You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to set up a PATCH route for the User entity that retrieves the user information from the access token instead of using uriVariables. In my mind, such approach would allow users to only edit their own profile. I followed the Smartcast tutorial for a similar approach on PUT routes in dragonTresures.
Steps to Reproduce:
Changed uriTemplate of the PATCH route.
Implemented UserFromTokenProvider to fetch the user from the token.
Sent a PATCH request with newEmail, oldPassword, and newPassword fields.
Catch results in custom state persister.
Expected Behaviour:,
The provider should fill the data with returned object.
Actual Behaviour:
The provider is completely omitted and by extension route always returns an empty object filled only by data provided by user in request.
Code Snippets:
1. Relevant API Platform Configuration:
#[ApiResource(description: "Represents a single user in the system.",operations: [new GetCollection(normalizationContext: ['groups' => ['user:read_list']],),new Get(normalizationContext: ['groups'=> ['user:read']],),new Patch(name: 'credentials',uriTemplate: '/users/credentials',processor: UserCredentialsPersistStateProcessor::class,validationContext: ['groups' => ['user:write_credentials']],denormalizationContext: ['groups' => ['user:write_credentials']],security: "is_granted('ROLE_REDDIT_ADMIN') or is_granted('ROLE_USER')",securityMessage: "Only user himself can modify his settings.",provider: UserFromTokenProvider::class,),// rest of routes],paginationItemsPerPage: 25)]
classUserCredentialsPersistStateProcessorimplementsProcessorInterface
{
publicfunctionprocess(mixed$data, Operation$operation, array$uriVariables = [], array$context = []): User|null
{
var_dump($data); // line used for debugging purposes//validate data$this->validator->validate($data);
//compare passwordsif (!$this->passwordHasher->isPasswordValid($data, $data->getPlainOldPassword())) {
$data->eraseCredentials();
thrownewInvalidArgumentException('Invalid credentials.', 404);
}
//check if password or email are setif (!$data->getPlainPassword() && !$data->getNewEmail()) {
$data->eraseCredentials();
thrownewInvalidArgumentException('Either email or new password should be provided.', 400);
}
// rest of the class...
}
}
I have tried various approaches, including throwing exceptions in state provider, tweeking route configuration, hooking into the Built-In State Provider like shown in documentation and returning objects with the given ID, but the issue persists.
I would appreciate any help in identifying the root cause of this issue and achieving the desired behaviour for the PATCH route.
The text was updated successfully, but these errors were encountered:
I'm trying to set up a PATCH route for the User entity that retrieves the user information from the access token instead of using uriVariables. In my mind, such approach would allow users to only edit their own profile. I followed the Smartcast tutorial for a similar approach on PUT routes in dragonTresures.
Steps to Reproduce:
UserFromTokenProviderto fetch the user from the token.newEmail,oldPassword, andnewPasswordfields.Expected Behaviour:,
The provider should fill the data with returned object.
Actual Behaviour:
The provider is completely omitted and by extension route always returns an empty object filled only by data provided by user in request.
Code Snippets:
1. Relevant API Platform Configuration:
2. UserFromTokenProvider:
3. UserCredentialsPersistStateProcessor:
4. Sample Request and Response:
Request:
Response:
Additional Information:
I would appreciate any help in identifying the root cause of this issue and achieving the desired behaviour for the PATCH route.
The text was updated successfully, but these errors were encountered: