How to protect Airflow custom model views added via Plugin system from unauthenticated user ? I'm currently using password protection but pages added by my plugin can be accessed without being logged in...
Try adding the same #login_required decorator that the protected builtin views use.
import airflow
login_required = airflow.login.login_required
class TestView(BaseView):
#expose('/')
#login_required
def test(self):
...
Related
I have build my own Plugin in Shopware 6. I allready have a custom module with custom route. Now I want to add data from my custom database table to my custom routes html.twig.
My Route: http://localhost:8888/admin#/ankauf/module/overview
My Database Table: product_reservation
I have build my own controller but I can't get this controller to listen to my route. Maybe because my route is build from the module? The path in my module is: ankauf.module.overview
Is a controller the right way? And if yes, how can it listen to my path and don't overwrite it with his own route?
Is there a better way to push PHP Code to my custom Backend path?
If you have created an own entity with definition etc (like here or here described) there is an easy to get your data to an admin module. Shopware will automatically register routes for CRUD operations on your entity. So the entity is automatically available via the admin API. On the admin side there are also helper services to read out your API. In your vue.js component you need to inject the
inject: [
'repositoryFactory'
],
With this factory you are able to create a repository which requests your custom entity API route.
{
...
created() {
this.repository = this.repositoryFactory.create('product_reservation');
}
}
The repository has several methods like search, get, create, delete, etc.
With these methods you are able to read out your data in the vue.js component of your plugin and bring it to your module
Read more about an own module here
I have this Behat setup:
default:
extensions:
Behat\Symfony2Extension: ~
Behat\MinkExtension:
sessions:
default:
symfony2: ~
And this scenarion:
Scenario: Event list for authenticated user
Given I am authenticated
Then I should see pagination control
And I should be able to change list page
I check if the user is authenticated and if so show him pagination control in Twig:
{% if is_granted('IS_AUTHENTICATED_FULLY') %}
...
Related Behat context:
/**
* #Given I am authenticated
*/
public function iAmAuthenticated()
{
$user = new User('test', null, ['ROLE_USER']);
$token = new UsernamePasswordToken($user, null, 'test', $user->getRoles());
$this->getTokenStorage()->setToken($token);
}
/**
* #Then I should see pagination control
*/
public function iShouldSeePaginationControl()
{
$this->assertSession()->elementExists('css', 'ul.pagination');
}
I get true for
$this->kernel
->geContainer()
->get('security.authorization_checker')
->isGranted('IS_AUTHENTICATED_FULLY')
in my iShouldSeePaginationControl() but it is false in rendered content.
What am I missing?
My guess is that you're using a different instance of the container in your behat step and in your template.
AFAIR, the symfony2 driver uses BrowserKit under the hood to navigate through your website. The container which will be used in your web page will then be instanciated by the PHP Engine of your Web server (and not by Behat). If so, it is absolutely impossible to operate modifications in the container at runtime in a step and expect that the web server will be aware of them.
Easy solution would be to actually log in in the behat step (through the web interface) instead of setting the token manually.
Another harder way, if you absolutely want to login programatically, would be to serialize the created token on HDD and register some kind of logic (a kernel.request listener for example) that will check if this file is available and inject the unserialized token in the security context. If you do so, MAKE SURE that you enable this logic in TEST environment only, as it potentially is a security breach.
The problem is you have running 2 instances of Symfony:
One core for Behat, that was initialized.
Second, initialized by apache/nginx that was triggered by Mink connection to the server.
Solution
For that, we had a solution in another project (with Zend).
We created service, that created an additional configuration to authorization:
if a file exists and the project was in DEV mode, then it was loaded in the initialization step.
Then in hook/step we could call service that generates a file like that and after scenario, delete it. This way, you could have any logged user in your project.
Another way is to call steps that will log you into your project via a standard form.
I'm writing a licence validation part for my application and want to redirect the user to a renewal page if and only if their licence has expired.
I am using FlowRouter and Blaze.
All my authenticated routes are in a group:
let authenticated = FlowRouter.group({
triggersEnter: [checkAuthenticated, checkSubscription]
});
I then check if the subscription is valid like so:
const checkSubscription = function(context){
let path = FlowRouter.current().path;
if (!Meteor.userId()){
return;
}
const sub = new Subscription();
if (sub.isInvalid() && path !=="/manage-practice/subscription"){
FlowRouter.go("/manage-practice/subscription");
}
};
My class subscription uses a collection that I can only load once a user has logged in. My problem is that the router usually triggers this redirection before this data has been loaded.
Is there a best practice approach to solve this?
Redirect with Triggers
I'm not sure about this being 'best practice' but one approach is to use the Flow Router redirect functionality on your login event.
You can see examples at: https://atmospherejs.com/kadira/flow-router#redirecting-with-triggers and https://github.com/meteor-useraccounts/flow-routing.
The initial login path (using Accounts.onLogin();) could be to a generic 'loading...' template while you evaluate the user's collection. On a callback you can then use the custom redirect function to either redirect to the requested page in your app, or redirect the user to your '/manage-practice/subscription' path.
FlowRouter.wait()
I have to confess I wasn't previously familiar with this second option, but I've just come across FlowRouter.wait(). This can be useful to delay the default routing process until some other evaluation is complete. I suspect this might only be relevant if a user logs directly into a page within your authenticated routing group.
Documentation: https://atmospherejs.com/kadira/flow-router#flowrouter-wait-and-flowrouter-initialize
In my Laravel app I have different auth for administrators and users. So I have separete views as well. I have placed auth views folder inside admin folder, so that the view path to my admin auth is now admin.auth.login for example. Where can I change those paths so that I can use them for all the auth functions?
If you take a look at your app\Http\Controllers\Auth\LoginController.php, you will see:
use AuthenticatesUsers;
It's a traits, you can find all the login related method over there in use Illuminate\Foundation\Auth\AuthenticatesUsers.php.
There's a method in the trait which show the view as below:
public function showLoginForm()
{
return view('auth.login');
}
What you want to do is either:
Copy the traits out to your own one and modify the showLoginForm method.
or
Override the method showLoginForm in your LoginController.php. See this
I want to integrate Google's Oauth2 in my symfony-1.4 CRM. I have successfully implemented this, I have extended sfGuardAuth in my own module, and now mysfGuardAuth is being used for siging and signout. Is there where I handle Google's Oauth2 with 2 extra actions:
executeCkeckGoogleAccess();
executeOauth();
The problem is to checkout if Google's token is still a valid one, I have to redirect in each action of everymodule to the action checkGoogleAccess in mysfGuardAuth module.
What I want is to check this in an implicit way in the same place where symfony, or sfGuard or whatever checks for the right perms or credentials before executing or not executing the requested action.
I only want to write the code once.
Thank you.
After some research this is how sfGuard checks everything.
When you make a request to a module action, before the action is executed, a new sfContext is dispached.
The sfContext gets the user that extends sfGuardUser and has some methods that are executed. There is where perms, session status and everithing else is checked
The user must be configured in apps/yourApp/lib
By default is apps/yourApp/lib/myUser which extends sfGuardUser. The most apropiate way to achieve this is to create a new user class like: apps/yourApp/lib/yourAppUser which extends aswell sfGuardUser, and there extend the methods initialize and/or shutdown with the functionality you want.
By this way I have achieved to get Google's Oauth2 working in my app.
I hope this is usefull for more people.
UPDATE
All described above is true, but if you want to check something always before an action execution you must use filters instead of whats described before.
Filters are executed before each action, so there you can checkout whatever you need having access to the current context, and set up new attributes for the user. In my case I wanna check if the requested action needs a google token, if true, then Another filter will check if the user has alraedy a valid token, in that case, nothing happens, otherwise, the user is redirected to the module/action which handles google token requests.
Comunication between diferent filters, actions and requests are handled via user attributes.
the user is an object of the clas myOwnUser which extends sfGuardSecurityUser, there the function signOut is extended in order to delete all attributes saved in "myOwnNamespace"