I'm trying to extend the default lifetime once a user logs in. For the login I'm using the security service provider as follows:
$app = $this->_app;
$this->_app->register(new Silex\Provider\SecurityServiceProvider(), array(
'security.firewalls' => array(
'default' => array(
'pattern' => '^.*$',
'anonymous' => true, // Needed as the login path is under the secured area
'form' => array('login_path' => '/signup/', 'check_path' => 'login_check', 'failure_path' => 'login_failure'),
'logout' => array('logout_path' => '/logout/'), // url to call for logging out
'users' => $this->_app->share(function() use ($app)
{
// Specific class App\User\UserProvider is described below
return new UserProvider($app['db']);
}),
),
),
'security.access_rules' => array(
array('^/restricted/$', 'ROLE_USER'),
)
));
I've tried setting up with the sessions lifetime (cookie) like this:
$this->_app->register(new Silex\Provider\SessionServiceProvider(), array(
'session.storage.options' => array('cookie_lifetime' => (60 * 60 * 12)), // 12 hours
));
But still nothing. Session removes itself after like 15 minutes or so.
How can I extend the login security firewall lifetime to 12 hours?
I think I finally got it working:
Saving sessions in database seemed to solve the problem.
SQL:
CREATE TABLE `session` (
`session_id` varchar(255) NOT NULL,
`session_value` text NOT NULL,
`session_time` int(11) NOT NULL,
PRIMARY KEY (`session_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
PHP:
/* SESSION IN DB */
$this->_app->register(new Silex\Provider\SessionServiceProvider());
$this->_app['session.db_options'] = array(
'db_table' => 'session',
'db_id_col' => 'session_id',
'db_data_col' => 'session_value',
'db_time_col' => 'session_time',
);
$this->_app['session.storage.handler'] = $this->_app->share(function ()
{
return new PdoSessionHandler(
$this->_app['db']->getWrappedConnection(), $this->_app['session.db_options'], $this->_app['session.storage.options']
);
});
Here is a solution if you don't want to store sessions in DB: just increase session.gc_maxlifetime in php.ini.
When sessions are being stored in files, they (by default) get put to /var/lib/php/sessions/ directory. It's clear that this directory has to be cleared from time to time. In order to achieve this, there is a cron job configured at /etc/cron.d/php5 that fires script /usr/lib/php5/sessionclean every 30 minutes. This script takes php config and gets session.gc_maxlifetime from there and then removes files that are older than what is specified in this variable.
The problem is: by default session.gc_maxlifetime equals to 1440 seconds or 24 minutes. You can increase it to whatever value suits you, for instance to 24 hours (and limit your sessions by session cookie lifetime).
Related
the API works when ck_ and cs_ keys are for Admin and returns the std class object but when keys are for a different user returns You do not have permission to read this product 401(woocommerce_api_user_cannot_read_product) Error response: even when user has read/write privileges. but goes ahead to create the product in the database. Any help on this issue is highly appreciated
require_once( 'lib/woocommerce-api.php' );
$options = array(
'debug' => true,
'return_as_array' => false,
'validate_url' => false,
'timeout' => 30,
'ssl_verify' => false,
);
try {
$client = new WC_API_Client( $the_url, 'ck_xxxx', 'cs_xxxx', $options);
Try adding into your $options array:
$options['query_string_auth'] = true;
As noted in the documentation this will "Force Basic Authentication as query string true" in other words it will append your consumer key and consumer secret to your request URL as a query string. This is only supported on HTTPS.
I create my first app with silex. Only logged in users can use the app. In the first page i create a login form, so the user can authenticate. My security provider look like:
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
'security.firewalls' => array(
'secure_area_edison' => array(
'pattern' => '^/admin/',
'form' => array('login_path' => '/', 'check_path' => '/admin/login_check'),
'logout' => array('logout_path' => '/admin/logout', 'invalidate_session' => true),
'users' => function () use ($app) {
return new App\Services\UserProvider($app['db']);
},
),
)
));
Every url after '/admin' require that the user was successfull authenticated. Everything works fine and now i want to extend my app with an API. I create a new controller which retrieves data from database and return a JSON reponse, this work also fine.
But how can the user authenticate for this API? Should i create a new column in my user table like "hash" or "token"? Users which will retrieve the JSON Response must send the token in every get request, is this the correct way?
The url can look:
/admin/api/allProducts/token/<TOKEN>
you should use token base authentication instead of passing token in every get request.
refer : https://github.com/thcolin/silex-simpleuser-jwt
I'm using Laravel's Cashier for billing which is great. I'm trying to be good and keep my code tested but I'm having trouble "faking" a user with a subscription.
I've tried:
$user = App\Models\User::create([
'first_name' => $this->faker->firstName,
'last_name' => $this->faker->lastName,
'email' => $this->faker->email,
'password' => 'password1234',
'stripe_plan' => 'name_of_plan',
'stripe_active' => 1
]);
$this->be($user);
But if I then check $user->onPlan('name_of_plan') I get false :(
Is there a way to do this? As I'm sure you can appreciate I don't really want to launch the payment system until I've got tests to back it up!
Check that 'stripe_plan' and 'stripe_active' are defined as fillable for User. If they aren't then it may not be actually setting those values in User::create() which is why your test fails.
class User extends Model implements AuthenticatableContract, CanResetPasswordContract, BillableContract {
use Authenticatable, CanResetPassword, Billable;
protected $table = 'users';
protected $fillable = [
'first_name',
'last_name',
'email',
'password',
'stripe_plan',
'stripe_active'
];
}
I'm working on a new website. A friend of mine configured Drupal 7 on our hosting service and we started to work. Unfortunately he forgot to add, during the setting phase, a prefix to Drupal standard tables.
Is it possible to change this configuration after having installed Drupal (in order to dont loose the work we have already done after the installation)?
I could do it via SQL code, but I guess that the platform will crash in this way because the code is generated according to the initial settings, right?
(PS: I dont have so much experience with Drupal).
Thanks!
I have similar issue, I found it is very easy to do this in phpmyadmin.
I assume your table prefix is "drupal_", and the target prefix is "new_"
step 1: login to phpmyadmin, chose your database;
step 2: under table list bottom , click "check all" checkbox;
step 3: select action "Replace table prefix";
step 4: Type "drupal_" into "From" and "new_" to "To", click "Go"
You can see the prefix was change to new_tablename
enjoy : )
oh, don't forget to change your settings.php:
$databases['default']['default'] = array(
'driver' => 'mysql',
'database' => 'databasename',
'username' => 'username',
'password' => 'password',
'host' => 'localhost',
'prefix' => 'new_', // <-- add your prefix here
);
If you change the table names via SQL commands (add the prefix), you can set the prefix in your site's settings.php file. Assuming you have just one site, your settings.php file would be in your sites/default/ directory.
Look for your database configurations that would look something like the following and add your desired prefix:
$databases['default']['default'] = array(
'driver' => 'mysql',
'database' => 'databasename',
'username' => 'username',
'password' => 'password',
'host' => 'localhost',
'prefix' => '', // <-- add your prefix here
);
I'm writing an installation profile and want to notice users if they have low "max_execution_time" and "memory_limit" values. As I understand Drupal has to check the myprofile.install file for possible requirements so I placed there the following:
function myprofile_requirements($phase) {
$requirements = array();
// Min required PHP execution time
$min_time = 60;
// Min required memory limit, Mb
$min_memory = 128;
// Get current value of "max_execution_time"
$time = ini_get('max_execution_time');
// Get current value of "max_execution_time"
$memory = ini_get('memory_limit');
// Get "raw" numeric value
preg_match("|\d+|", $memory, $value);
$severity_time = ($time < $min_time) ? REQUIREMENT_WARNING : REQUIREMENT_OK;
$severity_memory = ($value[0] < $min_memory) ? REQUIREMENT_WARNING : REQUIREMENT_OK;
$t = get_t();
if ($phase == 'install') {
$requirements['max_execution_time'] = array(
'title' => $t('PHP max execution time'),
'value' => $t('Please increase the parameter "max_execution_time" in your PHP settings . Recommended value is at least #min sec. and more (now you have #current sec.',
array('#min' => $min_time, '#current' => $time)),
'severity' => $severity_time,
);
$requirements['memory_limit'] = array(
'title' => $t('PHP memory limit'),
'value' => $t('Please increase the parameter "memory_limit" in your PHP settings . Recommended value is at least #minM and more (now you have #current',
array('#min' => $min_memory, '#current' => $memory)),
'severity' => $severity_memory,
);
}
return $requirements;
}
It does not work - Drupal simple ignores the code above. What's wrong?
It looks like hook_requirements() doesn't get called in the install profile, it's invoked at these stages:
install: The module is being installed.
update: The module is enabled and update.php is run.
runtime: The runtime requirements are being checked and shown on the status report page.
Note that install above refers to a module being installed, not the install profile as a whole.