Uncaught PHP Exception Symfony\Component\HttpFoundation\File\Exception\FileNotFoundException: "The file "" does not exist" at /var/app/current/vendor/symfony/symfony/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeGuesser.php line 116 {"exception":"[object] (Symfony\\Component\\HttpFoundation\\File\\Exception\\FileNotFoundException(code: 0): The file \"\" does not exist at /var/app/current/vendor/symfony/symfony/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeGuesser.php:116)"}
If you see this error the odds are high that you are trying to upload a file larger than the max values set in you php.ini config file (upload_max_filesize and post_max_size).
Cristian Pana - personal blog on software development, PHP, Symfony Framework, web technologies.
Tuesday, October 22, 2019
Wednesday, October 2, 2019
Symfony service container: binding arguments by name or type
This cool feature was introduced in Symfony 3.4 (https://symfony.com/blog/new-in-symfony-3-4-local-service-binding) but I didn't use till today.
Example: create a custom Monolog channel and inject the service in controller (Symfony 4).
I was thinking that I will have to create some sort of custom service definition in order to inject the service "monolog.logger.mychannel" into my controller, but no, it was way easier.
In services.yaml just add:
Now is super easy to inject the service in controllers by adding "$mychannelLogger" in the list of function parameters:
Read more about it in Symfony docs: https://symfony.com/doc/current/service_container.html#services-binding
Example: create a custom Monolog channel and inject the service in controller (Symfony 4).
I was thinking that I will have to create some sort of custom service definition in order to inject the service "monolog.logger.mychannel" into my controller, but no, it was way easier.
In services.yaml just add:
services: # default configuration for services in *this* file _defaults: bind: # pass this service to any $mychannelLogger argument for any # service that's defined in this file $mychannelLogger: '@monolog.logger.mychannel'
Now is super easy to inject the service in controllers by adding "$mychannelLogger" in the list of function parameters:
/** * @Route("/{id}", name="project_update", methods={"POST"}) */ public function delete(Request $request, LoggerInterface $mychannelLogger): Response {
Read more about it in Symfony docs: https://symfony.com/doc/current/service_container.html#services-binding
Wednesday, September 18, 2019
Custom user provider using multiple database connections with Doctrine and Symfony 4
Situation :
I am using Symfony 4.3 and autowiring.
I have 2 Doctrine database connections, a default and "users" connection:
So my User entity was managed by the secondary connection "users". Checking from command line would show me that everything is mapped correctly:
Also when loading users I am using a customer query by making UserRepository implement the UserLoaderInterface. (https://symfony.com/doc/current/security/user_provider.html).
But when I try to login, ugly surprise this error pops:
"The class 'App\Entity\UsersManagement\User' was not found in the chain configured namespaces App\Entity\Main"
After googling a little bit I get to this life saving comment from stof: https://github.com/symfony/symfony/pull/8187#issuecomment-18910167
So there is a 'secret' parameter "manager_name" that you need to add to security.yml and is not enough that the entity is correctly mapped by Doctrine.
If somebody ever finds this useful please add a comment :D
I am using Symfony 4.3 and autowiring.
I have 2 Doctrine database connections, a default and "users" connection:
doctrine: dbal: default_connection: default connections: ..... orm: auto_generate_proxy_classes: true default_entity_manager: default entity_managers: default: connection: default mappings: Main: is_bundle: false type: annotation dir: '%kernel.project_dir%/src/Entity/Main' prefix: 'App\Entity\Main' alias: Main users: connection: users mappings: Users: is_bundle: false type: annotation dir: '%kernel.project_dir%/src/Entity/UsersManagement' prefix: 'App\Entity\UsersManagement' alias: Users
So my User entity was managed by the secondary connection "users". Checking from command line would show me that everything is mapped correctly:
php bin/console doctrine:mapping:info --em=users Found 7 mapped entities: [OK] App\Entity\UsersManagement\User
Also when loading users I am using a customer query by making UserRepository implement the UserLoaderInterface. (https://symfony.com/doc/current/security/user_provider.html).
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
app_user_provider:
entity:
class: App\Entity\UsersManagement\User
But when I try to login, ugly surprise this error pops:
"The class 'App\Entity\UsersManagement\User' was not found in the chain configured namespaces App\Entity\Main"
After googling a little bit I get to this life saving comment from stof: https://github.com/symfony/symfony/pull/8187#issuecomment-18910167
Here is how you configure it:
security:
providers:
my_provider:
entity:
class: Acme\DemoBundle\Entity\User
manager_name: users #non default entity manager
So there is a 'secret' parameter "manager_name" that you need to add to security.yml and is not enough that the entity is correctly mapped by Doctrine.
If somebody ever finds this useful please add a comment :D
Thursday, April 20, 2017
Automated API testing using Codeception
I was looking for a tool for testing an API, and I remembered about my old friend Codeception, which I used for some functional testing a while ago. I need now to test an API which is receiving requests and gives responses using JSON format.
I will be using "Cest" format: "Cest combines scenario-driven test approach with OOP design. In case you want to group a few testing scenarios into one you should consider using Cest format."
Before starting to write my first tests I need to find a way to pass a username and password to all tests, as it is needed for connecting to the API.
I can add any parameters to the api.suite.yml and access them inside my test classes:
api.suite.yml
And inside tests/api/UsersTestCest.php
The function "_before()" will be executed as it names says, before actual test functions, and it will initialize the variables with values from api.suite.yml file.
Let's write the first test function:
The link where the request is sent with the function sendPost() is the concatenation between the URL parameter from api.suite.yml and the first parameter in sentPost() function.
You can check if the response has HTTP status 200, if it is in JSON format and if the JSON has the expected structure.
Even more you can create your own assertions. These custom functions needs to be added to the file "tests/_support/ApiTester.php".
I will add a function to verify if the "status" field from the response is equal to '1'
Run all tests with this command:
Or only tests from certain class:
The tests are executed in the alphabetic order of the classes, but you can use the annotation "@depends" to indicated that your test function depends on other one(s).
Enjoy!
Install Codeception via Composer
$ composer require "codeception/codeception"
Create an alias so you do not have to write the entire path every time you execute a command:
$ alias codecept='./vendor/bin/codecept'
Create an API test suite:
$ codecept generate:suite apiEdit the configuration file tests/api.suite.yml:
class_name: ApiTester
modules:
enabled:
- \Helper\Api
- REST:
url: "http://yourwebste.com/"
depends: PhpBrowser
part: Json
I will be using "Cest" format: "Cest combines scenario-driven test approach with OOP design. In case you want to group a few testing scenarios into one you should consider using Cest format."
$ codecept generate:cest api UsersTestCestThis command is creating a PHP file under tests/api/.
Before starting to write my first tests I need to find a way to pass a username and password to all tests, as it is needed for connecting to the API.
I can add any parameters to the api.suite.yml and access them inside my test classes:
api.suite.yml
class_name: ApiTester modules: enabled: - \Helper\Api - REST: url: "http://yourwebsite.com" depends: PhpBrowser part: Json params: username: "username" password: "password"
And inside tests/api/UsersTestCest.php
class UsersTestCest { private $username; private $password; public function _before(ApiTester $I) } { $config = \Codeception\Configuration::config(); $apiSettings = \Codeception\Configuration::suiteSettings('api', $config); $this->username = $apiSettings['params']['username']; $this->password = $apiSettings['params']['password']; } }
The function "_before()" will be executed as it names says, before actual test functions, and it will initialize the variables with values from api.suite.yml file.
Let's write the first test function:
public function createUser(ApiTester $I) { $action = "create_user"; $I->haveHttpHeader('Content-Type', 'application/json'); $array=[ "action"=> $action, "username"=> $this->username, "key"=> $this->password, "user_username"=> "new_username", "user_email"=> "email@company.com", "user_password"=> "password" ] ]; $string = json_encode($array); $I->sendPOST('api.php',$string); $I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK); // 200 $I->seeResponseIsJson(); $I->seeResponseMatchesJsonType([ 'operation' => 'string', 'status' => 'string', ]); }
The link where the request is sent with the function sendPost() is the concatenation between the URL parameter from api.suite.yml and the first parameter in sentPost() function.
You can check if the response has HTTP status 200, if it is in JSON format and if the JSON has the expected structure.
Even more you can create your own assertions. These custom functions needs to be added to the file "tests/_support/ApiTester.php".
I will add a function to verify if the "status" field from the response is equal to '1'
<?php namespace Helper; class will be available in $I use Codeception\TestInterface; class Api extends \Codeception\Module { public function checkOperationStatusSuccess() { $response = $this->getModule('REST')->response; $array = json_decode($response, true); $this->assertEquals('1',$array['status'],"Operation status should be '1' for success."); } }
Run all tests with this command:
codecept run api -v
Or only tests from certain class:
$ codecept run tests/api/UsersTestCest.php -v
The tests are executed in the alphabetic order of the classes, but you can use the annotation "@depends" to indicated that your test function depends on other one(s).
Enjoy!
Friday, October 7, 2016
Web SSO - part 2 - integration with LDAP
In my previous article I presented how to create a web SSO system using SimpleSAMLphp and Symfony. The users where declared directly in simpleSAMLphp using "exampleauth:UserPass".
In many companies a LDAP server is the source from where information about user authentication is taken. I will install OpenLDAP and configure my applications to use it.
1. Install OpenLDAP and phpLDAPadmin
For installing OpenLDAP and phpLDAPadmin I followed this tutorials from DigitalOcean:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openldap-and-phpldapadmin-on-an-ubuntu-14-04-server
You will need to edit also the ldap.conf file, see this thread on StackOverflow
Also you may get an error when trying to login with phpLDAPadmin "Notice: Undefined variable: _SESSION in ..".
For me this solution from StackOverflow solved the problem:
"Just add the user wich is running Apache2 (or php5-fpm!) to the system group "www-data" (debian) and restart services apache AND if used php5-fpm both.
Get the User apache is running as:
~# sed -rn 's/^User (.+)/\1/p' /etc/apache2/apache2.conf"
Using phpLDAPadmin I've created two groups "admin" and "regular_users" and also I've created some users allocated to these two groups.
The documentation for using LDAP authentication is found here: https://simplesamlphp.org/docs/stable/ldap:ldap
My settings are:
Select LDAP authentication to be used from /metadata/saml20-idp-hosted.php
/*
*Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'example-ldap',
I will be using these gidNumbers to correctly create roles in the Symfony application.
The changes to be made are done in the UserCreator class:
Of course you need to change these mappings to fit your situation.
In many companies a LDAP server is the source from where information about user authentication is taken. I will install OpenLDAP and configure my applications to use it.
1. Install OpenLDAP and phpLDAPadmin
For installing OpenLDAP and phpLDAPadmin I followed this tutorials from DigitalOcean:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openldap-and-phpldapadmin-on-an-ubuntu-14-04-server
You will need to edit also the ldap.conf file, see this thread on StackOverflow
Also you may get an error when trying to login with phpLDAPadmin "Notice: Undefined variable: _SESSION in ..".
For me this solution from StackOverflow solved the problem:
"Just add the user wich is running Apache2 (or php5-fpm!) to the system group "www-data" (debian) and restart services apache AND if used php5-fpm both.
Get the User apache is running as:
~# sed -rn 's/^User (.+)/\1/p' /etc/apache2/apache2.conf"
Using phpLDAPadmin I've created two groups "admin" and "regular_users" and also I've created some users allocated to these two groups.
2. Modify SimpleLDAPphp to use OpenLDAP
The documentation for using LDAP authentication is found here: https://simplesamlphp.org/docs/stable/ldap:ldap
My settings are:
Select LDAP authentication to be used from /metadata/saml20-idp-hosted.php
/*
*Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'example-ldap',
3. Modify Symfony app
In the current Symfony application I am expecting an attribute roles containing an array of roles. From LDAP I will receive different attributes, one of them is gidNumber, which is a number identifying a group. My current groups: admin and regular_users have gidNumber 500 and 501.I will be using these gidNumbers to correctly create roles in the Symfony application.
The changes to be made are done in the UserCreator class:
Of course you need to change these mappings to fit your situation.
4. Test
First make sure to delete any sessions and cookies. After that try to access the secure route from consumer1.local, login with any user from LDAP and you should be redirected to secure area. Check in database if the user and user roles were created correctly.Web SSO with Symfony and SimpleSAMLphp
1. Single sign on (SSO)
Sooner or later web development teams face
one problem: you have developed an application at domain X and now you
want your new application at domain Y to use the same login information
as the other domain. In fact, you want more: you want users who are already logged-in at domain X to be already logged-in at domain Y. This is what SSO is all about. (source: https://auth0.com/blog/what-is-and-how-does-single-sign-on-work )
2. Concepts:
Identity Provider (IdP) - is responsible for (a) providing identifiers for users looking to
interact with a system, (b) asserting to such a system that such an
identifier presented by a user is known to the provider, and (c)
possibly providing other information about the user that is known to the
provider.
ServiceProvider (SP) - it can be any application. In order to access the secure areas of the application the user need to be authenticated and authorized by a IdP
SAML - Security Assertion Markup Language (SAML, pronounced sam-el) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.
3. The flow
- the USER requests a secure area from ServiceProvider
- if the user is not authenticated it is redirected to IdP with some information about SP
- the USER fills his credentials on IdP and after successful authentication is redirected back to SP
- based on the answer from IdP the SP creates the a new user or identify an existing one in his own database and creates a session.
4. Tools
SimpleSAMLphp - it can be used both as IdP and SP, I will be using it only as IdP
lightsaml/SP-Bundle - Symfony Bundle implementing the ServiceProvider
5. Implementation
5.1. Create and configure IdP
Install simpleSAMLphp following the documentation. I've created a virtualhost idp.local and the simpleSAMLphp is available at : http://idp.local/simplesamlphp
Next step is to configure simleSAMLphp as IdentityProvider following the quick guide using the exampleauth:UserPass authentication method.
I'll modify the defined users in config/authsources.php, by replacing the attribute "eduPersonAffilication" with 'roles':
'student:studentpass' => array(
'uid' => array('student'),
'roles' => array('ROLE_USER', 'ROLE_SEF'),
),
To make it clear, you have just created a user "student" with password "studentpass".
Skip the step 6 from the quick guide.
At the step 7 you need to enter the information about ServiceProviders. At this moment they do not exist, but they will, so you can fill the following 2 service providers:
$metadata['http://consumer1.local/saml'] = array(
'AssertionConsumerService' => 'http://consumer1.local/app_dev.php/saml/login_check',
'SingleLogoutService' => 'https://consumer1.local/app_dev.php/logout',
'simplesaml.nameidattribute' => 'uid',
);
$metadata['http://consumer2.local/saml'] = array(
'AssertionConsumerService' => 'http://consumer2.local/app_dev.php/saml/login_check',
'SingleLogoutService' => 'https://consumer2.local/app_dev.php/logout',
'simplesaml.nameidattribute' => 'uid',
);
I called them consumers because they consume the authentication service provided by IdP.
Skip steps from 8 to 11.
5.2 Create and configure SPs
Install Symfony and create a virtual host consumer1.local
We will be following the lightsaml/SP-Bundle documentation found here.
At step 7 configure your own entity_id and use the previously created IdP.
- First go to your IdP, it should be idp.local/simplesamlphp. Click on the Federation tab, you should see somewhere SAML 2.0 IdP Metadata. Click on [Show metadata], copy the XML and createa file in your Symfony app: /src/AppBundle/Idp/idp.local.xml and paste the XML.
- edit app/config.yml
At step 9 (and 11), please see below my security.yml:
Where /secure is a just route I created for testing purpose. Step 10. Basically if the user logged in IdP does not exist in the database of the SP, in this case consumer1.local, it needs to be created. For this reason a UserCreator class is made. In the documentation this class is able to identify the user id (uid) using a "username mapper" service. I will enhance that by adding an "attributes" mapper which will create an array with the other attributes passed from IdentityProvider. I want to pass a list of roles from IdP to SP. If you remember I've added a list of 'roles' to my 'student' user. Below you can find a gist with the code for the AttributeMapper
Declare the attribute mapper service in app/services.yml:attribute_mapper:
class: AppBundle\Security\User\AttributeMapper
Modify the UserCreator class:Declare the User Creator service injecting in it our Attribute Mapper service:
user_creator: class: AppBundle\Security\User\UserCreator arguments: - "@=service('doctrine').getManager()" - "@lightsaml_sp.username_mapper.simple" - "@inno.attribute_mapper"Also inject the attribute mapper service into the security.authentication.provider.lightsaml_sp service:
security.authentication.provider.lightsaml_sp: class: LightSaml\SpBundle\Security\Authentication\Provider\LightsSamlSpAuthenticationProvider arguments: - ~ # provider key - ~ # user provider - ~ # force - "@security.user_checker" - "@lightsaml_sp.username_mapper.simple" # username mapper - ~ # user creator - "@inno.attribute_mapper" # attribute mapper - ~ # token factory abstract: true5.3 Put your application at work
In browser try to access consumer1.local/app_dev.php/secure, because you are not authenticated
you should be redirected to http://consumer1.local/app_dev.php/saml/discoveryClick on your IdP,
you will be redirected to the IdP site where you will fill your user and password (student and
studentpass. After that you are redirected to the secure page on cosumer1.local.You can check your
database to see the newly created user. Now copy your Symfony installation and make another
virtual host consumer2.local. Open the browser and try to access: consumer2.local/app_dev.php/securePick
your IdP from discovery page, because you are already logged on IdP you will not be asked for
password again, instead you are redirected to the secure page. Victory!In the next blog post I will
investigate integrating LDAP with SimpleSAMLphp.
Labels:
Identity Provider,
IdP,
SAML,
ServiceProvider,
simpleSAMLphp,
SP,
SSO,
SYmfony,
web sso
Wednesday, September 14, 2016
Using Silex and Symfony together in same application
I am testing the idea of having an application using both Silex and Symfony.
Why ?
Maybe because I want for some parts of the application to be really fast, and for the most of the application to enjoy the productivity of using a full stack framework and have access to all the third party bundles.
Of course having 2 application may introduce other kind of problems.
How my application should work:
- receive request
- fast Silex kernel handles the request.
- if the URL request is not matching any of the routes from Silex, it will return a response with status 404
- if the URL is matching a route, execute controller and get response
- check what is the response from Silex
- if the response has status 404 pass it to the Symfony kernel
- otherwise return response
Using the 2 frameworks together is possible because they both use the same abstraction for HTTP Request and Response and the HttpKernel.
There is a project called StackPHP that promotes interoperability between applications based on the HttpKernelInterface.
Implementation:
Create a probject folder under /var/www/public called double: /var/www/public/double
I will be using Symfony Standard Edition and Silex Skeleton project by Fabien Potencier: https://packagist.org/packages/fabpot/silex-skeleton
Install using Composer in two different subfolders:
composer create-project fabpot/silex-skeleton silex ~2.0@dev
composer create-project symfony/framework-standard-edition symf
Create a virtual host that will point to /var/www/public/double/symf/web
You may want to first save Symfony app.php and app_dev.php before editing them:
app_dev.php :
Into app.php I've added microtime() function to get the loading time in production as I do not have access to the Web Profiler.
I did some simple tests using the production env (app.php) and generally Silex is 3 times faster than Symfony, which is no surprise as it is lighter.
In Silex I used Doctrine DBAL (not ORM), the provider it is included in the Silex Skeleton project, just needs to be configured in src/app.php:
Why ?
Maybe because I want for some parts of the application to be really fast, and for the most of the application to enjoy the productivity of using a full stack framework and have access to all the third party bundles.
Of course having 2 application may introduce other kind of problems.
How my application should work:
- receive request
- fast Silex kernel handles the request.
- if the URL request is not matching any of the routes from Silex, it will return a response with status 404
- if the URL is matching a route, execute controller and get response
- check what is the response from Silex
- if the response has status 404 pass it to the Symfony kernel
- otherwise return response
Using the 2 frameworks together is possible because they both use the same abstraction for HTTP Request and Response and the HttpKernel.
There is a project called StackPHP that promotes interoperability between applications based on the HttpKernelInterface.
Implementation:
Create a probject folder under /var/www/public called double: /var/www/public/double
I will be using Symfony Standard Edition and Silex Skeleton project by Fabien Potencier: https://packagist.org/packages/fabpot/silex-skeleton
Install using Composer in two different subfolders:
composer create-project fabpot/silex-skeleton silex ~2.0@dev
composer create-project symfony/framework-standard-edition symf
Create a virtual host that will point to /var/www/public/double/symf/web
You may want to first save Symfony app.php and app_dev.php before editing them:
app_dev.php :
<?php use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Debug\Debug; use Silex\Application; /** * @var Composer\Autoload\ClassLoader $loader */ $loader = require __DIR__.'/../app/autoload.php'; require_once __DIR__.'/../../silex/vendor/autoload.php'; Debug::enable(); //create request object $request = Request::createFromGlobals(); //initialize Silex app $app = require __DIR__.'/../../silex/src/app.php'; require __DIR__.'/../../silex/config/dev.php'; require __DIR__.'/../../silex/src/controllers.php';
//handle request with Silex app
$response = $app->handle($request);
if ($response->getStatusCode() === 404) {
//initialize Symfony app and handle request $kernel = new AppKernel('dev', true); $kernel->loadClassCache(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response); } else { $response->send(); $app->terminate($request, $response); }
Into app.php I've added microtime() function to get the loading time in production as I do not have access to the Web Profiler.
<?php use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Silex\Application; $time_start = microtime(true); /** * @var Composer\Autoload\ClassLoader $loader */ $loader = require_once __DIR__.'/../app/autoload.php'; require_once __DIR__.'/../../silex/vendor/autoload.php'; //create request object $request = Request::createFromGlobals(); //initialize Silex app $app = require __DIR__.'/../../silex/src/app.php'; require __DIR__.'/../../silex/config/prod.php'; require __DIR__.'/../../silex/src/controllers.php'; $response = $app->handle($request); if ($response->getStatusCode() === 404) { $kernel = new AppKernel('prod', false); $kernel->loadClassCache(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response); $time_end = microtime(true); $time = $time_end - $time_start; echo "Execution time: $time seconds\n"; } else { $response->send(); $app->terminate($request, $response); $time_end = microtime(true); $time = $time_end - $time_start; echo "Execution time: $time seconds\n"; }
I did some simple tests using the production env (app.php) and generally Silex is 3 times faster than Symfony, which is no surprise as it is lighter.
In Silex I used Doctrine DBAL (not ORM), the provider it is included in the Silex Skeleton project, just needs to be configured in src/app.php:
$app->register(new DoctrineServiceProvider(), array( 'dbs.options' => array ( 'localhost' => array( 'driver' => 'pdo_mysql', 'host' => 'localhost', 'dbname' => 'symfony', 'user' => 'root', 'password' => 'root', 'charset' => 'utf8', ) ), ));
Subscribe to:
Posts (Atom)