通过 HTTP 的 Symfony2 身份验证 headers
Symfony2 Authentication via HTTP headers
我有 Symfony2 应用程序 运行,它实现了登录机制。
但是我需要以某种方式从其他应用程序发送请求,检查请求的 URL 是否存在于该系统上:
例如有一个请求http://myapp/order/1111,我需要检查它是returns 200 OK header 还是404 Not Found 状态;
当我发送请求时它是未经授权的并且被重定向到登录页面 /login 这是 returns 200 OK 状态 header.
我需要的是以某种方式安全地绕过登录机制。有没有一种方法可以添加登录凭据以请求或创建其他登录方法?
编辑:
按照评论中的建议,我尝试使用curl。但我无法弄清楚如何让它发挥作用。这是我得到的,但它不起作用。
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6');
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, true);
$html = new DOMDocument();
$html->loadHTML(curl_exec($ch));
if (curl_error($ch)) {
echo(curl_error($ch));
}
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value');
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login');
//curl_setopt($ch, CURLOPT_REFERER, 'http://localhost/en/login');
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'_username' => 'login_username',
'_password' => 'login_password',
'_remember_me' => 'on',
'_csrf_token' => $csrf_token
)));
curl_setopt($ch, CURLOPT_POST, true);
$result = curl_exec($ch);
if (curl_error($ch)) {
echo(curl_error($ch));
}
echo $result;
curl_close($ch);
任何建议,如何在这种情况下使用 curl?
如果有人遇到这个问题,我写了一个解决方案:
$ch = curl_init();
//get login form
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6');
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_path);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_path);
//parse html to get csrf_token, I added id attribute to it for easier retrieving
$html = new DOMDocument();
$html->loadHTML(curl_exec($ch));
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value');
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
//send post request to login_check with parameters (csrf_token included)
curl_setopt($ch, CURLOPT_URL, $check_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'_username' => $username,
'_password' => $password,
'_remember_me' => 'on', //if you use remember me functionality
'_csrf_token' => $csrf_token
)));
curl_exec($ch);
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
//request login protected urls
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, false);
curl_exec($ch);
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
$info = curl_getinfo($ch);
curl_close($ch);
//I used this code in a function returning url and http_code for further processing
return array(
'url' => $info['url'],
'http_code' => $info['http_code']
);
我在本地化方面遇到了问题。我曾经用这样的语言环境传递 login_check url http://localhost/en/login_check, by removing locate I fixed the problem: http://localhost/login_check
我有 Symfony2 应用程序 运行,它实现了登录机制。
但是我需要以某种方式从其他应用程序发送请求,检查请求的 URL 是否存在于该系统上:
例如有一个请求http://myapp/order/1111,我需要检查它是returns 200 OK header 还是404 Not Found 状态;
当我发送请求时它是未经授权的并且被重定向到登录页面 /login 这是 returns 200 OK 状态 header.
我需要的是以某种方式安全地绕过登录机制。有没有一种方法可以添加登录凭据以请求或创建其他登录方法?
编辑:
按照评论中的建议,我尝试使用curl。但我无法弄清楚如何让它发挥作用。这是我得到的,但它不起作用。
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6');
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_POST, true);
$html = new DOMDocument();
$html->loadHTML(curl_exec($ch));
if (curl_error($ch)) {
echo(curl_error($ch));
}
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value');
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login');
//curl_setopt($ch, CURLOPT_REFERER, 'http://localhost/en/login');
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'_username' => 'login_username',
'_password' => 'login_password',
'_remember_me' => 'on',
'_csrf_token' => $csrf_token
)));
curl_setopt($ch, CURLOPT_POST, true);
$result = curl_exec($ch);
if (curl_error($ch)) {
echo(curl_error($ch));
}
echo $result;
curl_close($ch);
任何建议,如何在这种情况下使用 curl?
如果有人遇到这个问题,我写了一个解决方案:
$ch = curl_init();
//get login form
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6');
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_path);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_path);
//parse html to get csrf_token, I added id attribute to it for easier retrieving
$html = new DOMDocument();
$html->loadHTML(curl_exec($ch));
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value');
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
//send post request to login_check with parameters (csrf_token included)
curl_setopt($ch, CURLOPT_URL, $check_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'_username' => $username,
'_password' => $password,
'_remember_me' => 'on', //if you use remember me functionality
'_csrf_token' => $csrf_token
)));
curl_exec($ch);
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
//request login protected urls
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, false);
curl_exec($ch);
if (curl_error($ch)) {
throw new Exception(curl_error($ch));
}
$info = curl_getinfo($ch);
curl_close($ch);
//I used this code in a function returning url and http_code for further processing
return array(
'url' => $info['url'],
'http_code' => $info['http_code']
);
我在本地化方面遇到了问题。我曾经用这样的语言环境传递 login_check url http://localhost/en/login_check, by removing locate I fixed the problem: http://localhost/login_check