Add capability to redirect to any URI #22
Comments
|
It's not a bad idea, but it can be dangerous, as one can't check if the URI exists, is okay or anything. So this could be either done via separate module enhancing LmcUser (probably with additional interface creation or event listening) or via option to enable with warning notice. |
|
I am more thinking along the lines of having internal validation against a list of authorized URIs, either as a list in the config file or in a database. The validation process could be whatever the developer wants but as a minimum be config file based. |
|
This could be done. By defining a whitelist and additionally firing an event where any other process in the application could say yes or no to it, should be a safe enough approach for this feature, though IMHO an option to enable this feature should be be present. |
|
Options to enable. Default would be disabled. Event driven is interesting but I am not sure of the use case for it unless one wants to attach multiple event listeners that would check for authorized URI in different manners. Then what would be the default behavior if a URI is not in the whitelist? Log the user out? Redirect to some error page? There are multiple ways to make this flexible. |
|
I think an error page would be the right thing. |
|
What about generating an 403 (Forbidden) error response? |
|
This would definitely be an appropriate error page. |
Add the capability to redirect to any URI not just routes within the application.
There should be an option in
lmc_user => []to allow redirect to URI with a default to "not allowed".I have done this in my application already and I can create a pull request for it. This allows me to use the login in my app to authenticate other webistes that are part of the same family of applications but running separate Laminas MVC.
I would like to have other people's thought on this feature before we add it to LmcUser.
The text was updated successfully, but these errors were encountered: