Welcome Guest, Not a member yet? Register   Sign In
Reply Error Interception
#6

(This post was last modified: 04-13-2020, 11:51 AM by Gary.)

Thanks for the lead Includebeer, it appears to be exactly what I’m looking for.

I’ve implemented it pretty much verbatim from the https://codeigniter4.github.io/userguide...asses.html link (so it looks identical to your suggested code)... and also read the bit about the "Replacing Core Classes" immediately above in the link (which is “nearly identical with one exception”)… however, because I can't get my extended class explicitly called/loaded it obviously won’t work- after all my experimenting, I’ve still not been able to successfully modify the appropriate Service to load my new class in place of the class it’s extending

So my questions are now:
1) how do I force my new Security class extension to be loaded whenever PHP starts processing a request
2) once I get it loaded will the original one (being extended) also be automatically loaded because of my replacement USE’ing the original and/or explicitly extending it?

As a side-line experiment, I’ve also looked at possibly only extending/replacing forDisallowedAction(), which is the code invoked by the CSFR exception… however, being a noob, I’m not sure how to go about extending/replacing an in implementation that’s declared as: “class SecurityException extends FrameworkException implements ExceptionInterface”, especially when I can’t get the (apparently more basic) extending of a normal function working.

Code:
<?php namespace App\Controllers;    // CodeIgniter\Security;

    use CodeIgniter\HTTP\RequestInterface;
    use CodeIgniter\Security\Exceptions\SecurityException;
    use CodeIgniter\Security\Security;

    class Security extends Security {   // CodeIgniter\Security\Security\Security

        // TRIED:
  // public function __construct()
        // {
        //      parent::__construct();
        // }

        //--------------------------------------------------------------------

        public function CSRFVerify(RequestInterface $request)
        {
            // If it's not a POST request we will set the CSRF cookie

            ...

            // Do the tokens exist in both the _POST/POSTed JSON and _COOKIE arrays?
            if (! isset($CSRFTokenValue, $_COOKIE[$this->CSRFCookieName]) || $CSRFTokenValue !== $_COOKIE[$this->CSRFCookieName]
            ) // Do the tokens match?
            {
                // --- inserted notification start ---
                Echo('CSRF error exception insert');
                // --- inserted notification end ---

                // throw SecurityException::forDisallowedAction();
            }

            // We kill this since we're done and we don't want to pollute the _POST array
            ...

            return $this;
        }
Reply


Messages In This Thread
Reply Error Interception - by Gary - 04-06-2020, 01:20 PM
RE: Reply Error Interception - by Gary - 04-11-2020, 05:17 AM
RE: Reply Error Interception - by includebeer - 04-12-2020, 07:34 AM
RE: Reply Error Interception - by Gary - 04-12-2020, 12:30 PM
RE: Reply Error Interception - by includebeer - 04-12-2020, 02:03 PM
RE: Reply Error Interception - by Gary - 04-13-2020, 11:48 AM
RE: Reply Error Interception - by includebeer - 04-13-2020, 04:15 PM
RE: Reply Error Interception - by Gary - 04-14-2020, 01:27 PM



Theme © iAndrew 2016 - Forum software by © MyBB