Comments (8)
KevinBatdorf
commented on May 19, 2024
Scratch that. It doesnt work in production. Changing the path just made that page publicly accessible.
from slim-basic-auth.
tuupola
commented on May 19, 2024
Please show minimal code to reproduce the problem, including a route.
$app = new \Slim\App();
$app->add(new \Slim\Middleware\HttpBasicAuthentication(
[
"path" => "/admin",
"secure" => false,
"users" => [
"admin" => "admin"
]
]
));
$app->get("/admin", function($request, $response, $arguments) {
print "admin";
});
$app->run();$ php -S 0.0.0.0:8080 index.php
$ curl --include --user admin:admin http://localhost:8080/admin
HTTP/1.1 200 OK
Host: localhost:8080
Connection: close
X-Powered-By: PHP/5.6.17
Content-Type: text/html; charset=UTF-8
Content-Length: 5
admin
from slim-basic-auth.
KevinBatdorf
commented on May 19, 2024
Route with Twig
$app->get('/admin', function ($request, $response, $args) {
$purchase_data = $this->database->getEntry('', true);
foreach ($purchase_data as $data) {
$data->purchase = unserialize($data->serialized);
}
return $this->view->render($response, 'admin.twig', ['data' => $purchase_data]);
})->setName('admin');Tried with and without a realm set
$app->add(new \Slim\Middleware\HttpBasicAuthentication(
[
"path" => "/admin",
"realm" => "Protected",
"secure" => false,
"users" => [
"admin" => "admin"
]
]
));% curl --include --user admin:admin http://example.com/admin
HTTP/1.1 401 Unauthorized
Date: Fri, 22 Apr 2016 05:49:05 GMT
Server: Apache/2.4.17 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9
X-Powered-By: PHP/5.5.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
WWW-Authenticate: Basic realm="Protected"
Set-Cookie: PHPSESSID=3eeaf6d564e4cae1738d79a1450df241; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8from slim-basic-auth.
tuupola
commented on May 19, 2024
Seems you are using FCGI. See Usage with FCGI in README for instructions.
from slim-basic-auth.
KevinBatdorf
commented on May 19, 2024
Awesome! I had no idea I was using FCGI (it's on shared hosting) but adding the following to .htaccess worked.
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Thank you
from slim-basic-auth.
tuupola
commented on May 19, 2024
Great :)
from slim-basic-auth.
brunoluizcs
commented on May 19, 2024
I have the same issue, I changed my .htaccess but it didn't work
That is my .htaccess
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]
$app->add(new \Slim\Middleware\HttpBasicAuthentication(
[
"path" => "/auth",
"secure" => false,
"users" => [
"admin" => "admin"
]
]
));
My Route
$app->get('/admin', function ($request, $response, $args) {
$this->logger->info("Admin Test'/auth' route");
return $response->write("Hello World");
});
I used the browser to do the test .
from slim-basic-auth.
tuupola
commented on May 19, 2024
Please show curl example request and response.
$ curl --include --user admin:admin http://example.com/admin
Also you seem to be mixing /auth and /admin.
from slim-basic-auth.
Related Issues (20)
- Access user/passwd from Authenticator within Slim route handler HOT 1
- Specify callback for the relaxed configuration parameter HOT 3
- Authenticator misinterpretation of "authorization" header HOT 5
- Ignore is not working as expected
- Accessing slim request/app from inside custom authenticator HOT 2
- Uncaught Error: Interface 'Psr\Http\Message\ResponseFactoryInterface' not found HOT 2
- HTTP_X_FORWARDED_PROTO HOT 1
- ignore list HOT 1
- After/Before Callbacks never called? HOT 3
- Class 'Tuupola\Middleware\HttpBasicAuthentication' not found HOT 32
- 401 error in postman HOT 3
- Interface ResponseFactoryInterface not found HOT 5
- Authentification error HOT 4
- Connecting over HTTP when I should not be able to HOT 1
- "final class" and CloudFlare proxification error HOT 1
- Why does local(HTTP) connection work but not online(HTTPS)? HOT 16
- Add request object back to the error handler. HOT 3
- Allow using any callable as a rule
- Do not assume callbacks are a closure
- Before & After Callbacks Never Triggered
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slim-basic-auth.