Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

There is any way to validate Token from database if failed return 403 through before => function(){} #170

Open
ShivPandey opened this issue Jun 30, 2019 · 5 comments
Open

There is any way to validate Token from database if failed return 403 through before => function(){} #170

ShivPandey opened this issue Jun 30, 2019 · 5 comments

Comments

@ShivPandey
Copy link

ShivPandey commented Jun 30, 2019
edited by tuupola
Loading 

$app->add(new Tuupola\Middleware\JwtAuthentication([
    "secret" => AUTH_KEY,
    "ignore" => ["/login", "/home"],
    "before" => function ($request, $arguments) {
        $token = $request->getAttribute("token");
        if($token){
            // define school global variable
            defined("TOKEN") || define("TOKEN", $token);

        } else {
            return false message
        }
    },
    "error" => function ($response, $arguments) {
        $data["status"] = "error";
        $data["message"] = $arguments["message"];
        return $response
            ->withHeader("Content-Type", "application/json")
            ->getBody()->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
    }
]));
@dakujem
Copy link
Contributor

dakujem commented Jul 1, 2019

@ShivPandey the before callback is not fired when an error occurs during the decoding. Instead, you can use the error callback to do whatever you want (including changing the status to 403 or doing something with your DB).

@LeonardoYoel
Copy link

Hello. I have something similar and I have not been able to query my database when I get an error decoding the token. I am using Doctrine, I have a service where I perform the query to close the session, but in the constructor of the service I have to pass the container that contains entitymanager. That is precisely the problem, I cannot pass the container from the error function in the jwtauthentication middleware...

@dakujem
Copy link
Contributor

dakujem commented Jun 28, 2021

@LeonardoYoel What about the use keyword...

$container = $app->getContainer(); // for example

$app->add(new  JwtAuthentication ([
    'error' => function() use ($container){ $container->doStuff(); }
]));

@LeonardoYoel
Copy link

LeonardoYoel commented Jul 5, 2021
edited
Loading

I'm trying to handle throw new \Exception('unauthorized', 401); from before, is that possible?

@dakujem
Copy link
Contributor

dakujem commented Jul 12, 2021

@LeonardoYoel
Did you mean to do this?

    $slim->add(function (
        \Psr\Http\Message\ServerRequestInterface $request,
        \Psr\Http\Server\RequestHandlerInterface $handler
    ) {
        try {
            return $handler->handle($request);
        } catch (Throwable $e) {
            // report
            \Sentry\captureException($e);

            // rethrow (propagate)
            throw $e;
        }
    });

If you place this middleware on top of the JwtAuthentication middleware in the stack (that is, below in the code), it will catch anyting thrown by it, including the before callable.

This is getting seriously off-topic, though.

jhmoon2000 added a commit to jhmoon2000/slim-jwt-auth that referenced this issue Mar 29, 2022
@jhmoon2000
Update JwtAuthentication.php
744e747 
Line tuupola#170 is redundant.
@jhmoon2000 jhmoon2000 mentioned this issue Mar 29, 2022
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dakujem @ShivPandey @LeonardoYoel