Bundles seems to skip firewalls about swoole-bundle HOT 6 CLOSED

I did found the issue ... it turned out that when using swoole this stuff

    public function __construct(RequestStack $requestStack)
    {
        $this->request = $requestStack->getCurrentRequest();
    }

...

should be avoided at all cost. This object is saved in memory along with the first request!

instead doing this

    public function __construct(RequestStack $requestStack)
    {
        $this->request = $requestStack;
    }

    public function getPayload()
    {

        list($header, $payload, $signature) = explode(".", $this->request->getMasterRequest()->headers->get('Authorization'));
        return JWT::jsonDecode(JWT::urlsafeB64Decode($payload));
    }

is safe! And everything works as expected.

Nothing to do with the bundle I guess, but to the very nature of how swoole works. Retrieving the request in an object constructor is an unsafe operation here.

Feel free to close the issue.

from swoole-bundle.

Thanks man for the update, sorry for not being able to debug it myself but (as usual) did not have time to do it :/
Happy that you've managed to resolve it by yourself, good job man!

Edit: And yes, with swoole on each request memory isn't flushed (and symfony container isn't reconstructed) so we need to keep track of global state and take care memory-related issues, that's why it's so fast.

from swoole-bundle.

Thanks man for the update, sorry for not being able to debug it myself but (as usual) did not have time to do it :/
Happy that you've managed to resolve it by yourself, good job man!

no prob! thank you for the good work on the bundle :)

from swoole-bundle.

Hi, unfortunately I don't know what could be the cause, if you can please provide simple repository so I can reproduce bug locally. Then I'll try to debug and see what can be done here. Maybe session support needs some adjustments. Also, this bundle does not support php 7.3 anymore.

from swoole-bundle.

Hi, unfortunately I don't know what could be the cause, if you can please provide simple repository so I can reproduce bug locally. Then I'll try to debug and see what can be done here. Maybe session support needs some adjustments. Also, this bundle does not support php 7.3 anymore.

Thank you, sure I'll try my best to find the time to put together an example repo.
I am using version 0.8.3 to work with php 7.3.

Meanwhile l am still trying to debug and it seems that is like the authorization headers are "cached" between different requests.

The way I am grabbing header information in my custom user provider is via a class like this:

use Firebase\JWT\JWT;
use Symfony\Component\HttpFoundation\RequestStack;

class JwtPayloadGetter
{
    private $request;

    public function __construct(RequestStack $requestStack)
    {
        $this->request = $requestStack->getCurrentRequest();
    }

    public function getPayload()
    {
        list($header, $payload, $signature) = explode(".", $this->request->headers->get('Authorization'));
        return JWT::jsonDecode(JWT::urlsafeB64Decode($payload));
    }

}

Debugging this it seems that $this->request->headers->get('Authorization') doesn't change between requests even if I do change the value in my postman client.

maybe something linked to https://symfony.com/doc/current/http_cache.html#http-caching-and-user-sessions but with php'fpm I don't have the same problem, so I am thinking that is mainly linked to swoole

from swoole-bundle.

Still haven't got the time to create a sample repo for you, but I did some more digging today: it seems to me that working with a class like the one I showed above produces always the same result! So $this->request->headers->get('Authorization') gives me always the same value, the one I sent in the first request after I started the server (as if the content of the headers are saved in memory after the first request).
Could you confirm that this shouldn't be the case and the bundle is exactly for this purpose ?
Have you ever tried yourself using the bundle with authorisation, security or user login features in Symfony ?

from swoole-bundle.