Comments (10)
I think you would have to compare array values as well.
from authentication.
@markstory exactly my thought but then it is required that you run the routing middleware before authentication. But this brings up a problem if we want to do authorization against routes. authorization requires the identity.
from authentication.
Couldn't the 'loginAction' be defined as a string URL if people have multiple possible routes a login page can be reached at?
from authentication.
We would always require a string then and turn the URI from the request also into an array and then compare them. Or am I missing something? If not I'll do the change.
from authentication.
That sounds like it should work to me.
from authentication.
@markstory does that look OK?
protected function _checkLoginUrl(ServerRequestInterface $request)
{
$loginUrl = $this->getConfig('loginUrl');
if (!empty($loginUrl)) {
$requestUrl = Router::parseRequest($request);
if (is_string($loginUrl)) {
$loginUrl = Router::parseRequest((new ServerRequest([
'uri' => $loginUrl
])));
$this->setConfig('loginUrl', $loginUrl);
}
$keysToCompare = array_keys($loginUrl);
foreach ($keysToCompare as $key) {
if (!array_key_exists($key, $requestUrl)
|| $requestUrl[$key] !== $loginUrl[$key]
) {
return false;
}
}
}
return true;
}
from authentication.
You could use Hash::diff
or array_key_diff()
to check the difference between the two URL arrays.
from authentication.
@markstory I've pushed the code to the branch bug/check-login-url
there is an issue with the routing it seems, I'm not sure if we simply want to match against the URL it has generated in this case. Would you mind to look at the code?
from authentication.
Sure, I'll try to take a look in the next few days.
from authentication.
Closing as #146 covers this.
from authentication.
Related Issues (20)
- Authentication->setIdentity isn't respecting Session.ini.session.cookie_path HOT 3
- update docs links
- FAILURE_IDENTITY_NOT_FOUND HOT 1
- update src folder links
- update test folder links
- update links root folder
- Issue when using Authentication Plugin and DebugKit in Dev Environments HOT 4
- SessionAuthenticator `'identify' => true` config does not work HOT 16
- zend-diactoros require php ^7.1 -> your php version (8.1.10) HOT 3
- Impersonate issue with serialization for session
- Multiple table/model fields HOT 2
- `isLoggedIn()` in a Controller? HOT 2
- v3 docs need to be built/deployed HOT 3
- Reduce constraint for psr/http-message HOT 5
- allowUnauthenticated() for all actions HOT 3
- Feature request: Make Authentication service available via DI in the Middleware
- Impersonation for non-persistent authenticators HOT 23
- Session Identifier forces use of 'username' array key
- LDAP identifier is not compatible with php 8.3
- LoginLink functionality HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentication.