I'm trying to send data using ajax POST request but I'm always redirected to login page even if I authorize the method to anonymous users (['actions' => ['update', 'test'], 'allow' => true]). When I test with a GET request there is no problem.
My controller :
public function behaviors() {
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
['actions' => ['update', 'test'], 'allow' => true],
],
],
];
}
public function actionTest() {
Yii::$app->request->enableCsrfValidation = false;
echo 'ok';
}
I use Postman to test requests
The solution you used is not a solution actually, its like if you cant open the lock with a key just remove the lock.
Mostly you get the 400 Bad Request if you are making an Ajax Post request without sending the CSRF parameters, I never faced the problem like being redirected to the login page.
But if your problem is resolved by disabling the CSRF Validation then you should follow this method while making any ajax requests.
In your config, you define the csrf parameter name using csrfParamin the request component like this
'request' => [
'csrfParam' => '_csrf-app',
],
This can be different for you if it is already defined.
You have to send this param _csrf-app with the csrf value in the ajax request along with your post data. and for retrieving the value for the csrf you can use javascript yii.getCsrfToken() method, or Yii::$app->request->csrfToken if in view via php.
See this example call you can hardcode the name of the param _csrf-app or use Yii::$app->request->csrfParam if your script is inside the view file.
$.ajax({
url:'/add',
data:{'_csrf-app':yii.getCsrfToken()}
success:function(data){}
});
Hope this solves your problem.
lubosdz's suggestion solved the problem
Modified controller :
public function behaviors() {
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
['actions' => ['update', 'test'], 'allow' => true],
],
],
];
}
public function beforeAction($action) {
if ($action->id == 'test') {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
public function actionTest() {
echo 'ok';
}
I found a solution that looks a bit like yours Muhammad Omer Aslam : by serializing the form in JavaScript I can send directly all the fields and the csrf token generated by the ActiveForm.
$.ajax({
url: ...,
type: 'POST',
data: $('#myForm').serialize(),
success: (response) => { ... }
})
Related
Before for submitting I want to send the request to an action. But in return I get 404 not found. The action is obviously there. Also got it in the filters of the controller.
JS:
$('#home-contact').on('beforeSubmit', function(){
$.ajax({
method: 'post',
url: '/site/send-contact',
data: new FormData($(this))[0],
success: function(data){
console.log(data)
}
})
return false
})
Controller filters:
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup', 'send-contact'],
'rules' => [
[
'actions' => ['signup', 'send-contact'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['#'],
],
],
],
And the action also :
public function actionSendContact()
{
Yii::$app->response->format = Response::FORMAT_JSON;
$model = new Contact();
if($model->load(Yii::$app->request->post()) && $model->save()){
return $data['success'] = Yii::t('app', 'Successfully sent message.');
}
return $data['error'] = Yii::t('app', 'Something went wrong. Please try again.');
}
The scenario happens in the frontend if that matters somehow. Thank you!
Not sure about the 404 you are having as the url in the request is correct and the url that would be generated for the ajax request will be like http://example.com/site/send-contact but only if you are using the 'enablePrettyUrl' => true, for the urlManager component, otherwise it should be like index.php?r=site/index that could only be the reason behind the 404, a better way is to get the url from the form action attribute.
Apart from above,
You are using the new FormData() to send the data with the request like
data: new FormData($(this))[0]
which isn't correct and won't send any FormData with the request as it will return undefined, you can check the console or by using the print_r($_POST) inside the action sendContact once you are done with the 404, it should be
data: new FormData($(this)[0]),
you need to get the form via $(this)[0] and pass to the new FormData().
But this is not enough you have to set the contentType and processData to be false to correctly submit the FormData or you will get the exception in console
Uncaught TypeError: Illegal invocation
So your code should be like
$('#contact-form').on('beforeSubmit', function(){
let url=$(this).attr('action');
let form=$(this)[0];
let data=new FormData(form);
$.ajax({
method: 'post',
url: url,
data:data,
contentType: false, // NEEDED, DON'T OMIT THIS (requires jQuery 1.6+)
processData: false,
success: function(data){
console.log(data)
}
});
return false;
})
EDIT
Note: Above all you should use data:$(form).serialize() simply rather than using new FormData() until unless you are planning to upload files along with the form using ajax.
URL in JavaScript seems to be not fully specified.
The valid way would be:
url: 'index.php?r=site/send-contact',
But this works only if your index.php is in root folder.
To make it work with any situation (e.g., index.php is not in root), then you have different solutions. I personally like to use this:
Declare action and id in your form:
Example:
$form = ActiveForm::begin([
'action' => ['site/send-contact'],
'id' => 'my-form',
]);
Use a link (that is generated by Yii2 itself) in your JS code:
Example:
$('#home-contact').on('beforeSubmit', function() {
$.ajax({
method: 'post',
url: $('#my-form').attr('action'),
data: new FormData($(this))[0],
success: function(data) {
console.log(data)
}
});
return false;
});
This should work in all cases, whenever your files are.
Hope that helps!
did you add 'enableAjaxValidation' => true or add action name in active form?
$form = ActiveForm::begin([
'action' => ['controller/action'],
'enableAjaxValidation' => true
]);
I made a Zend Framework 3 MVC application. I don't want a default router. My one controller RESTFUL and only returning JSON. I want to remove the default IndexController. I want / to just give a 404 error. I'd prefer not to call any route 'home' but will do that if necessary.
If I make my route config look like this:
'router' => [
'routes' => [
'myRoute' => [
'type' => Segment::class,
'options' => [
'route' => '/myThing[/:action]',
'defaults' => [
'controller' => Controller\MyThingController::class,
'action' => 'index',
],
],
],
],
],
I get the following exception when I connect to a route that worked when I kept the default index controller in my browser:
Fatal error: Uncaught Zend\Router\Exception\RuntimeException: Route with name "home" not found in /var/www/vendor/zendframework/zend-router/src/Http/TreeRouteStack.php on line 354
If I change 'myRoute' => [ to 'home' => [ It renders the default layout instead of the Json rendered by JsonViewModel.
I just put an IndexController with a default route that renders the defautl 404 page for now. I'm going to make it return JSON at some point when I figure out how.
class IndexController extends AbstractRestfulController
{
public function indexAction()
{
$this->response->setStatusCode(Response::STATUS_CODE_404);
}
}
I'm not sure if this is what your after but to return a json response from your controller use.
In your module config:
'view_manager' => array(
'strategies' => array(
'ViewJsonStrategy',
),
},
and in your controller:
use Zend\View\Model\JsonModel;
// ...
public function indexAction()
{
$this->response->setStatusCode(Response::STATUS_CODE_404);
$view = new JsonModel();
$view->jsonVariable = 'someValue';
return $view;
}
This will return a json response.
Hope this helps.
I need to override the recipient email for every instance of Swiftmailer's send() function throughout my Yii2 application. This is for the purpose of load testing.
Is there an easy way to do this? Or at least a way to do it without editing Swiftmailer's vendor files?
If this is for test only why not set useFileTransport so emails will be saved in the folder of your choice instead of being sent. To do so configure it like this:
'components' => [
// ...
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
'useFileTransport' => true,
],
],
This will save all emails in the #runtime/mail folder, If you want different one set:
'mailer' => [
// ...
'fileTransportPath' => '#runtime/mail', // path or alias here
],
If you want to still send emails and override recipients you can for example extend yii\swiftmailer\Mailer class.
class MyMailer extends \yii\swiftmailer\Mailer
{
public $testmode = false;
public $testemail = 'test#test.com';
public function beforeSend($message)
{
if (parent::beforeSend($message)) {
if ($this->testmode) {
$message->setTo($this->testemail);
}
return true;
}
return false;
}
}
Configure it:
'components' => [
// ...
'mailer' => [
'class' => 'namespace\of\your\class\MyMailer',
// the rest is the same like in your normal config
],
],
And you can use it in the same way you use mailer component all the time. When it's time to switch to test mode modify the configuration:
'mailer' => [
'class' => 'namespace\of\your\class\MyMailer',
'testmode' => true,
'testemail' => 'test222#test.com', // optional if you want to send all to address different than default test#test.com
// the rest is the same like in your normal config
],
With this, every email will be overridden with your recipient address.
I have a route group that looks like this:
Route::group(['prefix' => 'recipe','middleware'=>['auth.basic']], function (){
//Some things to do
});
When credentials are invalid Laravel outputs "Invalid credentials." How do I override this response with my own JSON response?
In AuthController, try this :
public function postLogin(Request $request)
{
$this->validate($request, [
'email' => 'required', 'password' => 'required',
]);
$credentials = [
'email' => $request->input('email'),
'password' => $request->input('password')
];
if (Auth::attempt($credentials, $request->has('remember')))
{
return redirect()->intended($this->redirectPath())
->with('success', 'You are successfully logged in');
}
return Response::json(array(
'success' => false,
'errors' => $this->getFailedLoginMessage(),
));
}
I just had a look at the Illuminate\Auth\SessionGuard. The method getBasicResponse() seems to be responsible for the response on a failed login attempt (with basic auth).
protected function getBasicResponse()
{
$headers = ['WWW-Authenticate' => 'Basic'];
return new Response('Invalid credentials.', 401, $headers);
}
How to actually overwrite it seems a little tricky though. You probably need to extend the SessionGuard Class and implement your own getBasicResponse() method. Thats the easy part, how to actually instantiate your own guard instead of the default one, I don't know yet.
I have the main controller from which the others are inherited. Code is something like this
public function init()
{
$this->on('beforeAction', function ($event) {
...
if (Yii::$app->getUser()->isGuest) {
$request = Yii::$app->getRequest();
// dont remember login page or ajax-request
if (!($request->getIsAjax() || strpos($request->getUrl(), 'login') !== false)) {
Yii::$app->getUser()->setReturnUrl($request->getUrl());
}
}
}
...
});
}
It works perfectly for all pages, except the page with captcha. All the pages with captcha are redirected to something like this - /captcha/?v=xxxxxxxxxxxxxx
If the object is logged Yii::$app->getRequest() then I see that for pages with captcha it is used twice. For the first time the object is corect, and the second time I see the object with captcha.
How can I solve this problem with yii? Is there a chance not to track the request for captcha?
The default (generated) controller uses something like this:
public function actions()
{
return [
'captcha' => [
'class' => 'yii\captcha\CaptchaAction',
],
];
}
Does your controller contain something like this?
This means that there is an action "captcha" that is used for displaying captchas (it returns the image). When you have a page displaying a captcha the image is called after the page you want to return to. Therefore that latest page visited is the one with the captcha.
I think you have to filter out this action.
Another possibility could be to use the default $controller->goBack() method. I think this handles registering of the returnUrl by default.
Reference: Class yii\web\Controller
Guid security authorization
Use Access Control Filter(ACF) in your controller.
use yii\web\Controller;
use yii\filters\AccessControl;
class SiteController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['login', 'logout', 'signup'],
'rules' => [
[
'allow' => true,
'actions' => ['login', 'signup'],
'roles' => ['?'],
],
[
'allow' => true,
'actions' => ['logout'],
'roles' => ['#'],
],
],
],
];
}
// ...
}