFilters()->enable(Utils::CLIENT_FILTER_NAME);
if ($user->getLastLoggedInClient() !== null) {
$client = $user->getLastLoggedInClient();
} else {
$client = $user->getClients()->first();
}
if ($client == null) {
throw new ClientNotFoundException();
}
if(!$client->isActive()){
throw new ClientNotActiveException();
}
$this->session->set(Utils::CLIENT_ID_NAME, $client->getId());
$this->session->set('client', $client);
$filter->setParameter(Utils::CLIENT_ID_NAME, $client->getId());
$user->setLastLoggedInClient($client);
$this->em->persist($user);
$this->em->flush();
}
else{
return new RedirectResponse('/logout');
}
return new RedirectResponse('/');
so i think somewhere around here return new RedirectResponse('/'); i need to redirect to the correct subdomain.
Thanks!
When you first realise that a user needs to login (from client1.example.com), put the URL, or 'client1' client-name into a session, readable on www.example.com - or add it to the URL (like https://www.example.com/login/to/client1 - the route would be '/login/to/{clientname}'), or more simply /login?clientname=client1.
When a user has logged in, and been verified to be a member of 'client1', then the redirection would be to a route like 'client_app_dashboard', ['clientname' => 'client1'] - and a route definition of #Route("/", name="client_app_dashboard", host="{clientname}.example.com")
The Symfony docs have information on How to Match a Route Based on the Host.
As for a logo - that would be fetched and displayed based on the $clientname on the www. homepage.
Related
I've been battling this question/issue for a while now. And I am kinda stuck at this point, so, please help!
I need to set up a Conditional reverse proxy using NGINX. The Conditional part is based on the result of oath authentication, possible user roles.
Here's example of post auth map that I have:
map $auth_result $out_role {
'group-1' 'admin';
'group-2' 'editor';
'group-3' 'user';
default 'user';
}
I have three services that are behind reverse proxy;
localhost:123 - accepts admin, editor, user
localhost:111 - accepts only admin, editor users
localhost:222 - accepts only admin, editor users
So if user authenticated with user group user then he should always be redirected to localhost:123 and only to that. If user authenticated with admin or editor then he has allowance to all site resources.
I have tried using
location /foo/bar/ {
if($out_prole = 'user') {
return 304 localhost:123; # and be done with it
}
}
but that did not get me anywhere, for nginx not handling it's conditionals conveniently inside location blocks.
Now I'm looking for a way to accomplish that; Should I be setting up different server {...} blocks inside nginx? or maybe there's a way to accomplish this without conditionals?
Please help me find a direction with this problem, for I am stuck.
Thanks,
Vadim
I'm trying to determine if the user is browsing PWA on server side. On client side I can check if the browser mode is standalone via JavaScript and detect PWA, but on server side this is not an option. So I'm using simple query parameter for that. Start URL in manifest has query param isPwa appended and every time user opens PWA, it goes to https://example.com/?isPwa. What I need now is to keep that parameter while user browses PWA, so I need to set isPwa parameter to next URL that user opens if the referer URL already had isPwa parameter, but my code goes to redirection loop and I'm unable to identify the cause of this. Here's my code:
function addIsPwaQueryArg() {
$referer = wp_get_referer();
if (strpos($referer, 'isPwa') !== false) {
$location = remove_query_arg('isPwa');
wp_redirect(add_query_arg('isPwa', '', $location));
exit;
}
}
add_action('template_redirect', 'addIsPwaQueryArg');
Can someone tell me what's wrong with my code and why is it not working?
Thanks!
I have a website where I have to authenticate the users registered in another system (in this case the Kayako support system).
I think I have to use the APIs to resolve this problem, but I don't really know how to get started.
Can someone please help me solve this problem? How can I send the data required for the authentication and how do I manage the response I get from Kayako.
Figure out how the API of the Kayako system looks like. In WordPress you can do something similar like this in order to authenticate the users:
// this action is executed just before the invocation of the WordPress authentication process
add_action('wp_authenticate','checkTheUserAuthentication');
function checkTheUserAuthentication() {
$username=$_POST['log'];
$password=$_POST['pwd'];
// try to log into the external service or database with username and password
$ext_auth = try2AuthenticateExternalService($username,$password);
// if external authentication was successful
if($ext_auth) {
// find a way to get the user id
$user_id = username_exists($username);
// userdata will contain all information about the user
$userdata = get_userdata($user_id);
$user = set_current_user($user_id,$username);
// this will actually make the user authenticated as soon as the cookie is in the browser
wp_set_auth_cookie($user_id);
// the wp_login action is used by a lot of plugins, just decide if you need it
do_action('wp_login',$userdata->ID);
// you can redirect the authenticated user to the "logged-in-page", define('MY_PROFILE_PAGE',1); f.e. first
header("Location:".get_page_link(MY_PROFILE_PAGE));
}
}
The try2AuthenticateExternalService() method should contain some curl-request (or similar) to the remote service.
My application has 2 security firewalls
"admin" - used by internal staff
"account" - used by customers.
Previoly I had one action under the account firewall, the action in the controller looks something like this.
$user = //get user somehow
$token = new UsernamePasswordToken($user, null, 'account', $user->getRoles());
$this->get('security.token_storage')->setToken($token);
With this code above, I was able to "login as" different users, and this was working but not exactly what I wanted.
However, when I move this code to an action inside my the admin firewall, it is instead changing the token for the admin firewall, but I still want it to change the token for the account firewall, is this possible?
(In other words, I only want admin users to have the ability to login as different account users)
I would rather not share the "context" between the firewalls, as I would like someone to be able to be logged into the admin and the account firewalls at the same time.
This may be a little hacky, but manually wiriting the token to the session achieved what I wanted
$token = new UsernamePasswordToken($user, null, 'account', $user->getRoles());
$this->get('session')->set('_security_account',serialize($token));
// Needed to prepend "_security_" to the firewall name to get "_security_account"
Didnt even need to call lines such as
//Didnt seem to need to call either of these
$this->get('security.token_storage')->setToken($token); //Symfony 2.6+
$this->get('security.context')->setToken($token)
I've looked over hundreds of answers for similar issues to this but can't find anything that seems to help.
I'm running the latest version of the PHP SDK and a login to facebook button which has a generated link from getLoginUrl().
Running on my development laptop and logged in as the application developer it passes me back to the redirect url (Both the callback url when calling getLoginUrl() and the URL set in my application settings are exactly the same) I then do a getUser call which will function in these circumstances.
If i try the same process using my Iphone on the same network, logged in as the same user on facebook getUser() returns 0.
It also does the same for any other user trying to login with facebook.
Sandbox mode is disabled.
my app domains seem to be set up correctly.
I'm really unsure of what to do next.
Many thanks for your responses guys - Turns out the issue was i was sending the request from one page and redirecting back to another. This seems to upset facebook (I'm guessing it will only re-direct back to the page it was called from).
That solved the problem anyway - but many thanks for your responses.
First make sure you are maintaining sessions in your scripts with:
session_start();
at the top of your php file.
Next use something like this to test if you have a fb user and if not, redirect them to the oauth, which will just renew their token if they've already authorized by it's expired.
require_once('facebook/fb.inc');
session_start();
if (!$fbUser) {
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email,publish_stream,user_location',
'redirect_uri' => 'http://scubadivinglog.org/php/fblink.php'
)
);
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
exit;
}
Hope this helps. Let us know and if not post the code you are using.