Menu
i'm trying to use the before filter of symfony 2.7 to do authentication. my event listener is as follows
class TokenListener {
protected $dm;
function __construct() {
}
public function setDocumentManager(DocumentManager $dm) {
$this->dm = $dm;
}
public function onKernelController(FilterControllerEvent $event) {
$controller = $event->getController();
if (!is_array($controller)) {
return;
}
if ($controller[0] instanceof TokenAuthenticatedController) {
$content = $event->getRequest()->getContent();
$json = json_decode($content,true);
$authId = $json['authId'];
$authToken = $json['authToken'];
echo "authId: {$authId}, authToken: {$authToken}\n";
$user = $this->dm->getRepository('HcUserBundle:User')
->createQueryBuilder()
->field('authId')->equals($authId)
->getQuery()
->getSingleResult();
if (!isset($user) || $user->getAuthToken() != $authToken) {
throw new AccessDeniedException('This action needs a valid token!');
}
}
}
}
but i got 500 error, and symfony error log says
Uncaught PHP Exception Symfony\Component\Security\Core\Exception\AccessDeniedException: "This action needs a valid token!"
instead of getting a 403 error, I also tried to use the AccessDeniedHttpException and have the same problem, does anyone know how to generate a 403 response here? Thanks
292
you can also just return a new response, setting the status code to Codes::HTTP_FORBIDDEN
return new Response("This action needs a valid token!", Codes::HTTP_FORBIDDEN);
EDIT: nope this might not work since your in a listener ...
EDIT: are you sure it produces a 500 in your prod env aswell, not just on app_dev
EDIT: it SHOULD work this way, in a listener :
$response = new RedirectResponse("someUri", Codes::HTTP_FORBIDDEN);
$event->setResponse($response);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
