Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Response 401 in Hybrid Controller
  • ashizakpashizakp
    Dear,


    here, You may see, in before block, i have auth check. but even though i have put return statement in before block. the code still go to render. 

    What i want is to stop further execution of all child controllers of backend if Auth is failed.
  • HarroHarro
    Most logical is

    throw new HttpNoAccessException();

    A controller renders every returned value, so you can only escape the flow using "throw" or by doing a Response::redirect().
  • ashizakpashizakp
    it is 403 which is no Access to content

    i need unauthorized 401.
    i think fuel has option to create custom handler.. how i do that.. advice please
  • HarroHarro
    You can't return 401, unless you also return a basic authentication challenge.

    The RFC says:

    The server generating a 401 response MUST send a WWW-Authenticate header field1 containing at least one challenge applicable to the target resource.

    If the request included authentication credentials, then the 401
    response indicates that authorization has been refused for those
    credentials. The user agent MAY repeat the request with a new or
    replaced Authorization header field2.
    If the 401 response contains the same challenge as the prior response,
    and the user agent has already attempted authentication at least once,
    then the user agent SHOULD present the enclosed representation to the
    user, since it usually contains relevant diagnostic information.

    Since Fuel doesn't use basic authentication, it doesn't have any provisions to send WWW-Authenticate headers back.

    If you want to use basic or digest authentication, you can use the set_header() method of the response object to set response headers and use the set_status() method to set the HTTP status. Do not use the object property directly if a setter is available, it might not be public in future releases.

  • ashizakpashizakp
    i have two scenario.

    1 - User May access Auth Required Session, So i have created exact way in angularjs which will redirect to login page only if it received '401' // Or Any Error code i specify.. Must be Error. not 200

    2 - User May access Non Access Area.... Your Answer is Perfect solution,,,, Fixed At all.


    Bit (1) ... How i do that.. Since Fuelphp can only provide 403 Error code.  Or I need to Set the body of Error Response.. 

    Kindly Help
  • HarroHarro
    Fuel can return any status you want, just set the desired status on the Response object before you return it. see http://fuelphp.com/docs/classes/response.html
  • ashizakpashizakp
    Dear,

    It is not Working

    this too i tried in Many way

    if(!\Auth::check()){
    return $this->response->set_status(401);
    }
  • ashizakpashizakp
    Hope Your Wil Provide Immediate Assistance.. I tried this around 24 hr 
  • HarroHarro
    You can not return anything in your before(), before is a prepping method, after it your action will always be called, unless you redirect to somewhere else.

    You need to do this in your action.

    If you want to do it in one place, you need a router() method. It then has to check for the auth status, and if not ok, set your status (note: 401 is still invalid without a WWW-Authenticate header, didn't you read the RFC text? Use another status value). If it is ok, it needs to call the action.

    You can find a good example of a router() method in the Hybrid base controller \Fuel\Core\Controller_Hybrid.
  • ashizakpashizakp
    Dear,

    My calling method is in users controller
    Which is extended from backend controller

    So when I call users.... The before block in users controller get executed.. but auth check is in backends before()..


    So this approach make centralized auth check... But it can't respond with new response like 401.. or anything... Kindly provide me example Harro..

  • HarroHarro
    Accepted Answer
    If you insist handling it in a before() method, there are only two options:
    - redirect to another page that returns your status
    - throw an exception that returns your status

    If you want to go the exception route, just look at how HttpNoAccessException is implemented (also check your index.php) and create your own exception class.
  • ashizakpashizakp
    i have created New Exception HttpNotAuthenticatedException . and added to bootstrap.php

    Works Like What i wanted...


Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion