Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Ignore option is not working #192

Closed
itsmeJithin opened this issue Sep 28, 2020 · 8 comments
Closed

Ignore option is not working #192

itsmeJithin opened this issue Sep 28, 2020 · 8 comments

Comments

@itsmeJithin
Copy link

I have added this middleware to my REST API project. But I'm ignored refresh token URL from the token authentication mechanism. But it's not working.
This project hosted with the base URL http://myproject.test/common/
This is my middleware code

$app->add(new \Slim\Middleware\JwtAuthentication([
    "secure" => false,
    "attribute" => "jwt",
    "secret" => $GLOBALS['JWT_SECRET'],
    "algorithm" => ['HS512'],
    "path" => ["/api"],
    "ignore" => ['/api/v1/user/refresh-token'],
    "error" => function ($request, $response, $arguments) {
        $data["status"] = "error";
        $data["message"] = $arguments["message"];
        return $response
            ->withJson($data);
    }
]));

After debugging the JwtAuthentication class I couldn't find the usage of the $options['ignore] option. is it still available?
or did you change the working principles? Or any mistakes in my code?

@itsmeJithin
Copy link
Author

@tuupola Please update the solution

@tuupola
Copy link
Owner

tuupola commented Sep 29, 2020

https://github.com/tuupola/slim-jwt-auth/search?q=%24options%5B%22ignore%22%5D

You did not mention which framework you are using, but for example Slim 4 has changed how it handles apps installed in subfolder. This is not an issue with the middleware. Instead it is considered a framework feature.

To work around this you could try setting ignore as the following:

"ignore" => ['/common/api/v1/user/refresh-token'],

@itsmeJithin
Copy link
Author

itsmeJithin commented Sep 29, 2020

@tuupola I'm using Slim 3.
this is my app.php

<?php
ob_clean();
require '../vendor/autoload.php';

// Constant refers to the base source folder
define('SOURCE_DIR', getcwd() . '/../src/com/package/common/api');

$app = new \Slim\App([
    'settings' => [
        // set env variable DEBUG as true in nucleus conf for debug mode
        'debug' => getenv('DEBUG') === "true",   // change to false in production
        'addContentLengthHeader' => false,
    ]
]); // change to false for production


$container = $app->getContainer();

require_once __DIR__ . '/middlewares.php';
require_once __DIR__ . '/controllers.php';

require_once __DIR__ . '/routes.php';

@itsmeJithin
Copy link
Author

"ignore" => ['/common/api/v1/user/refresh-token'], this is not working. This application is installed in subfolder

i have tried

$app->add(new \Slim\Middleware\JwtAuthentication([
    "secure" => false,
    "attribute" => "jwt",
    "secret" => $GLOBALS['JWT_SECRET'],
    "algorithm" => ['HS512'],
    "path" => ["/common"],
    "ignore" => ['/common/api/v1/user/refresh-token'],
    "error" => function ($request, $response, $arguments) {
        $data["status"] = "error";
        $data["message"] = $arguments["message"];
        return $response
            ->withHeader("Content-Type", "application/json")
            ->withHeader('Access-Control-Allow-Origin', '*')
            ->withJson($data);
    }
]));

and

$app->add(new \Slim\Middleware\JwtAuthentication([
"secure" => false,
"attribute" => "jwt",
"secret" => $GLOBALS['JWT_SECRET'],
"algorithm" => ['HS512'],
"path" => ["/"],
"ignore" => ['/common/api/v1/user/refresh-token'],
"error" => function ($request, $response, $arguments) {
$data["status"] = "error";
$data["message"] = $arguments["message"];
return $response
->withHeader("Content-Type", "application/json")
->withHeader('Access-Control-Allow-Origin', '*')
->withJson($data);
}
]));

but all these not working.
NB: $request->getUri()->getPath() returns /api/v1/user/refresh-token

@tuupola
Copy link
Owner

tuupola commented Sep 29, 2020

With Slim 3 you should not need to use /common prefix with the ignore option. What is the output of:

$ curl --include http://myproject.test/common/api/v1/user/refresh-token

?

@itsmeJithin
Copy link
Author

I'm using prefix /api.
The output is

HTTP/1.1 401 Unauthorized
Date: Tue, 29 Sep 2020 08:32:29 GMT
Server: Apache/2.4.41 (Unix) PHP/7.2.33
X-Powered-By: PHP/7.2.33
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: application/json

{"status":"error","message":"Token not found"}%  

@tuupola
Copy link
Owner

tuupola commented Sep 29, 2020

Have you tried with latest version? Looking at the example code you seem to be using the old 2.x branch. There was a related bug which was fixed couple of years ago.

@tuupola
Copy link
Owner

tuupola commented Oct 30, 2020

No feedback.

@tuupola tuupola closed this as completed Oct 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants