slim-jwt-auth icon indicating copy to clipboard operation
slim-jwt-auth copied to clipboard

Published 20 hours ago verified publisher icon tuupola

Access attributes in ignored paths

Open simensol opened this issue 6 years ago • 2 comments

Let's say I have a route \publicinfo that is accessible to both guests and registered users ('ignore' => ['/publicinfo']). How can I access the jwt attributes using $request->getAttribute("jwt") for registered users when they access \publicinfo? Since \publicinfo is added to ignore, the jwt attributes are never added to the $request object. However, if I remove \publicinfo from ignore, guests are not able to reach the route.

simensol avatar Jan 25 '19 14:01 simensol

You could remove /publicinfo from ignore and use northwoods/conditional-middleware to execute tuupola/slim-jwt-auth middleware only if request has a token.

tuupola avatar Jan 29 '19 07:01 tuupola

I did it another way:

Let your /publicinfo path in path so that the user has to have a valid JWT.

When a guest user tries to access it, the middleware will return a 401, which is expected. The trick is to use the error option of the middleware to catch this situation and do whatever you want.

$app->add(new Tuupola\Middleware\JwtAuthentication([
    "path" => ["/publicinfo"],
    "error" => function($response, $arguments) use ($container) {
        if ($response->getStatusCode() === 401) {
            // The user is NOT authenticated, maybe display the login form:
            $response = $container->get('renderer')->render($response, 'publicinfo.html');
        } else {
            // Another error happened. Display an error message.
            $response = $container->get('renderer')->render($response, 'error.html');
        }

        return $response;
    },
]));

Frzk avatar Apr 04 '19 16:04 Frzk