CODEWITHSUNDEEP
phpjqueryajaxsymfonycross-domain
user4457363
user4457363

Reputation:

Cross-domain authentication not stored in Symfony2

I have a jQuery AJAX request :

    $.ajax({
        type: "POST",
        url: 'http://xbo.dev/ajax/login_ajax',
        dataType: 'json',
        data: {
            _username: $('#_username').val(),
            _password: $('#_password').val()
        }
    }).done(function (data) {
        console.log(data);
    }

And a PHP controller :

    public function loginAjaxAction() {
        $request = $this->get('request');

        $success = false;
        $responseCode = 300;
        $authorizedHostsDev = array('xbo.dev');

        if ($request->isMethod('POST') && ($request->isXmlHttpRequest() || in_array($request->headers->get('host'), $authorizedHostsDev))) {
            $user = $this->get('fos_user.user_manager')->findUserBy(array('username' => $request->request->get('_username')));

            if ($user) {
                $encoderManager = $this->get('security.encoder_factory');
                $encoder = $encoderManager->getEncoder($user);
                $encodedPass = $encoder->encodePassword($request->request->get('_password'), $user->getSalt());

                if ($user->getPassword() === $encodedPass) {

                    if ($user->getExpiresAt() < new \DateTime()) {
                        $responseCode = 500;
                    } else {
                        $this->userAuthentication($user);

                        $responseCode = 200;
                        $success = true;
                    }
                } else {
                    $responseCode = 400;
                }
            }

        }
        $return = json_encode(array('responseCode' => $responseCode, 'success' => $success));
        return new Response($return, 200, array('Content-Type'=>'application/json'));
    }

If I execute this AJAX request from xbo.dev, I have this result in the console.log(data) :

{"responseCode":200,"success":true}

After that, I'm redirected and I'm logged in.

If I execute this AJAX request from subdomain like blog.xbo.dev, I have the same result in console.log(data) but, when the page is refreshing, I'm not redirected (I stay on the connection page) and it seems that my login action is not made (still can enter my ids to connect).

How can I change this behavior ?

Thanks

EDIT : I just added one test, to know if I was connected in the moment, in the PHP controller. Indeed, even after the AJAX request from blog.xbo.dev, $responseCode is 1000. The test :

if ($this->getUser()) {
    $responseCode = 1000;
} else {
    $responseCode = 200;
    $success = true;
}

EDIT 2 : Here is the code of the userAuthentication method :

private function userAuthentication(UserInterface $user) { 
    $providerKey = 'main'; // firewall name
    $token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());

    $this->container->get('security.context')->setToken($token);
}

Upvotes: 2

Views: 702

Answers (1)

user4457363
user4457363

Reputation:

Here is a solution I found.

I figured out that from my subdomain blog.xbo.dev, my PHP controller couldn't set the cookie for my authenticated user.

So, I just thought about it and decided to specially create a different route for my subdomain.

I precised the host parameter in my routing.yml.

So, I have one route called with host: blog.xbo.dev and the second one called with host: xbo.dev. Both of the 2 routes target the same PHP controller function (loginAjaxAction) and it works perfectly.

Hope this will help.

Upvotes: 1

Related Questions