Category: Resources

Categories
Resources Web Development

Symfony 5+ check if user is logged in inside a twig template

Get authenticated

Often you may need to know whether a user is logged in or not inside a template to show or not show something. For example you might want to show links to login or register if a user is not logged in but show a link to logout if the user is logged in.

To do this you use is_granted() within a template with one of the following.

IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED, IS_AUTHENTICATED_FULLY

<div class="modal-body">
<ul class="nav flex-column">
{% if is_granted('ROLE_SUPER_ADMIN_1') %}
<a class="nav-link" href="{{ path('show_dash') }}">Dashboard</a>
{% endif %}
{% if is_granted('ROLE_USER') %}
<a class="nav-link" href="{{ path('app_logout') }}">Logout</a> {% else %}
<a class="nav-link" href="{{ path('app_login') }}">Login</a> or <a class="nav-link" href="{{ path('app_register') }}">Signup</a> {% endif %}
</ul>
</div>

Using ROLE_SUPER_ADMIN_1 which is something I made up for my own app to check what type of admin the user is. I don’t really like the IS_AUTHENTICATED_* methods, read more about them in the link below if you want.

Link to more information about IS_AUTHENTICATED_* here in  a really old symfony cast I found via google.

Categories
Resources Web Development

PHP resource links

What’s New in PHP 8 (Features, Improvements, and the JIT Compiler)

Categories
Resources Software Development Web Development

HTTP headers and caching resources.

Resources all about HTTP headers and caching.

Caching tutorial -> great article to start with, explains all the basics of caching.

Hypertext Transfer Protocol (HTTP/1.1): Caching  rfc spec

Categories
Resources Web Development

How to create a cookie in Symfony 5.0+ and render a template in a controller

How to create cookies in symfony
Creating cookies in symfony

First what I wanted to do was create a cookie in a Controller and display a template at the same time. Sort of like when a user visits a page you set a page count or something. The documentation doesn’t really show an example, you are expected to know it via “common sense” apparently according to one smartass.

There is more than one way I have discovered over time. Apparently you can use render the same way I show using renderView.

Below is the Symfony Cookie class create method comment/documentation. This is all of the values you can supply when creating a cookie.

 /**
     * @param string                        $name     The name of the cookie
     * @param string|null                   $value    The value of the cookie
     * @param int|string|\DateTimeInterface $expire   The time the cookie expires
     * @param string                        $path     The path on the server in which the cookie will be available on
     * @param string|null                   $domain   The domain that the cookie is available to
     * @param bool|null                     $secure   Whether the client should send back the cookie only over HTTPS or null to auto-enable this when the request is already using HTTPS
     * @param bool                          $httpOnly Whether the cookie will be made accessible only through the HTTP protocol
     * @param bool                          $raw      Whether the cookie value should be sent with no url encoding
     * @param string|null                   $sameSite Whether the cookie will be available for cross-site requests
     *
     * @throws \InvalidArgumentException
     */

If you create a cookie like this :

$response->headers->setCookie(Cookie::create('foo', 'bar'));

Then the cookie will only live/exist until the user closes their browser(unless your browser restores from your last session). You must supply an expires time to make it persist beyond closing the browser. Providing an expires time gives you better control over when the cookie expires due to the above mentioned browser restore issue which will restore cookies that should have died on browser close.

You can also create the cookie then pass it to setCookie() like this.

 $response = new Response();
        $expires = time() + 36000;
        $cookie = Cookie::create($cookieName, $cookieValue,  $expires);
        //$cookie = $response->headers->setCookie(Cookie::create('foo', 'bar'));
        $response->headers->setCookie($cookie);

        $content = "<html><body><h1>Learning symfony cookie creation techniques?</h1></body></html>";
        $response->setContent($content);
        $response->headers->set('Content-Type', 'text/html');
        return $response;

Here I set the expires to a number,  time() returns a linux/unix timestamp and I added 36000 seconds or 10 hours to it. This cookie will exist until the user refreshes their page or clicks a link in 10 hours from creation. However long you want it to live you add that many seconds. Or you could create a date using PHP DateTime as you can pass a DateTime object to the expires position. You then use the methods of DateTime to increase the time to a period in the future and pass the DateTime object after calling the methods to do so.

Side Note : in the above code, you can create a cookie without the $response->setContent() call. I do that with the body tag so that the profiler will show up at the bottom of the page for debugging.

That code goes inside a controller method for the requested route by the way. Usually you use the render() method inside a controller to send a response, which renders the template and sends it in a response. You can also use renderView to do the same thing and capture the value in a variable then use setContent or just make the renderView call right in setContent. I know that works. You can also store the returned value from render the same way.  But no matter how you do it, you must return the response object, the very last line. You can find all the methods of the Response class here in the source code.

If you wanted to render a view which requires variables to be sent you do it like this and capture the output of renderView().


 $content = $this->renderView('blog/display_article.html.twig', [
            'title' => $title,
            'article' => $article,
            'tags' => implode(', ', $tags),
            'tagLinks' => $links,
            'edit' => $editLink,
            'affiliateUrl' => $affiliateUrl,
            'backButton' => $backButton
        ]);

Note : do not just use php setcookie or setrawcookie. The reason is they start sending output headers to the browser, which may interfere with how symfony works. You probably won’t notice in a browser, but you may get errors when testing your controllers with functional tests etc.

Personally I created a huge class which extends DateTime which has all kinds of methods for adding days, hours, removing them and doing other math. I’d share it on github but it has bugs since I wrote it way back in version 5 of php in 2012. Some changes were made to DateTime and I haven’t had time to review them all and hunt down the changes that need to be made yet. I’ll probably do it and add it to github eventually.  But for now I use time() + seconds. It’s not the best solution but it works and I only need this one cookie.

And another person found me more hidden docs about cookies, I wish I had this days ago.

As another note. Any values you put in a cookie you must sanitize before trying to use them in any way since users can access and change regular cookie values.

Categories
Resources Web Development

Symfony 5 how to clear the cache

I can never ever remember where I see anything ever I read entirely too much about entirely too many subjects. I mostly use this site as my own personal google.

To clear all caches
php bin/console cache:pool:clear cache.global_clearer

Symfony docs link to more info.

Categories
Resources Web Development

Doctrine migrations links

I have trouble navigating the Symfony documentation so I create lists of links here so I can just easily find what I need again later.

MigrationsBundle link and info -> shows how to run migrations and all of the doctrine migration related commands

Doctrine Symfony overview -> more information about doctrine and migrations.

Categories
Resources Software Development Web Security

Stupid linux issues.

This is my collection of stupid.

Top of the list Debian/Ubuntu removes apt-key support and doesn’t tell anyone they did it, doesn’t give anyone a single hint as to what to do. No just remove/deprecate shit and don’t tell a single soul on earth. This kind of stupid makes me want to leave the industry entirely. I get so tired of messed up  and undocumented shit that wastes hours and hours and hours of my time. Someone needs kicked for this.

More info and links about the above issue or removing apt-key support. Yarn suggests using apt-key so this means hundreds of millions of people are having this issue or will or could.
Even more info about the stupid ideas from above.

Categories
Resources Web Development

Linux su command not working, does nothing but show $ prompt

Seriously WTF?

So you found the magic sauce did ya?  So you created a user with useradd or adduser and you try to switch over to that user in a terminal, probably logged in through ssh as root right.

You are trying to use the su – username command but all you get is a $. And not the good kind. The kind that no matter what you type all you get is another line with $ on it. This is a feature by the way so you can’t see files that don’t belong to the user…

Right now you are probably like

Wait. WTF is even happening?

As far as I can tell, if you are using Debian or Ubuntu, useradd/adduser defaults the users shell to /bin/sh but the skeleton files located in /etc/skel are all configured for bash.  I have no idea how the system gets the defaults, but it does no good to have your users default shell not pointing to bash.

How to fix this?

To fix it you need to change the users default shell to bash. Bash is usually located in /bin/bash or /usr/bin/bash For me it was /bin/bash. To change it you use usermod command like so


usermod -s /bin/bash username

That will change the shell your user gets when you type su – username. Now since Ubuntu/Debian and maybe other distros contain the configuration in the users .bashrc and .profile files everything will work as expected. When you switch to the user with the above command you are taken to their home directory.

Found more details!

More info

Ok I found more info while digging into the so called useradd docs.

-s–shell SHELLThe name of the user’s login shell. The default is to leave this field blank, which causes the system to select the default login shell specified by the SHELL variable in /etc/default/useradd, or an empty string by default.

So that is where Linux gets the default value for the user shell and apparently you can use the -s option when creating the user to specify the bash as the shell.

Digging deeper into the mystery sauce I find in my Mastering Ubuntu Server book ( awesome book ) the reason why. It states if you use adduser then their default shell is /bin/bash and if you use useradd (which I used) it defaults to /bin/sh

Links

how to change the default shell of an user in linux? – more info about usermod and changing the users default shell and how to figure out what shells you have installed and their locations.

Categories
Resources Software Development Web Development Web Security

SSL links, videos and other resources.

Resources because the internet sucks

SSL is a very important subject. All websites/apps should be using it. However the docs will leave you scratching your head saying WTF? So I am creating this long list of resources for anyone else who ever has to learn how to use it.

Articles

First here is a link to the docs – this will cause confusion as nothing tells you how to use the pieces together.  So it is like looking into a box of legos and knowing it builds something but you don’t even have a picture as a hint. The best you can do is use the pieces to build something that doesn’t even resemble the original creation.

OpenSSL quick reference by digicert – a very brief introduction to SSL and how it works

SSL Certificate Security Glossary – list of terms and definitions

How to create a CSR with openssl – shows some of the syntax for the -config file option.

Docs explaining the config file found in the article above bout how to create a csr with openssl

SSL Basics: What is a Certificate Signing Request (CSR)? – Exactly WTF is a CSR

Openssl config file example – openssl docs are pure 100% utter shit. I had to dig and dig and google and dig for days to find this.

Videos

Categories
Resources Software Development

How to make linux shell scripts wait for a command to finish before running another

now you know

I am writing this so when other people google how to do it, they have something to find to save them time.

For days I tried to figure out how to make sure a command finished before another was run. I couldn’t find any information anywhere. If you are like me you may be thinking ( or wondering if ) that the shell just zooms through the commands you put in a script file without waiting for each to finish. It seems like this because everything is rushing by so quickly you can’t read it.

For days I was running scripts to install and configure my servers and it kept hanging so bad I couldn’t even ping the server.

I was running the following for example

sudo apt-get update
sudo apt-get dist-upgrade -y
sudo apt-get reboot

And since my server instances were hard freezing right up, I figured it must be zooming right on through causing an error.

Well come to find out after much research and someone on twitter finally confirmed to me that the shell automatically waits for each command to finish before executing the next. The shell doesn’t automatically run all commands encountered at the same time.

Now I must figure out what is actually locking my server instances up.

now you know