Hello, I tried to use the JWT feature within an app. I have alre

Hello Louis, Are you returning the Response object <code class="notr

Not creating cookie about fastsitephp HOT 8 CLOSED

fastsitephp commented on May 18, 2024

Not creating cookie

from fastsitephp.

Comments (8)

ConradSollitt commented on May 18, 2024

Hi Louis,

Thanks for your detailed issue. I'm about to go to bed but will get back to you with-in the next few days.

Thanks for trying FastSitePHP.

Regards,
Conrad

from fastsitephp.

loulou2852 commented on May 18, 2024

Ok Conrad, have a good night and see you soon.

Regards

from fastsitephp.

ConradSollitt commented on May 18, 2024

Hello Louis,

Are you returning the Response object $res? It must be returned on the route for the cookies to be set. Since FastSitePHP routes are flexible in out data is returned it might be easy to miss.

Here are API docs with many samples on using the Response Object
https://www.fastsitephp.com/en/api/Web_Response

If you are returning the response object to the route then I might need to see more of the code to help figure out the issue.

Here is a modified snippet of your code for the full route where I was able to test the cookies working. I added some comments to help explain the code in more detail.

$app->get('/', function() use ($app) {
    $jwt = new \FastSitePHP\Security\Crypto\JWT();
    $res = new \FastSitePHP\Web\Response();
    
    $payload = [
        // 'name' => $user[0]["user_nicename"],
        // 'email' => $user[0]["user_email"],
        'id' => 123 // $user[0]["ID"]
    ];
    
    $token = $jwt->encode($payload, $app->config['JWT_KEY']);

    // All functions called below (and many for the Response object)
    // are chainable using setter style functions. Chainable functions
    // return the `$this` of the Response object.
    return $res
        ->cookie('userapp', $token)    // No timeout specified. Cookie is a Session by default
        ->jwtCookie('user', $payload)  // Uses 1 Hour Timeout by Default
        ->content($token);             // Set HTML

    // Calling the functions one at a time also works.
    // Use whichever method you find preferable.
    /*
    $res->cookie('userapp', $token);
    $res->jwtCookie('user', $payload);
    $res->content($token);
    return $res;
    */
});

from fastsitephp.

loulou2852 commented on May 18, 2024

I tried to return the $res, but nothing is working. I created for you a server that you can test https://fastsitephp.louisbernard.fr/ serveur: node170-eu.n0c.com ***@***.*** ***@***.*** Port: 21 I've got a form with a submit post And I created a GET /test Have a look Le jeu. 24 mars 2022 à 23:44, Conrad Sollitt ***@***.***> a écrit :

…

Hello Louis, Are you returning the Response object $res? It must be returned on the route for the cookies to be set. Since FastSitePHP routes are flexible in out data is returned it might be easy to miss. Here are API docs with many samples on using the Response Object https://www.fastsitephp.com/en/api/Web_Response If you are returning the response object to the route then I might need to see more of the code to help figure out the issue. Here is a modified snippet of your code for the full route where I was able to test the cookies working. I added some comments to help explain the code in more detail. $app->get('/', function() use ($app) { $jwt = new \FastSitePHP\Security\Crypto\JWT(); $res = new \FastSitePHP\Web\Response(); $payload = [ // 'name' => $user[0]["user_nicename"], // 'email' => $user[0]["user_email"], 'id' => 123 // $user[0]["ID"] ]; $token = $jwt->encode($payload, $app->config['JWT_KEY']); // All functions called below (and many for the Response object) // are chainable using setter style functions. Chainable functions // return the `$this` of the Response object. return $res ->cookie('userapp', $token) // No timeout specified. Cookie is a Session by default ->jwtCookie('user', $payload) // Uses 1 Hour Timeout by Default ->content($token); // Set HTML // Calling the functions one at a time also works. // Use whichever method you find preferable. /* $res->cookie('userapp', $token); $res->jwtCookie('user', $payload); $res->content($token); return $res; */ }); [image: image] <https://user-images.githubusercontent.com/57777521/160020816-b36e2f0b-0296-4f5d-b0b4-5229b10ce67b.png> — Reply to this email directly, view it on GitHub <#22 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABEYNSW7W6YQ3757TWXVXADVBTV3FANCNFSM5RQH3DKQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

from fastsitephp.

ConradSollitt commented on May 18, 2024

I couldn't figure out the login for the FTP site but received the error shown in the screenshot below when testing both after submit and from the /test route.

If you could zip up the main file (without any security info) I might be able to access it that way.

Or based on the error I can help here too. Basically the response object is being returned without having content set. A blank string will work $res->content(''); - the reason for the error is to make sure the API is being used correctly so blank pages are allowed but they just have to be set explicitly.

There are several options on how to handle I can think of.

Using $app->render()
Are you using $app->render($template_file) for the main route? If so it returns an HTML string so you can do this when using the response object:

$html = $app->render($file_or_files, $data);
$res->jwtCookie('user', $payload);
$res->content($html);
return $res;

Using Middleware API
Another option is to use middleware API. I created an Auth Middleware for the Starter Site Template. It requires more setup so I can help customize it for you if needed. Basically it handles Auth and Cookie setup (use a SQLite demo db). Internally the Auth class uses Response for some routes and $app->cookie($name, $value) without using the response for some routes. This allows for use of $app->render() from any route that uses the Auth Middleware so it can be a good solution for a site with many routes that uses PHP templates.

https://fastsitephp.com/en/api/App_Middleware_Auth

https://github.com/fastsitephp/starter-site/blob/master/app/Middleware/Auth.php

Using basic Filter Function

Without using the starter site or a larger setup you define filter functions that run prior to the route being called (and only if the route is matched). I use this on the code playground.

https://fastsitephp.com/en/playground

All communication is through JSON services using JS though but it can give you an idea of the flexibility of creating custom auth.

https://github.com/fastsitephp/playground/blob/master/app/app.php

$require_auth = function () use ($app) {
    // ...
};

$app->post('/download-site', function() use ($app) {
    $path = getSitePath($app->locals['site']);
    return getSite($path);
})
->filter($require_auth);

If using this method I could see using something like this for your site:

use FastSitePHP\Web\Request;
use FastSitePHP\Web\Response;
use FastSitePHP\Security\Crypto\JWT;

$use_auth = function() use ($app) {
    // Get User from Request
    $cookie_name = 'user';
    $req = new Request();
    $user = $req->jwtCookie($cookie_name);
    if ($user === null) {
        // Return Login Page if User is not Logged-in
        $html = $app->render('login.php');
        $res = new Response($app);
        return $res
            ->statusCode(401)
            ->content($html);
    }

    // Set Cookie for the Response
    // For each page request extend the login by one hour.
    // To have no timeout remove `$jwt->addClaim()`.
    $jwt = new JWT();
    $user = $jwt->addClaim($user, 'exp', '+1 hour');
    $token = $jwt->encode($user, $app->config['JWT_KEY']);
    $app->cookie($cookie_name, $token);
};


$app->post('/submit', function() use ($app) {
    $req = new \FastSitePHP\Web\Request();
    $login = $req->form('login');
    $password = $req->form('password');

    // Query Database or check user/password
    // ....
    $user = [];
    if (count($user) === 0) {
        return $app->render('login.php');
    }

    // Set cookie for valid user
    $payload = [
        'name' => $user[0]["user_nicename"],
        'email' => $user[0]["user_email"],
        'id' => $user[0]["ID"],
        'exp' => strtotime("+1 hour") // Add Optional JWT Expiration
    ];
    $token = $jwt->encode($payload, $app->config['JWT_KEY']);
    $app->cookie('user', $token);

    // Redirect to logged-in page
    return $app->redirect('test');
});


$app->get('/test', function() use ($app) {
    return $app->render('test.php');
})
->filter($use_auth);

Error from Demo Site

from fastsitephp.

loulou2852 commented on May 18, 2024

Hello, Sorry for the delay, it was a busy week. This is my code in this link: https://www.swisstransfer.com/d/e4524438-f8fc-49d4-9893-ebb8446fe42c Just copy all the folder within public_html into your root folder. Regards. Louis Le sam. 26 mars 2022 à 23:25, Conrad Sollitt ***@***.***> a écrit :

…

I couldn't figure out the login for the FTP site but received the error shown in the screenshot below when testing both after submit and from the /test route. If you could zip up the main file (without any security info) I might be able to access it that way. Or based on the error I can help here too. Basically the response object is being returned without having content set. A blank string will work $res->content(''); - the reason for the error is to make sure the API is being used correctly so blank pages are allowed but they just have to be set explicitly. There are several options on how to handle I can think of. *Using $app->render()* Are you using $app->render($template_file) for the main route? If so it returns an HTML string so you can do this when using the response object: $html = $app->render($file_or_files, $data);$res->jwtCookie('user', $payload);$res->content($html);return $res; *Using Middleware API* Another option is to use middleware API. I created an Auth Middleware for the Starter Site Template <https://github.com/fastsitephp/starter-site>. It requires more setup so I can help customize it for you if needed. Basically it handles Auth and Cookie setup (use a SQLite demo db). Internally the Auth class uses Response for some routes and $app->cookie($name, $value) without using the response for some routes. This allows for use of $app->render() from any route that uses the Auth Middleware so it can be a good solution for a site with many routes that uses PHP templates. https://fastsitephp.com/en/api/App_Middleware_Auth https://github.com/fastsitephp/starter-site/blob/master/app/Middleware/Auth.php *Using basic Filter Function* Without using the starter site or a larger setup you define filter functions that run prior to the route being called (and only if the route is matched). I use this on the code playground. https://fastsitephp.com/en/playground All communication is through JSON services using JS though but it can give you an idea of the flexibility of creating custom auth. https://github.com/fastsitephp/playground/blob/master/app/app.php $require_auth = function () use ($app) { // ... }; $app->post('/download-site', function() use ($app) { $path = getSitePath($app->locals['site']); return getSite($path); }) ->filter($require_auth); If using this method I could see using something like this for your site: use FastSitePHP\Web\Request;use FastSitePHP\Web\Response;use FastSitePHP\Security\Crypto\JWT; $use_auth = function() use ($app) { // Get User from Request $cookie_name = 'user'; $req = new Request(); $user = $req->jwtCookie($cookie_name); if ($user === null) { // Return Login Page if User is not Logged-in $html = $app->render('login.php'); $res = new Response($app); return $res ->statusCode(401) ->content($html); } // Set Cookie for the Response // For each page request extend the login by one hour. // To have no timeout remove `$jwt->addClaim()`. $jwt = new JWT(); $user = $jwt->addClaim($user, 'exp', '+1 hour'); $token = $jwt->encode($user, $app->config['JWT_KEY']); $app->cookie($cookie_name, $token); }; $app->post('/submit', function() use ($app) { $req = new \FastSitePHP\Web\Request(); $login = $req->form('login'); $password = $req->form('password'); // Query Database or check user/password // .... $user = []; if (count($user) === 0) { return $app->render('login.php'); } // Set cookie for valid user $payload = [ 'name' => $user[0]["user_nicename"], 'email' => $user[0]["user_email"], 'id' => $user[0]["ID"], 'exp' => strtotime("+1 hour") // Add Optional JWT Expiration ]; $token = $jwt->encode($payload, $app->config['JWT_KEY']); $app->cookie('user', $token); // Redirect to logged-in page return $app->redirect('test'); }); $app->get('/test', function() use ($app) { return $app->render('test.php'); }) ->filter($use_auth); *Error from Demo Site* [image: image] <https://user-images.githubusercontent.com/57777521/160257021-75237051-b372-4eb3-947c-538d68afe406.png> — Reply to this email directly, view it on GitHub <#22 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABEYNSUILR6ZPJUZ44Z3ZJ3VB6FFJANCNFSM5RQH3DKQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

from fastsitephp.

ConradSollitt commented on May 18, 2024

Hello Louis,

I'm very sorry for the long delay as it's been a while. My excuses aren't valid, but I took a vacation to visit family and friends right after your lest message, then I got a second job, and with everything going on in the world I haven't kept up on email or GitHub. Crazy what is going on the world right now – anyways, if you still need help with FastSitePHP please let me know and I can help. If you ended up working with something else and still need help, feel free to post here as I can still help because I always learn a lot from working with different environments.

Regards,
Conrad

from fastsitephp.

ConradSollitt commented on May 18, 2024

Closing out this issue as it's been a while.

If you need more help let me know.

from fastsitephp.

Not creating cookie about fastsitephp HOT 8 CLOSED

Comments (8)

Related Issues (5)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent