I've been trying to use RedBean ORM (http://redbeanphp.com) to implement UserInterface and UserProviderInterface of the Silex Security Provider Package.
Because of the way the RedBean ORM handles functions for its objects, I've needed to wrap the bean object in another class.
This works great for authentication, but fails tests for Remember Me functionality.
I noticed that somewhere along the chain the Security Package serializes the object.
I thought maybe this was the reason for the error, so I created properties for "id" and "password" in my wrapper class and used __sleep and __wakeup methods to ignore the bean during sleep and reload it on wakeup. Despite everything seeming to load properly during __wakeup the test for "Remember Me" functionality is still failing.
I have created a github repository of my code. If anyone has any ideas, I'd much appreciate it!
For some reason RedBean, Silex and PHPUnit aren't allowing themselves to be included in the repository. A simple composer update should pull them down for you. If anyone has any ideas why, I'd appreciate an answer to that as well.
The github repository can be found at:
https://github.com/christianmagill/silex-redbean-security
The applicable files are
To create the test user in the database:
/setup.php
To run the test:
/index.php
My implementation of UserInterface:
/src/App/Model/UserSecurityWrapper.php
My implementation of UserProviderInterface:
/src/App/Model/UserProvider.php
My modified test:
/src/App/Test/RememberMeRedBeanServiceProviderTest.php
The original test:
/vendor/silex/silex/tests/Silex/Tests/Provider/RememberMeServiceProviderTest.php
The problem was with my custom UserProvider's supportsClass method. I was not taking namespacing into account. It seems like this function is not called for basic authentication, but is needed for the remember me provider.
Related
I have DTOs specified with Class-Validator and I am looking for a library that can be used to generate Swagger specification from it. I am not using it for a REST API, the code is addressing an IoT/MQTT scenario - I simply use Class-Validator to manage JSON.
NestJS/Swagger is the best maintained library. I would like to use it's capability to produce Swagger definitions without a NestJS Server. Ideally I would like to pass in a DTO definition and get it's Swagger schema.
I have been reading the source, but am struggling to understand which function in the framework actually does that. At best, I have been able to track it down to modelsDefinitions property in swagger-explorer class.
As best I can tell, from there, api-parameters.explorer and api-produces.explorer. The way they work is not clear to me. I was wondering of someone might help me out?
I'd like to add that I am aware of class-validator-jsonschema, but it is not maintained and no longer seems to work properly.
nestjs/swagger does not expose what you need as its public API which you cannot access it. The class you're looking for is SchemaObjectFactory and the method is exploreModelSchema.
Reference:
SwaggerObjectFactory
Test
I come from Grails background and have recently started a project in Micronaut using GORM.
I tried to find required information in documentation but its not clear how we retrieve post data in controller, validate it similar to Command Objects offered in Grails and save it into database using interface service provided in documentation
PS : I know I can map every field to action argument in controller, and also declare a interface method specifying each argument as property but that does not seems right thing to do as my domain class has so many properties.
Making the action #Transactional or any method would work for saving data as far as I know but I want to know the proper way in Micronaut.
My requirement is simple, save post data in database using GORM in Micronaut.
If I were you I would look back at the documentation, sections 6.4 to 6.11:
https://docs.micronaut.io/snapshot/guide/index.html#binding
https://docs.micronaut.io/snapshot/guide/index.html#datavalidation
http://hibernate.org/validator/
Micronaut is very annotation based, unlike Grails which uses convention over configuration. However in Grails 4, Micronaut will toke over the application context, giving you some of the benefits of Micronaut, but still maintaining the convention over configuration.
We have a working website using ServiceStack as the back end that amounts to a complex data-entry form.
My users have requested an "offline editor" for the forms. To use the offline program, the user will have to connect to the ServiceStack service, create empty instances of the forms, and then I will save the POCOs from the service to disk using ServiceStack's JSON serializer. From there the user can log off the service and edit the POCOs. When they're done, they reconnect to the service, and post/put the edited POCO object.
This all works great. My question involves validation. The validation logic is built into my Service.Interface library, which isn't available offline. The winforms program references only the POCO library and the ServiceStack "common" libraries, which do not look like they include the ServiceStack.Validation namespace.
Is there a way I can rearrange my project so that both the service and the Winforms client can run Validation against the POCOs, so that they can have data validation while offline?
UPDATE:
getting closer, I think - I moved all of the Validation classes into their own project. From my Winforms project, I can now manually set up a validator for a POCO class like this:
ServiceStack.FluentValidation.IValidator<SomePOCO> IValidator;
IValidator = new Tonto.Svc.Validation.SomePOCOValidator();
ServiceStack.FluentValidation.Results.ValidationResult vr =
IValidator.Validate(_rpt);
I can see the validator constructor being set up and the rules being initialized, but the .Validate method doesn't seem to do anything. (object comes back as valid, and breakpoints into custom validator code never get there).
UPDATE #2
I discovered my validator code wasn't running from Winforms because my validators all specify a servicestack ApplyTo Put/Post only (see sample code below). When I remove the entire Ruleset clause, though, then validation happens in my service on GETs - something I never want.
Can anyone think of a way to configure the validator rules to run for POST/PUT only when called from ServiceStack, but to also always run when NOT in servicestack? So close!
public class SomePOCOValidator : AbstractValidator<SomePOCO>
{
public SomePOCO()
{
RuleSet(ApplyTo.Put | ApplyTo.Post, () =>
{
(rules)
});
}
}
If your validation is doing anything interesting, then it probably HAS to be done "online".
Maybe just allow your client to save the POCOs locally until they go back online, at which point you send them up to your server. Any transactions that are okay, get processed normally, and any that fail, get returned for the user to edit (so your client will need some smarts to have a working set of POCOs for editing)...
If you don't want ANY extra stuff on the client, just have the transactions that fail to validate get stuffed into a "needs_corrections" table on the server, and then code up a supervisor-sort of screen to manage that table.
The validation framework that ServiceStack uses is named FluentValidation. There is no WinForms support in it. Jeremy Skinner the creator of FluentValidation answerd a question about this back in 2010 on his forum here.
Personally I don't use FV with WinForms - the vast majority of my projects are web-based with the occasional WPF project.
However, if I was going to do this then I probably wouldn't validate the controls directly, but instead use a ViewModel which is bound to the controls. I'd use a fairly strict convention where the names of the controls would match the names of the properties that they're bound to. Then, after validation completes I'd walk the control hierarchy to find the control with the name that matches the property that failed validation (I'm not sure how you'd do this in WinForms, but in WPF I'd use LogicalTreeHelper.FindLogicalNode) and then use the ErrorProvider to set the appropriate error.
Jeremy
I was able to work out a solution that allowed me to use ServiceStack validation libraries on both a ServiceStack client and an offline client. Here are the details.
Move all AbstractValidators to their own project: Proj.Svc.Validation.
get rid of all RuleSets in your AbstractValidators.
Reference Proj.Svc.Validation from Proj.Svc.Interface and Proj.OfflineWinformsClient projects.
Turn OFF the ValidationFeature() plugin in your service. All validation will have to be done manually. This means no iOC injected validators in your service classes.
When it's time to validate, either from your service or the offline client, manually declare the validator and use it like this.
IValidator validator = new
Tonto.Svc.Validation.SomePOCOValidator();
ServiceStack.FluentValidation.Results.ValidationResult vr =
validator.Validate(poco);
if (!vr.IsValid)
(throw exception or notify user somehow);
I am doing some functional tests for a backend plugin of magento. At the moment the browser profile is cleaned up between each test method (of my PHPUnit test) - so login is gone away between each test method.
It would be nice if i can do the login on a once-per-class basis to increase performance, but how to do that? How to keep the cookie in the browser and how to remove it after test class?
I haven't used Magento so my answer is more general. Can you supply a mock authentication object for the tests not directly related to it? Create a custom implementation to return true to every call to isAuthenticated() (or whatever the method is named).
I am injecting repositories into a class, and once I've injected the repositories, I'm assigning my context to each of the repositories so I have my unit of work.
What I'm trying to figure out is, is there a way for me to automatically assign my Unit of Work to each repository as I inject it so that a developer doesn't have to consider this when setting up their code. I've already got my unit of work configured in my base class, the one the developer will be inheriting from.
Can I do something like;
Bind<I>().To<S>().WhenInjectedInto<IBaseClass>( i,b => { i.UnitOfWork = b.UnitOfWork });
But not have to repeat that pattern every time?
[UPDATE]
I'm looking at ways to figure out if Ninject is injecting and what from into,
https://github.com/ninject/ninject.extensions.interception
I'm trying to look through the tests to see if this is far off base. Any recommendations?
I think the better way would be to inject the context into the repositoies using constructor injection. In a web project you can use InRequestScope for the context binding. For a WPF/WinForms/Console application have a look at Ninject.Extensions.NamedScope. You can define that a single context is used for all dependencies of you IBaseClass.