Rights modules uses a different application instance - yii

I'm developing a Yii application which uses several modules including Rights module for access control. They all are residing in the same "modules" folder and configured in the same config/main.php file. And application has only one entry script.
However I noticed that Rights module uses a different app session while all other modules uses another app session. Because of this reason user session is not shared with Rights.
Has anyone encounter such issue with yii modules? please help. Thanks!
my config file:
'rights'=>array(
'debug' => true,
'superuserName' => 'Super Administrator', // Name of the role with super user privileges.
'authenticatedName' => 'Customer', // Name of the authenticated user role.
'userIdColumn' => 'id', // Name of the user id column in the database.
'userNameColumn' => 'username', // Name of the user name column in the database.
'enableBizRule' => true, // Whether to enable authorization item business rules.
'enableBizRuleData' => true, // Whether to enable data for business rules.
'displayDescription' => false, // Whether to use item description instead of name.
'flashSuccessKey' => 'success', // Key to use for setting success flash messages.
'flashErrorKey' => 'error', // Key to use for setting error flash messages.
//'baseUrl' =>'/rights', // Base URL for Rights. Change if module is nested.
//'layout' => 'rights.views.layouts.main', // Layout to use for displaying Rights.
//'appLayout' => 'application.views.layouts.main', // Application layout.
//'cssFile' => 'rights.css', // Style sheet file to use for Rights.
'install' => false, // Whether to enable installer.
),

After trying for two days I found the solution.
I noticed that it uses two different key prefixes (stateKeyPrefix) in system. One for Rights and another one for other modules. This can be configured to use single key prefix in main config file.
'user'=>array(
'class'=>'RWebUser',
'allowAutoLogin'=>true, // enable cookie-based authentication
'stateKeyPrefix'=>'f298d9729c7408c3d406db95a9639204', // some random value
),
Hope this will help someone with the same issue.

Related

CakePHP4 - Authentication - How to change default userModel?

I'm following this tutorial to set up Authentication https://book.cakephp.org/authentication/2/en/index.html with CakePHP4.
The table where my users are stored is not called "users" so when I try to log in it gives me this error:
Base table or view not found: 1146 Table 'databasename.users'
Where can I specify the userModel? In which file should it be set up? How?
You have to configure the respective resolver accordingly, in this case the ORM resolver.
Resolvers are used by identifiers, which accept resolver configuration via the resolver option. So for example for the password identifier, you could do it like this:
$service->loadIdentifier('Authentication.Password', [
'resolver' => [
'className' => 'Authentication.Orm',
'userModel' => 'YourCustomModelName',
],
// ....
]);
Note that it's necessary to pass the class name too when passing an array of resolver configuration, as the default configuration is just a string (the resolver class name), so it will not merge with the defaults, but overwrite them!
See also
Authentication Cookbook > Identifiers
Authentication Cookbook > Identifiers > Identity resolvers

Yii2 DbSession lost after redirect, 90% of the time

My login worked perfectly with PHP sessions. I tried switching to DbSession engine but login will not work anymore, as the session is empty after the page redirection.
Here's the workflow:
User enters his user id and clicks submit to post the data
Validation works (I tested) and a new identity cookie is created with the key sess = XXXX (tested with log just before redirect).
The $_SESSION is filled with the user data (tested with log just before redirect)
The page redirects with the new response cookie.
The password page loads and the request cookie has the same XXXX value (tested with log just after redirect + in chrome developer tools).
The session now only contains
[__flash] => Array
(
)
response cookie "sess" = request cookie "sess" = id in the session table, so the same key is everywhere, yet the session is still empty on the password page, 90% of the time (because in some random cases, the session is still there, but I can't reproduce it on demand)
I already checked these questions, not the same problem:
PHP session lost after redirect
Session lost after redirect in Codeigniter
Has anyone seen something similar before? I can't figure out what's causing this.
Addendas:
Session configuration
'session' => [
'class' => 'yii\web\DbSession',
'name' => 'sess',
'timeout' => 3600,
'db' => 'session_db',
'sessionTable' => 'session',
],
Session db config
$config['components']['session_db'] = [
'class' => 'yii\db\Connection',
...
],
Login action
// authenticate() Just checks if the user is valid, etc
Yii::$app->user->authenticate();
// login() just calls parent::login(), sets some session values then returns !$this->getIsGuest()
Yii::$app->user->login(Yii::$app->user);
update!! I have just noticed that if I use the same database instead of "db" (my main db) instead of "session_db", it works perfectly, even if both tables have exactly the same schema in the 2 databases.

Authentication user provider is not defined in laravel

Based on this Can anyone explain Laravel 5.2 Multi Auth with example
i will like to implement custom authentication on my app for the admin and users section but the whole concept is confusing maybe it is new to me in laravel 5.2 (my version) but at this stage i can say if i am getting it right or wrong but this is the error that is displaying.
InvalidArgumentException in CreatesUserProviders.php line 40:
Authentication user provider [] is not defined.
so i have done what #imrealashu answered but still i have issues.
It means that you didn't pass the guard like this:
auth('admin')->user();
//or
Auth::guard('admin')->user();
Or when you call the middleware auth in your controller, you need to pass the guard:
$this->middleware('auth:admin');
This video explains it https://www.youtube.com/watch?v=Vxh2ikaydfo (In spanish but its understandable )
I got that error when I tried to change in auth.php:
'provider' => 'users'
to
'provider' => 'user'
because my database table was user, not users.
That's not necessary. I just had to add to the User Eloquent class:
protected $table = 'user';

Adding more user information to ASP.NET Default Membership Provider

My application is an MVC4 application with a Domain Model created in EF 5 Code First. The application requires Authentication / Authorization, and I want to use the default ASP.NET Membership Provider.
With this in mind, I have gone ahead and used the aspnet_reqsql utility to add all the tables necessary for the ASP.NET Default Membership provider.
However, my application needs to store more information about the User than what is provided by default by the Membership provider. For example:
First Name
Last Name
Date of Birth
Address (split into different
columns)
These things are not present in the membership provider tables. So I went ahead and added all the missing columns to the users table, and also created an Addresses table, and created a relationship between the User and the Address.
I then went into my Registration View Model, and added the missing data fields, I then went into the AccountController and checked the method that gets called to register a user. It is this:
//
// Summary:
// Creates a new user profile entry and a new membership account.
//
// Parameters:
// userName:
// The user name.
//
// password:
// The password for the user.
//
// propertyValues:
// (Optional) A dictionary that contains additional user attributes. The default
// is null.
//
// requireConfirmationToken:
// (Optional) true to specify that the user account must be confirmed; otherwise,
// false. The default is false.
//
// Returns:
// A token that can be sent to the user to confirm the user account.
//
// Exceptions:
// System.InvalidOperationException:
// The WebMatrix.WebData.SimpleMembershipProvider.Initialize(System.String,System.Collections.Specialized.NameValueCollection)
// method was not called.-or-The Overload:WebMatrix.WebData.WebSecurity.InitializeDatabaseConnection
// method was not called.-or-The WebMatrix.WebData.SimpleMembershipProvider
// membership provider is not registered in the configuration of your site.
// For more information, contact your site's system administrator.
public static string CreateUserAndAccount(string userName, string password, object propertyValues = null, bool requireConfirmationToken = false);
This method is confusing me a lot ! I was expecting to see the logic of data insertion into the database, so that I may edit it and add make the method take care of my newly added fields too, but all that missing!
What am I missing? How can I achieve the type of registration that I want?
First of all, you want to use new ASP.NET Universal Providers which uses Entity Framework.
If you want to add custom columns, create a new table like the following, and retrieves that custom data based on UserId by yourself.
Note: You cannot alter (add/remove) columns of any table created by Membership Provider, if you want to use DefaultMembershipProvider.
In other words, if you start adding columns, you'll have to implement CustomMembersipProvider. I do not recommend it if you are new to MembershipProvider.

For every request a new session is getting generated in Yii application

I know I am either skipping something or configured session incorrectly but Yii sessions are not working for me. I have spent a lot of time in debugging and searching but it doesn't result in any concrete answer.
As described in documentation as well as tutorials over internet I have configured my application session as follows:
'components'=>array(
'user'=>array(
// enable cookie-based authentication
'allowAutoLogin'=>true,
),
'session' => array (
'sessionName' => 'Site Session',
'class'=>'CHttpSession',
'useTransparentSessionID' =>($_POST['PHPSESSID']) ? true : false,
'autoStart' => 'true',
'cookieMode' => 'allow',
'timeout' => 300
),
However each time I am sending a request to server, I get a new session object. I have verified same via echo "Session id: ".Yii::app()->session->sessionID;, every time it gives me different id. Also variables which I have added in session previously are not accessible due to this behaviour.
Kindly provide some pointers, I have spent more than 4 hours in debugging and looking for a solution. Tons of thanks for any pointers in advance.
Thanks
~Tarun
It could well be just that you have a space in your sessions name.
I've just done a quick test on my working Yii instance, changed the session name to have a space in it, and the cookie value for the session seems to change every time.
Please read php session name documentation at this url http://php.net/manual/en/function.session-name.php
It clearly mentions that session name should contain only alphanumerical characters. That too it should contain at least one alphabet(session name cannot have all its characters as digits also). Otherwise a new session id is generated every time.
chrome 44 and chrome 47's bug , update it to 51,It's ok.
Just a note cause I ran into this issue in Yii2. I had a constant COOKIE_DOMAIN that was set via php-fpm config and it was for the wrong domain name, causing the session to reset. Make sure this is set to ".example.com" (including the . at the start to support all your hostnames)
'components'=>[
'session' => [
'class' => 'yii\web\DbSession',
'cookieParams' => [
'path' => '/',
'domain' => COOKIE_DOMAIN, // <<<--- check this
'secure' => true,
],
'writeCallback' => function($session){
return [
'user_id' => Yii::$app->user->id
];
},
'sessionTable' => 'session', // session table name. Defaults to 'session'.
],
...
]