Have to admit I am a Symfony newB. Generally, I do know what I am doing but I am stumped with this problem.
I have been given a pair of packages to maintain. One side is a front end written with Angular.js. Then there is the backed written using Symfony.
After installing the backend portion, using composer. I am now trying to test.
The front end seems to be good when it fires up at xxx.yyy.com/app. Its first screen is a login screen where it asks for username and password. The submit button fires off a request of xxx.yyy.com/api/users/token. The username and password from the screen are stored in the http request as json.
Once the request is made I have determined that app.php in the symfony code fires off and starts the user authentication process. After a lot of work in trying to debug through the code, I can see that the symfony backend does have the user name and password and knows that the request is a POST request in good form. However, I keep getting the error "Route Not Found" and then am kicked out of symfony.
There is every reason to believe the code is written correctly and the problem lies in something I have done to install the code. When I run the debug:router process, I can find the route as a correct one. But, this route is never found. I have also tried other routes with the same result.
Can anyone suggest a reason why routes shown in the debug:router process do not work in actual use? I am really stumped and would appreciate some suggestions.
Think I am really on to the problem. It's the way that the front end javascript is creating the URL for the backend along with the way my server is configeured.
My front end is xxx.kjitx.com/app This code is then adding the base URL to the command for the backend to form a request of xxx.kjitx.com/api/users/token Then when my backend receives control it is stripping off the xxx.kjitx.com/api part of the url and sending the users/token string to the router. The router is looking for /api/users/token so the routing fails. In the handshake I lost the first piece, api, of the route. Found this out by forcing the front end to add an extra piece of api, i.e. xxx.kjitx.com/api/api/users/token and it works.
Now I just need to go back into my code to properly set up my addressing so I don't loose an important part of the address.
Does the app use CORS?
Perhaps you have to whitelist your dev domains
Related
I have a question, I am a bit confused, I don't really understand why this is happening.
I have a website which works well over http. When I force redirect to https something happens. Even if I replace all my urls in my code, only GET request will work. Anybody has any idea why is this happening?
I also have admin part of the website. it works to login into the admin but it doesn't work to make any requests on it. I am trying to post or delete but I receive a 401 err, even if I am logged in and set the token right...
So bottom line is:
On Https, the website works, it shows all the resources from the db, I can login in the Admin but I can not post or delete.
On Http everything works.
I am in a huge need of advice or ideas.
thanks.
From my experience you cannot serve mixed content, that's my first suggestion is to call all your scripts/dependencies without the prefix; ie: script src="https://blahblah" to "script src="//blahblah"; you're going to make sure you are sticking consistently to one serving source; so that's the first thing I'd check (also look at console logs, they often give hints as to what failed);
Secondly I am unsure of the response or how the server handles traffic from non https, possibly there's a rule in htaccess or some form of redirection trying to force the call via https so http fails? these are all steps in debugging right you need to troubleshoot and play process of eliminations; first though I'd make sure we are serving everything from // or https; when on http I would look at console logs for clues but even more so I would force a redirect to use https exclusively (as most sites do now)
Check for mixed content issues first though, this is something that can have a multitude of solutions based on the many variations of what could be causing this issue.
I've encountered a weird situation, after registration we're sending an email with a verification link, pretty standard stuff, but somehow clicking on the link seems to make the request twice, looking at the logs, the first time it comes from my IP and the second request comes from some Google IP: 66.102.8.60 (doing a reverse lookup shows google-proxy-66-102-8-60.google.com).
Any idea what's going on and how to prevent this?
The server is running Nginx and the site is Ruby on Rails if that helps.
I do not know the root cause but my best guess is same as Tripleee wrote above - most probably google is scanning urls. This happens in all browsers (well at least in Chrome and Firefox), but only under following circumstances:
the url is clicked from gmail (if you copy paste it to browser tab, the second request is not issued)
the url is clicked for the first time... Subsequent clicks from the same email do not trigger second request
I know it is probably not the answer you expected, but after giving it some thought I figured that operation like this should be handled on server side. In my case I am tracking information about confirmation urls anyways, so the first time the request comes to my backend I am deleting it and proceeding with confirmation normally. Since the confirmation entry is missing in the database for the second request it returns immediately with status 404, 422 or something whatever suits you.
Hope that helps anyone who gets here looking for an answer to this problem ;)
i already tried to find an answer here on nearly at any place at the web, but didn't find an answer that helped me out here - so i'm trying it here with this question:
i have to to get some information from a server in a domain, using https via indy components and the windows authentication. that's working quite fine (via IdHTTP1.Get(sURI)), the server logs are showing this (domain/user/request) and the response is always valid.
afterwards i try to post now some new values to the requested data, but this fails, since i get a "401" authenticaion error. BasicAuthentication=false, and HTTPOptions=[hoInProcessAuth,hoForceEncodeParams] via IdHTTP1.Post(sURI, Req_Json), where Req_Json is a UTF-8 encoded TStringStream. Now (and only when trying to POST) the IdHTTP1Authorization event is triggered twice, even if I do a handled=true there (read somewhere in a forum) it fails, if I do nothing there I get the same result: 401. There were some tips about the IdHTTP1SelectAuthorization event, but with that I had no luck, too.
Any ideas, where to start to get this solved? If there are any questions open, don't hesitate to ask!
p.s.: trying to post the same information via postman works correctly - so i guess it's about delphi/indy ...
After the transfer of the site to a new hosting, there is a problem: the site produces an event redirect to the old hosting. Currently set up nginx on something that would have sent data to pure servers but it produces still a redirect. The redirect itself is made starting from the app file.php to HttpKernel.php in handler (......) there is a call to events, $this->dispatcher - >dispatch(.................) which forms a redirect and does not let on, if you remove this element, then the page is formed only without data from the database and there is an error 404 page not found. When the page loads, a kernel event is generated.request and security.authentication.success and with such parameters it produces a redirect.
Check for kernel request events. You may have a hardcode somewhere. I dont know much about your symfony version, but you can debug events with php bin/console debug:event-dispatcher kernel.exception. After you do this post code here we might be able to help. AND YES question is formed very poorly.
What is to be done?
We have an application deployed on the Sharepoint (corporate) Server which uses the windows credentials to log into the application.
App URL format: http://testmachine:1000/sites/test/
Windows Credentials Format: user_id#domain.co.in
The objective is to perform the load/performance testing on the application (especially the log in functionality) for such n number of users.
Normally when I hit the app URL in the Firefox/IE, it pops up a window asking for credentials. I enter the credentials, browse the app and then log out. I intend to capture this in JMeter and simulate this for large number of users.
Where I’m stuck?
Now I start the JMeter proxy server, and then try the same steps as above. But when the pop up window appears, JMeter simply doesn’t record the it nor it does record anything else after the login.
What I’ve tried?
If I try the same steps after enabling “Automatically detect intranet network” in IE, then it simply auto detects my windows credentials (No credentials pop-up), logs me into the app (this is not recorded in JMeter either) and takes me to the home page. And any page thereafter I hit gets recorded in JMeter.
I’ve also tried to use the HTTP Authorization Manager using following parameters:
BaseURL : http://testmachine:1000/sites/test/
Username: DOMAIN\USER_ID
Password: i_wont_tell_you
Domain: \
Realm:
It didn't help. I am quite confused about how-to-use the above element. And not even sure whether its a right approach to get the solution to my problem.
Any help/suggestions?
P.S. I know about a tool called Badboy, but have to go for it as a last resource. Also not even sure if it records the pop windows.
And sorry if the post is verbose.
UPDATE:
I have also tried -
Username: USER_ID and Domain: my_company_domain
But this is not the actual problem. Problem is, when I try to hit the pages (automation) which I've recorded previously return success response even if I haven't used the HTTP Authorization Manager. I'm not sure what I'm missing.
OK. Finally I got what was missing.
First, I had to change the implementation of every request to HttpClient3.1
Second, it was really frustrating to see that JMeter documentation was misleading.
It says that the config file httpclient.parameters, should be edited as following:
http.authentication.preemptive$Boolean=false
But it didn't work. Changing it to true worked like a charm.
Hope this helps other people.
JMeter works at the HTTP layer so the proxy will only capture requests made over this protocol layer. It sounds to me like you have already found the right approach to use for recording by using '“Automatically detect intranet network” in IE', you can use this method to capture most requests and you will have to figure out authentication manually. How you do this depends on how your application communicates with your server to authenticate a user.