Session bug with custom controller

Question

Session bug with custom controller

ogorzalka opened this issue 3 years ago · comments

Themosis Version: 2.0
WordPress Version: 5.7
PHP Version: 7.4

Description

I created a custom Controller. When the page is loaded in GET, I am not detected in online mode. When I send a POST request, I am identified as a logged in user.

Steps to reproduce

Create a controller with a blade view.
Identify yourself on the back office
View the page in GET and POST mode.

Or

Just check the Themosis welcome page with a connected account :)

Expected behavior

We should retrieve the WordPress session even within a custom controller.

Julien Lambé · Answer 1 · Mon Apr 19 2021 16:00:52 GMT+0800 (China Standard Time)

@AmphiBee Do you mean that you can't access the WordPress generated cookies from your controller ?

Olivier Gorzalka · Answer 2 · Tue Apr 20 2021 05:50:36 GMT+0800 (China Standard Time)

Exactly. When I use User::current(), it returns a non logged in account

Julien Lambé · Answer 3 · Tue Apr 20 2021 16:38:44 GMT+0800 (China Standard Time)

@AmphiBee This is not an error then. The Laravel auth package is not tied to the WordPress users / auth which is why it is always marked as not logged in. This is on purpose as we separate the WordPress from the application.

By the way, the framework does not provide a User model or facade by default, is it a custom model class you added on your project ?

Olivier Gorzalka · Answer 4 · Tue Apr 20 2021 16:47:51 GMT+0800 (China Standard Time)

@jlambe OK so I cannot have access to the user id in a custom controller ?

Olivier Gorzalka · Answer 5 · Tue Apr 20 2021 16:51:26 GMT+0800 (China Standard Time)

I wanted to use the controller to make a ACF Form. The ACF form use a nonce. The nonce is encrypted with the user id (if the user is logged in). In the get version of the controller, the user id is 0 (not logged in). When I send the form, the controller get the user id. So the nonce is not verified.

Julien Lambé · Answer 6 · Tue Apr 20 2021 16:55:34 GMT+0800 (China Standard Time)

@AmphiBee If this is a WordPress user, you can always use WordPress functions to get it from your controller method. For example:

$user = wp_get_current_user();

Another solution is to add a static method to your own User model to hydrate it from a WP_User object if you want to work with your User class, then get its ID property.

Olivier Gorzalka · Answer 7 · Tue Apr 20 2021 17:17:07 GMT+0800 (China Standard Time)

yes but the wp_get_current_user return a non logged in user in GET version :(

Julien Lambé · Answer 8 · Tue Apr 20 2021 19:21:58 GMT+0800 (China Standard Time)

Not sure to understand your issue here. If you're not the logged-in user to work with, then you had to query that specific user at some point to get its ID ?!

Olivier Gorzalka · Answer 9 · Tue Apr 20 2021 19:22:59 GMT+0800 (China Standard Time)

I'm logged in but the controller not detect it. It only detect when I send a post request (form submission)

Julien Lambé · Answer 10 · Tue Apr 20 2021 19:33:49 GMT+0800 (China Standard Time)

Unfortunately this is not related to the framework. If you're logged-in and call any WordPress functions API, you should be able to retrieve the ID of the currently logged in user, in both a GET or POST request. I'm going to close this issue but if you need more help on your implementation, you can subscribe to our support service and share your code.

Olivier Gorzalka · Answer 11 · Wed Apr 21 2021 03:29:41 GMT+0800 (China Standard Time)

The problem is even in the welcome controller installed by default with Themosis. If you're logged in, there's no admin bar.

Julien Lambé · Answer 12 · Wed Apr 21 2021 15:06:29 GMT+0800 (China Standard Time)

@AmphiBee There seems to have an issue in your project/configuration. By default, you will not find a welcome controller but a welcome.blade.php view file. The view should contain the calls to both wp_head() and wp_footer() functions which should display the admin bar, if enabled for your user account, so make sure to have those available or their blade directives @wphead and @wpfooter.

The only way to debug this is by looking at your application code and allocate time to it. Unfortunately support is no longer provided through the repository issues.

Julien Lambé · Answer 13 · Wed Apr 21 2021 17:14:44 GMT+0800 (China Standard Time)

@AmphiBee I totally forgot there is a User facade that is an helper class around WordPress functions, sorry for misleading about this one. Calling User::current() should indeed provide you the currently logged-in user if any. But this does not explain why you can't see the admin bar or why you don't have the wordpress cookies stored since there is a logged-in user. Something is wrong within your installation but I can't see it for now.

Olivier Gorzalka · Answer 14 · Wed Apr 21 2021 17:24:21 GMT+0800 (China Standard Time)

Ok no problem @jlambe. I will try to set a fresh install :) Event User::current() return a non logged in user. Strange

Olivier Gorzalka · Answer 15 · Fri Apr 23 2021 15:10:41 GMT+0800 (China Standard Time)

Hello @jlambe

I'm just wanted to give you a feedback about the concern I had. After checking, I had a cache problem on the docker environment. I did an install from zero, and it works great. Sorry for the bug ticket which is not. I think we will subscribe to support soon :)

Julien Lambé · Answer 16 · Fri Apr 23 2021 16:59:41 GMT+0800 (China Standard Time)

@AmphiBee I'm glad your issue is solved. Thanks for reporting back. I should probably add an Environment requirement when filling in issues 😄