I was creating a module application for Zend Framework 2. When I try to send a post request to my server with the necessary details, I get the error "Unable to enable crypto on TCP connection api.mysite.com".
Earlier, I was getting the error "Unable to enable crypto on TCP connection api.mysite.com: make sure the "sslcafile" or "sslcapath" option are properly set for the environment."
On googling, I found I should set sslverifypeer to false. After doing this, I was left with the 1st part of the sentence "Unable to enable crypto on TCP connection api.mysite.com."
Not getting idea where I could be wrong.
Under previous exceptions, I get "stream_socket_enable_crypto(): this stream does not support SSL/crypto"
Please see this note in the docs: http://framework.zend.com/manual/2.3/en/modules/zend.http.client.html#connecting-to-ssl-urls . You shouldn't set sslverifypeer unless the site you're connecting to doesn't have a valid SSL certificate. Instead, set sslcapath as the error suggests. This gives PHP a way of validating the SSL certificate supplied by the host you're connecting to.
This is due to your site trying to communicate with a ssl used site. If you want to use default adapterZend\Http\Client\Adapter\Socket you have to define sslcapath configuration option in order to allow PHP to validate the SSL certificate.
To avoid this I used the curl adapter instead.
$client = new Client();
$client->setUri($endPointUrl);
$options = array('put your options');
$client->setOptions($options);
$client->setAdapter('Zend\Http\Client\Adapter\Curl');
$response = $client->send();
Doc : http://framework.zend.com/manual/current/en/modules/zend.http.client.html
You need to set Http Client Options.
Here is the working setting:
// eko/FeedBundle and issue with ssl site -> https://github.com/eko/FeedBundle/issues/51
$httpClientOptions = array(
'adapter' => 'Zend\Http\Client\Adapter\Socket',
'persistent' => false,
'sslverifypeer' => false,
'sslallowselfsigned' => false,
'sslusecontext' => false,
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
'capture_peer_cert' => true,
),
'useragent' => 'Feed Reader',
);
ZendFeedReader::setHttpClient(new ZendHttpClient(null, $httpClientOptions));
Here is the NOT working setting:
// eko/FeedBundle and issue with ssl site -> https://github.com/eko/FeedBundle/issues/51
$httpClientOptions = array(
'adapter' => 'Zend\Http\Client\Adapter\Socket',
'persistent' => false,
'sslverifypeer' => false,
'sslallowselfsigned' => true,
'sslusecontext' => true,
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
'capture_peer_cert' => true,
),
'useragent' => 'Feed Reader',
);
ZendFeedReader::setHttpClient(new ZendHttpClient(null, $httpClientOptions));
Note: I have issue with symfony bundle eko/feedBundle that use Zend library so essentially it is the same for you.
this solution tested and proven to be working.
Related
I have a VueJS app and a Laravel API in separated projects.
I have some issues to auth with laravel sanctum.
My VueJs is on localhost:8080 and my API on localhost:8000
When i try to set cookie, i have a "This set-cookie domain attribute was invalid with regards to the current host url" issue
I think that laravel cant set cookie, when i try to auth he returned a 419 error status which mean token mismatch.
My config/cors.php
'paths' => [
'api/*',
'sanctum/csrf-cookie',
'login',
'logout'
],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
I follow the laravel documentation.
Add theses lines to my app/Http/Kernel.php
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
'api' => [
EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
I activated axios credentials in my vue app
axios.defaults.withCredentials = true;
I set my SESSION_DOMAIN=localhost:8080.
In my VueJS login component :
axios
.get('/sanctum/csrf-cookie')
.then(response => {
axios.post('/login', {
email : 'alexandria96#example.com',
password : 'password'
}).then(response => {
console.log('User signed in!');
}).catch(error => console.log(error)); // credentials didn't match
});
enter image description here
The request for csrf-cookie
enter image description here
The request for login
enter image description here
Before logging in you have to check that cookie are setted. Your cookie is not set that's why you have 419 error.
Try to take away ports from configs.
Try
SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost
And now check cookies. For me works.
We have existing code that uses AWS PHP SDK version 1 AmazonSTS()->get_federation_token(). After upgrading to SDK version 3, the same call using the same credentials, resource and policy returns a 403 not authorized error.
Version and region appear to be the same. The policy json is the same. The user credentials used to make the call are the same (and if I switch back to the SDK v1 they still work). I have the debug option set but it doesn't appear to provide any additional information as to why the same user it not authorized to perform the same function getFederationToken on the same federated user.
Old code that works:
$client = new AmazonSTS();
$policy = new stdClass();
$policy->Statement = [
'Sid' => 'randomstatementid' . time(),
'Action' => ['s3:*'],
'Effect' => 'Allow',
'Resource' => 'aws:s3:::' . $AWS_BUCKET . '*'
];
// Fetch the session credentials.
$response = $client->get_federation_token('User1',array(
'Policy' => json_encode($policy),
'DurationSeconds' => $NUMSECS
));
New code that returns 403 error:
$client = new Aws\Sts\StsClient([
'region' => 'us-east-1',
'version' => '2011-06-15',
]);
$policy = new stdClass();
$policy->Statement = [
'Sid' => 'randomstatementid' . time(),
'Action' => ['s3:*'],
'Effect' => 'Allow',
'Resource' => 'aws:s3:::' . $AWS_BUCKET . '*'
];
try {
$response = $client->getFederationToken([
'Name' => 'User1',
'Policy' => json_encode($policy),
'DurationSeconds' => $NUMSECS,
]);
} catch (Exception $e) {
var_dump($e);
die();
}
The first example returns temporary credentials for the federated user User1.
The second example returns 403 forbidden error (I'm hiding the actual account id):
<Error>
<Type>Sender</Type>
<Code>AccessDenied</Code>
<Message>User: arn:aws:iam::[account id]:user/portal is not authorized to perform: sts:GetFederationToken on resource: arn:aws:sts::[account id]:federated-user/User1</Message>
</Error>
Turns out I was looking at the wrong credentials. I found the correct credentials hard-coded in the script :(
I'm trying to build a simple login using symofny/security package in Silex, but I have a small problem with authentication checking.
The structure:
/
/login
/admin
/login_check
/logout
In order to get to the /admin route user needs to be authenticated, if he's not, he gets redirected to /login form, which then, as recommended, is asking admin/login_check for authentication (that's all provided by symofny's security firewalls).
The firewalls configuration:
'security.firewalls' => array(
'login' => array(
'pattern' => '^/login$',
),
'admin' => array(
'pattern' => '^/admin',
'http' => true,
'form' => array(
'login_path' => '/login',
'check_path' => '/admin/login'
),
'logout' => array(
'logout_path' => '/admin/logout',
'invalidate_session' => true
),
'users' => ...
),
)
Everything works fine, but the user can enter the /login route even-though he's already authenticated, which is not that bad, but I'd like to avoid it. I tired to check the user authentication status, but I guess it does not work as I'm checking it on /login controller, which is not in "secured" area of the website.
Here's the code:
public function index(Request $request, Application $app)
{
if ($app['security.authorization_checker']->isGranted('ROLE_ADMIN')) {
return $app->redirect($app['url_generator']->generate('admin'));
}
return $app['twig']->render('login/index.twig', array(
'error' => $app['security.last_error']($request),
'last_username' => $app['session']->get('_security.last_username'),
));
}
That throws an error: The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL. So, the question, is there any way to do this using symfony/security natively (without any walk-arounds)? or is it somehow possible to create the /login route inside secured area with possibility to access it even-though the user is not logged in (e.g. make an exception for GET request) which would solve the problem?
UPDATE
I've also added the firewall configuration for /login page with an option anonymous: true, which resulted in not throwing an error anymore, but yet, when I'm logged in on the /admin route, method isGranted('ROLE_ADMIN') results in true, whereas on /login route it results in false (I'm still logged in there).
You can easily understand the behavior of the security component by dumping the current token.
public function index(Request $request, Application $app)
{
var_dump($application['security.token_storage']->getToken());
}
When you don't set anonymous option for login page (by default it is false):
null
When you set anonymous option for login page to true:
object(Symfony\Component\Security\Core\Authentication\Token\AnonymousToken)
private 'secret' => string 'login' (length=5)
private 'user' (Symfony\Component\Security\Core\Authentication\Token\AbstractToken) => string 'anon.' (length=5)
private 'roles' (Symfony\Component\Security\Core\Authentication\Token\AbstractToken) =>
array (size=0)
empty
private 'authenticated' (Symfony\Component\Security\Core\Authentication\Token\AbstractToken) => boolean true
private 'attributes' (Symfony\Component\Security\Core\Authentication\Token\AbstractToken) =>
array (size=0)
empty
Following example describes why you are getting error in your initial code example.
How to share security token?
To share security token between multiple firewalls you have to set the same Firewall Context.
SecurityServiceProvider registers context listener for protected firewall you have declared with pattern security.context_listener.<name>. In your example it is registered as security.context_listener.admin. Thus context you want to use is named admin.
Also a firewall context key is stored in session, so every firewall using it must set its stateless option to false.
What is more, to invoke authentication on login page the anonymous option must be set to true
'security.firewalls' => array(
'login' => array(
'context' => 'admin',
'stateless' => false,
'anonymous' => true,
'pattern' => '^/login$',
),
'admin' => array(
'context' => 'admin',
'stateless' => false,
'pattern' => '^/admin',
'http' => true,
'form' => array(
'login_path' => '/login',
'check_path' => '/admin/login'
),
'logout' => array(
'logout_path' => '/admin/logout',
'invalidate_session' => true
),
'users' => ...
),
)
After the change, if you are logged in on admin panel and login page you will get an instance of Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken as a token and
Symfony\Component\Security\Core\Authentication\Token\AnonymousToken if you are not logged in.
Because of that, you can safely check permission using $app['security.authorization_checker']->isGranted('ROLE_ADMIN') and get the same results on both firewalls.
I have installed cakephp 3.0.10 having mssql database now i have configured my wamp (php 5.5.12) with
extension=php_sqlsrv_55_ts.dll
extension=php_pdo_sqlsrv_55_ts.dll
& php info showing that sqlsrv is configured.
I have configured App.php with following code
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Sqlserver',
'persistent' => true,
'host' => 'mypc\SQLEXPRESS',
'username' => '',
'password' => '',
'database' => 'testdbname',
'encoding' => 65001,//PDO::SQLSRV_ENCODING_UTF8,
'timezone' => 'UTC',
'cacheMetadata' => true,
'quoteIdentifiers' => false,
To check whether connection is working or not i created a index.php file and fetched data from a test db created in sql magt. 2012 Now problem is cake php is not getting connected with database and it is showing following error
Database driver Cake\Database\Driver\Sqlserver cannot be used due to a missing PHP extension or unmet dependency
Exception Attributes: array (
'driver' => 'Cake\\Database\\Driver\\Sqlserver',
)
crud operation are going well in index.php ( test file ) but cakephp flashing error
Please help me to sort this out.
Thanks in advance
I have to send a lot of emails distributed over the whole day with ZF2 and I'm using Zend\Mail\Transport\Smtp. I have the mails in a queue table and once a minute I want to send them. Everything works fine until 5th email, where I receive an error : Zend\Mail\Protocol\Exception\RuntimeException
4.7.0 Too many RSET commands; closing connection
I guess this is coming from the smtp server. But why does ZF2-Smtp reset each message? I don't know where to start debugging the problem and if you need more informations just let me know. Thx for any help...
What I'm using is:
$transport = new SmtpTransport();
$options = new SmtpOptions(array(
'host' => $config['mail_options']['server'],
'port' => $config['mail_options']['port'],
'connection_class' => 'login',
'connection_config' => array(
'username' => $config['mail_options']['smtp_user'],
'password' => $config['mail_options']['smtp_password'],
'ssl' => $config['mail_options']['ssl'],
),
));
foreach ($queuedMails as $queuedMail) {
$message = new Message();
$message->addTo($data['to'])
->addFrom($config['mail_options']['from'], $config['mail_options']['from_name'])
->setSubject($data['subject'])
->setBody(utf8_decode($data['body']))
->setEncoding('utf-8');
$transport->setOptions($options);
$transport->send($message);enter code here
}
Should I place the $transport into the foreach?