there is this code below in sfDoctrineGuardPlugin.
$a = sfConfig::get('app_sf_guard_plugin_success_signin_url');
var_dump($a);
$signinUrl = sfConfig::get('app_sf_guard_plugin_success_signin_url', $user->getReferer($request->getReferer()));
var_dump($signinUrl);
var_dump($user->getReferer($request->getReferer()));
It prints this:
null
string
'http://rs3.localhost/frontend_dev.php/'
(length=38)
string
'http://rs3.localhost/frontend_dev.php/miembros' (length=46)
I don't know why the the second and the third lines are different..any idea?
Regards
Javi
Weird. Spooky.
I wonder if maybe the two calls to getReferer() are in different contexts? Maybe the first (as the second arg to sfConfig::get()) implicitly uses __toString() whereas when you use var_dump(), maybe it's printing the raw value of the referer object?
Hrmm... the API says getReferer() returns a string, so that's probably not it.
What are you trying to do, BTW? Is it not honoring your app_sf_guard_plugin_success_signin_url setting from app.yml?
sfDoctrineGuardPlugin sets a referer attribute in the user, so that it can redirect back to the page originally requested. When you call getReferer it removes the attribute. (This is causing bugs for me, which is what brought me here.)
yitznewton pointed me towards a solution. The sfGuardSecurityUser class uses a method setReferer that saves a referer attribute but only if one is not yet set.
If somehow you manage to get to the executeSignin method in the sfGuard actions twice only the first referer attribute will be saved, this means that the second time the referer in the request and the referer in the user attribute can be different.
The getReferer method removes that attribute, and falls back to the request referer when the attribute is not set. this explains why calling $user->getReferer($request->getReferer()) twice returns different values sometimes.
The solution i found was to overwrite the setReferer method of the sfGuardSecurityUser in the myUser class:
public function setReferer($referer) {
$this->setAttribute('referer', $referer);
}
So far i have not found any side effects, this change ensures the user attribute will allways be the most recent, however there has to be a reason to explain why the symfony folk chose to implement this as it was.
Ive tested this by switching between apps on the login screen, allowing the session to die, killing the session manually and normally using the application and so far i have not found any side effects.
Related
I've got a WebFilter that redirects to the login page in my application. In order to redirect back to the referring page I've also added a view parameter called redirectOnLogin which is then used on successful logins in order to perform the final navigation.
If one were to manipulate this query parameter, one could easily provoke JSF navigation errors. I would therefore like to pre-empt this by checking that the outcome is valid but I've not been able to uncover a mechanism for pre-validating a JSF outcome.
Easiest and best is to make sure the redirectToLogin parameter cannot be manipulated. Or that manipulation is detected.
You could solve this in (at least) two ways
Taking the original page name, adding a 'salt' to it and creating a hash.
Addin this has that in the request to the login server
Make sure it is returned by the login server (maybe adding it as # to the return page or as a param.
On receiving it on the 'redirectOnLogin' page, use the page name, the same salt and create a hash in the same way. Compare these and if they match you are fine, if they don't throw an error.
Or you could
Store the 'redirectOnLogin' page in a session to
Check on returning from the login server if it matches with the page you end-up on.
I've searched a lot to try and solve this problem, but I'm not quite sure what to search for. I didn't really manage to find anything.
Essentially I'm working on a website in which users can register for an event. However, if the user is not logged in, I need to redirect them to the registration screen. This much I've been able to accomplish without much difficulty. However I need to redirect back to the event that they attempted to register for.
My real problem is that the URL of the page I need to return to contains an a parameter, and I'm not sure how to make the registration page take that parameter into account when it redirects back.
Currently when an anonymous user tries to go to
http://[...].com/drupal/?q=civicrm/event/register&id=6
I have it redirect you to
http://[...].com/drupal/?q=user/register&destination=civicrm/event/register&id=6
However, once the form is submitted the "&id=6" is not taken as part of the destination parameter, which means you just go to.
http://[...].com/drupal/?q=civicrm/event/register
Which is not a valid page.
Is there a way for me make the destination parameter include "&id=6"?
On a whim I've also tried.
[...]destination='civicrm/event/register&id=6'
[...]destination="civicrm/event/register&id=6"
[...]destination=civicrm/event/register#id=6
You need to url-encode the value for your destination. Try this:
[..]destination=civicrm/event/register%3Fid%3D6
%3F is hex code for question mark (?), %3D is code for equals (=).
I ask this because I have a form with a radio button set to nil :
= f.radio_button :estimate_type, nil
I have debugger right at the beginning of my method call :
def create
debugger
When I hit the debugger, I check out my params, and they say the value is on not nil.
Enter Insanity wolf. Somehow this is getting converted on click. And I've scoured the entire app looking for possibly a leaky javascript file, or anything closely resembling the word 'on'. I've checked all my bases. Defaults in schema.rb, jquery click events, model validations, you name it. Nothing with the word "on" anywhere.
So the real question is, is there a way I can throw a debugger in a place in which if I were to click submit, the debugger would appear before the model validation, and then hopefully where the params are still what they are in the form. And then I can follow it down the trail and see where it goes wrong.
It doesn't have anything to do with your JavaScript. This is something that I've experienced before as well, but I'm not sure why it converts nil to 'on'. I do know that passing in :nil as a symbol returns a null string, as well as just simply passing in false.
A better approach to trying to solve your problem may be to put the debugger in the validation callback itself.
Nothing to do with rails - you could verify this by using your browser's network inspector to see that the browser is actually sending the parameter value "on".
By trying to set the value to nil (which doesn't really make sense - parameter values are always strings) you're suppressing the value attribute entirely from the generated HTML.
The standard says that in this case the default value for the input shall be "on" and so that is what your browser submits.
First time user long time reader. I have thoroughly looked for an explanation for the problem I'm having via the mighty search engine Google, but alas I have failed to produce any significant insight.
I need to be able to ensure that a model form is not reloaded with invalid data. Since the model stored in memory on the server is edited directly with the parameters of the web form first, and THEN checked for validity, without additional code invalid model data will ALWAYS be sent back to the form. This is less than desirable to me. My question is this: how do I ensure this doesn't happen?
What I'm thinking is I need some mechanism for saving the state of the object before it's modified with the parameters sent from the web form, and then after a failed validation restore the object to it's previous, correct and unmodified state of being.
Help!
Thanks,
Les
The object isn't actually modified in the db if validation fails, even though the object is in an invalid state in the form ... the thinking behind this is that the user wants to see the errors they made so they can correct them.
If you don't want that to be the case, then just read back the object with a WhateverObject.find(x) and assign it to the variable that the form is referencing and it will 'restore' the object to its previous unmodified state.
To add to what concept47 said you can also get the value for a particular field using
object.field_was
Have a look at ActiveRecord::Dirty for details (http://ar.rubyonrails.org/classes/ActiveRecord/Dirty.html)
Using that you could retrieve the original values for just those fields that had validation errors.
I'm facing a strange problem in my project. My actions are getting old param values instead of the actual values which are in Request.Params. I created a HomeController.Echo(string text) action to illustrate it (see screenshot). When I call the action for the first time like "Home/Echo?text=aaa" everything works fine. When I call the same action second time with different text value ("Home/Echo/text=bbb"), I get the old "aaa" value again in my action "text" parameter. Strange think is that Request.Params contains the right "bbb" value.
I'm thinking if there's something I could break myself, but can't figure out anything. I'm serving controllers from IoC container, I overrided ControllerActionInvoker.InvokeActionMethodWithFilters method (to inject dependencies into filters from IoC) and I'm handling HttpApplication.AuthenticateRequest. Im'not working with params/binding anyhow in any of these...
screenshot
The problem was caused by some threading issues probably - I forgot to register controllers in my IoC container with per-request lifecycle (they were registered as singletons).
Have you debugged through the application to see where the value is getting switched out. A simple watch on the text variable (whatever you call it in the code) should yield where the variable gets changed. Without code to run through, I have no clue where it is happening.
I would say write a test, but there is still a possibility of UI interfering here. If you find where in the code it is changing, then write a test to confirm the bug and start whacking at it.
I suggest you to start commenting all the methods you overrode until you isolate the problem. In worst case you will get to the point where the ASP.NET MVC wizard left your project when you created it and where parameter binding definitely worked.