My application is now finished, so to put it online I disabled 'sandbox mode' in application's page. But it's not working, if i'm logged as developer i can run the application, else i get a 404 error... Facebook told me it could take several minutes, but i disabled 'sandbox mode' at 11am !! Does Facebook need to validate my app?
I found the solution :
we can't use header('location:xxx.php') for asking app authorization, (because $loginUrl is null) it must be like this :
try {
// On récupère l'UID de l'utilisateur Facebook courant
// On récupère les infos de base de l'utilisateur
$me = $fb->api('/me');
} catch (FacebookApiException $e) {
// S'il y'a un problème lors de la récup, perte de session entre temps, suppression des autorisations...
// On récupère l'URL sur laquelle on devra rediriger l'utilisateur pour le réidentifier sur l'application
$loginUrl = $fb->getLoginUrl(
array(
'canvas' => 1,
'fbconnect' => 0,
'redirect_uri' => 'http://www.facebook.com/pages/Point-dEncre-France-Page-officielle/178099798924693'
)
);
// On le redirige en JS (header PHP pas possible)
echo ("<script>top.location.href='".$loginUrl."'</script>");
BUT to redirect users into the canvas app i must use
header('location:xxx.php')
and not
<script>top.location.href="xxxx"</script>
otherwise FB redirect the user out of the canvas view.
And another tip : if you store the 'user id' into a db use a 'big int' column and not a 'int' column like i did!
Hope it will help people
Related
I'm working on a project app where i've added the possibility for a team leader to add members in his team. Then i added a link which sends a login link for the members of the team.
I would like to force the "Remember Me" specifically for the members of the team. they would have to login just once using the link in the mail, and then they could close the browser and go back later and they would still be logged in.
Here is my security.yaml
login_link:
check_route: login_check
signature_properties: [ 'id' ]
lifetime: 900 #15minutes
And here is the function in the controller
/**
* #Route("/magic", name="app_magic")
*/
public function magic(UserRepository $userRepository, LoginLinkHandlerInterface $loginLinkHandler, MailerInterface $mailer): Response
{
$users = $userRepository->findBy(['chefEquipe' => $this->getUser()]);
foreach ($users as $user) {
$loginLinkDetails = $loginLinkHandler->createLoginLink($user);
$email = (new Email())
->from('email#test.com')
->to($user->getEmail())
->subject('Magic login link')
->text('You can use this link to login: ' . $loginLinkDetails->getUrl());
$mailer->send($email);
}
$this->addFlash('message', 'Un mail de connexion a été envoyé aux membres de votre équipe');
return $this->redirectToRoute('app_test_registration_team');
}
How could i do that without activating always remember me so that it does not affect the 'admin' user ?
Thanks a lot
You should enable always_remember_me in configs:
firewalls:
...
main:
...
remember_me:
...
always_remember_me: true
This is my code, it works only for the tab I am on. I receive a response and everything seems to be working fine, I still do not understand the operation of the technology in its entirety, that is why I go to you.
It ends in the "responseHanlder"
connect() {
// backend ws endpoint
const wsURL = "ws://localhost:6565/rsocket";
// rsocket client
const client = new RSocketClient({
serializers: {
data: JsonSerializer,
metadata: IdentitySerializer,
},
setup: {
keepAlive: 60000,
lifetime: 180000,
dataMimeType: "application/json",
metadataMimeType: "message/x.rsocket.routing.v0",
},
transport: new RSocketWebSocketClient({
url: wsURL,
}),
});
client.connect()
.then((sock) => {
document.getElementById("connect")
.addEventListener("click", (event) => {
numberRequester(sock);
});
}, errorHanlder);
/*Aquí comienza el código del primer socket para insertar un producto
antes de enviar la notificación primero realiza una acción*/
const numberRequester = (socket) => {
socket
.requestResponse({
data: {
id: null,
subscriber: retrieveData.id,
titulo: "Se insertó un nuevo producto",
descripcion:
"Aquí se agrega una descripcion breve de lo que se acaba de hacer (opcional)",
fecha_inicio: today,
fecha_final: final,
leido: false,
},
metadata:
String.fromCharCode("insert.notification".length) +
"insert.notification",
})
.subscribe({
onComplete: responseHanlder,
onError: errorHanlder,
onNext: responseHanlder,
onSubscribe: (subscription) => {
//subscription.request(100); // set it to some max value
},
});
}
// error handler
const errorHanlder = (e) => console.log(e);
// response handler
const responseHanlder = (payload) => {
this.sendNotification(payload.data);
};
}
After sending the data, my rsocket receives the information and in turn, I receive a response with the data I need. For now, it works only in the tab that runs it, but I need that information reflected in the other tabs because it is a prototype of notifications.
RSocket is statefull, session-oriented, application protocol
That means, that every time your RSocket client connects to the server, it opens a connection and communicates with your server over it.
In the case of the client is a Browser, your connection will not be accessible to other browser sessions for security reasons.
How to broadcast messages via rsocket
Actually, in the case of browser, you can use 2 options:
Broker kind of messaging
You can always connect to a single mediator server which will ensure your messages are broadcast to all the destinations.
You may find such an example of application at Spring Tutorials
Broker less messaging with WebRTC transport (experimental and not officially released)
We have a couple of experiments on bringing WebRTC (along with normal WebSocket) transport to the browser communication.
Please find those experiments here. Please try it and share your feedback/vote on for this transport support at our issue tracker if you see the need for the one.
I'm using the ldap component on my project in Symfony 4. It works great, authenticates successfully but the only role that I can set on users is the default_role provided in the option of the ldap provider in the security.yaml... All the doc I found wasn't very helpfull whether people use database to manage users or they don't talk about role when they're using the ldap component.
Here is my security.yaml if needed :
security.yaml :
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
#in_memory: { memory: null }
my_ldap:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: 'my_base_dn'
search_dn: 'my_search_dn'
search_password: '%env(resolve:LDAP_PASSWORD)%'
default_roles: ROLE_USER #rôle par défaut donné à l'utilisateur authentifié
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
form_login_ldap:
provider: my_ldap
service: Symfony\Component\Ldap\Ldap
dn_string: 'my_dn_string'
query_string: '(&(sAMAccountName={username})(memberOf=CN=***))'
login_path: login #route vers laquelle l'utilisateur sera redirigé si il tente d'accéder à une ressource protégé sans être authentifié
#/!\/!\/!\ NE PAS METTRE EN COMMENTAIRE SINON SUPPRESSION DES LOGS D'ERREURS !! /!\/!\/!\
check_path: login #route vers laquelle doit être envoyé la requête POST du formulaire
always_use_default_target_path: true
default_target_path: homePage #page vers laquelle l'utilisateur authentifié est redirigé
logout:
path: app_logout
target: login
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
If anyone have a solution or an idea !!
I am looking for the same feature, but it appears that this hasn't been implemented yet.
However, there is a feature request for this on GitHub.
IF your LDAP saves the group membership as an attribute of the user, one workaround would be to check the user object for this attribute in the controller and possibly deny access. You can create a separate method for this, and make sure to call it in every action method that needs security check, like so:
<?php
namespace App\Controller;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
class SampleController extends AbstractController
{
public function index()
{
$ldapGroup = 'LDAP-User-Group';
$this->denyAccessUnlessLdapGroup($ldapGroup, 'ROLE_USER');
// continue if authenticated
}
/**
* Throws an exception unless the current user is member of the specified ldap group
*
* #throws AccessDeniedException
*
*/
private function denyAccessUnlessLdapGroup($ldapGroup, $attributes, string $message = 'Access Denied.') {
$ldapAttribute = 'memberof';
// usually you'll want to make sure the user is authenticated first
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
// returns your User object, or null if the user is not authenticated
// use inline documentation to tell your editor your exact User class
// in this case: \Symfony\Component\Ldap\Security\LdapUser
/** #var \App\Entity\User $user */
$user = $this->getUser();
/** #var \Synfony\Component\Ldap\Entry $entry */
$entry = $user->getEntry();
if(!$entry->getAttribute($ldapAttribute) ||
!in_array($ldapGroup, $entry->getAttribute($ldapAttribute))) {
$exception = $this->createAccessDeniedException($message);
$exception->setAttributes($attributes);
throw $exception;
}
}
}
Make sure to customize $ldapGroup and ldapAttribute. The value passed to $attributes is meaningless at this point; I have kept it for consistency for the other denyAccess* methods.
I want to add contact in mautic via an API. Below I have the code, but it's not adding the contact in mautic.
I have installed mautic in localhost. Studied the API form in the mautic documentation and tried to do it for at least 2 days, but I am not getting any results on it.
<?php
// Bootup the Composer autoloader
include __DIR__ . '/vendor/autoload.php';
use Mautic\Auth\ApiAuth;
session_start();
$publicKey = '';
$secretKey = '';
$callback = '';
// ApiAuth->newAuth() will accept an array of Auth settings
$settings = array(
'baseUrl' => 'http://localhost/mautic', // Base URL of the Mautic instance
'version' => 'OAuth2', // Version of the OAuth can be OAuth2 or OAuth1a. OAuth2 is the default value.
'clientKey' => '1_1w6nrty8k9og0kow48w8w4kww8wco0wcgswoow80ogkoo0gsks', // Client/Consumer key from Mautic
'clientSecret' => 'id6dow060fswcswgsgswgo4c88cw0kck4k4cc0wkg4gows08c', // Client/Consumer secret key from Mautic
'callback' => 'http://localhost/mtest/process.php' // Redirect URI/Callback URI for this script
);
/*
// If you already have the access token, et al, pass them in as well to prevent the need for reauthorization
$settings['accessToken'] = $accessToken;
$settings['accessTokenSecret'] = $accessTokenSecret; //for OAuth1.0a
$settings['accessTokenExpires'] = $accessTokenExpires; //UNIX timestamp
$settings['refreshToken'] = $refreshToken;
*/
// Initiate the auth object
$initAuth = new ApiAuth();
$auth = $initAuth->newAuth($settings);
/*
if( $auth->getAccessTokenData() != null ) {
$accessTokenData = $auth->getAccessTokenData();
$settings['accessToken'] = $accessTokenData['access_token'];
$settings['accessTokenSecret'] = 'id6dow060fswcswgsgswgo4c88cw0kck4k4cc0wkg4gows08c'; //for OAuth1.0a
$settings['accessTokenExpires'] = $accessTokenData['expires']; //UNIX timestamp
$settings['refreshToken'] = $accessTokenData['refresh_token'];
}*/
// Initiate process for obtaining an access token; this will redirect the user to the $authorizationUrl and/or
// set the access_tokens when the user is redirected back after granting authorization
// If the access token is expired, and a refresh token is set above, then a new access token will be requested
try {
if ($auth->validateAccessToken()) {
// Obtain the access token returned; call accessTokenUpdated() to catch if the token was updated via a
// refresh token
// $accessTokenData will have the following keys:
// For OAuth1.0a: access_token, access_token_secret, expires
// For OAuth2: access_token, expires, token_type, refresh_token
if ($auth->accessTokenUpdated()) {
$accessTokenData = $auth->getAccessTokenData();
echo "<pre>";
print_r($accessTokenData);
echo "</pre>";
//store access token data however you want
}
}
} catch (Exception $e) {
// Do Error handling
}
use Mautic\MauticApi;
//use Mautic\Auth\ApiAuth;
// ...
$initAuth = new ApiAuth();
$auth = $initAuth->newAuth($settings);
$apiUrl = "http://localhost/mautic/api";
$api = new MauticApi();
$contactApi = $api->newApi("contacts", $auth, $apiUrl);
$data = array(
'firstname' => 'Jim',
'lastname' => 'Contact',
'email' => 'jim#his-site.com',
'ipAddress' => $_SERVER['REMOTE_ADDR']
);
$contact = $contactApi->create($data);
echo "<br/>contact created";
Any help will be appreciated.
use Curl\Curl;
$curl = new Curl();
$un = 'mayank';
$pw = 'mayank';
$hash = base64_encode($un.':'.$pw);
$curl->setHeader('Authorization','Basic '.$hash);
$res = $curl->post(
'http://mautic.local/api/contacts/new',
[
'firstname'=>'fn',
'lastname'=>'ln',
'email'=>'t1#test.com'
]
);
var_dump($res);
This is something very simple i tried and it worked for me, please try cleaning cache and enable logging, unless you provide us some error it's hard to point you in right direction. Please check for logs in app/logs directory as well as in /var/logs/apache2 directory.
In my experience sometimes after activating the API in the settings the API only starts working after clearing the cache.
Make sure you have activated the API in the settings
Clear the cache:
cd /path/to/mautic
rm -rf app/cache/*
Then try again
If this didn't work, try to use the BasicAuth example (You have to enable this I the settings again and add a new User to set the credentials)
I suspect that the OAuth flow might be disturbed by the local settings / SSL configuration.
these steps may be useful:
make sure API is enabled(yes I know it's might be obvious but still);
check the logs;
check the response body;
try to send it as simple json via Postman
it may be one of the following problems:
Cache;
You are not sending the key:value; of the required custom field;
you are mistaken with authentication;
Good luck :)
We have recently create the google marketplace app and published as public .admin of the google apps domain users can able to install it .
i recently try to implement the CustomerLicense,LicenseNotification Apis in for my app
But i dont know how to send a Authorization for it Please suggest me to how to do this
My requirement :
1.I need to know whether the given domain has installed my marketplace app or not (My input is authorization,email id or domain name
2.If any user uninstall or revoke the data access for my marketplace app i need to get the notify (optional)
Here is sample code :
$appId = '';**//Where i get this**
$userid = '';**//It is emailid or domain name or user unique numeric id**/
$oauthOptions = array(
'requestScheme' => Zend_Oauth::REQUEST_SCHEME_HEADER,
'signatureMethod' => 'HMAC-SHA1',
'consumerKey' => '', **//Where i get this**
'consumerSecret' => "" **//Where i get this**
);
//We get from APP URL
try {
$userid = 'backup-testing.in';
$token = new Zend_Oauth_Token_Access();
$client = $token->getHttpClient($oauthOptions);
$url = "https://www.googleapis.com/appsmarket/v2/customerLicense/$appId/$userid";
$client->setMethod(Zend_Http_Client::GET);
$gdata_put = new Zend_Gdata($client);
$resultR = $gdata_put->get($url);
} catch (Exception $e) {
var_dump($e);
}
This is my marketplace app
in chrome westore : https://chrome.google.com/webstore/detail/gapps-backup/jmjnfmekbahcminibjmedfehecoihglj
Here you can find information about the Licensing API https://developers.google.com/google-apps/marketplace/v2/developers_guide which i think will be useful for what you want to do. hope it helps.