Modify request object in Slim framework

Question

I am developing a small REST app in slim framework. In that, users password is send as encrypted in the request body as xml or json. I want to de-crypt that password in a callable function and update the request body so that in the actual call back function we can validate the password without de-cryptng. I want to do those steps as follows:

$decrypt = function (\Slim\Route $route) use ($app) {
   // Decrypt password and update the request body
};

$update = function() use ($app) {
   $body = $app->request()->getBody();
   $arr = convert($body);
   $consumer = new Consumer($arr);
   if ($consumer->validate()) {
      $consumer->save();
      $app->response()->status(201);
   } else {
.....
   }   
}

$app->put('/:consumer_id', $decrypt, $update);

@GuilhermeCardoso, No, I want it for operations like, changing password. — kaushik, May 27 '14 at 07:40
I am now saving the request body to $app->body after decrypting password — kaushik, May 28 '14 at 14:51
If that works for you go ahead! I replied a more robust solution but apply the one who fill the project needs and deadline. Cheers ;) — Gui, May 30 '14 at 10:17

score 3 · Answer 1 · answered Jul 10 '14 at 01:50

3

We can modify the body like following way:

$env = $app->environment;
$env['slim.input_original'] = $env['slim.input'];
$env['slim.input'] = 'your modified content here';

Courtsey: ContentTypes middleware

answered Jul 10 '14 at 01:50

kaushik

2,308
6
35
50

Gui · Answer 2 · 2014-05-29T22:03:06.393

You say you want decrypt the password and update the request body. If you're encrypt the password at client side, i would rather decrypt the password in a server side layer like API service (or something that consume the business layers like a controller in mvc).

I do believe that this decryption process should belong to your application instead of doing it outside before consuming your code. I don't know how you encrypt but if you use server side programming to generate a new hash in those requests, for me that's even a better reason to do it inside the library.

That's how i handle this type of tasks, i try to use only the frameworks for consuming libraries and not handling any logic.

However if you want to do this, you could transform the request body and save it in a new location for services that need to decrypt the password.

I use Middleware for almost every code i need to write specifically to Slim layers. I only passe functions consuming classes that act as API layers and are abstracted from Slim. For your case, use a Middleware to keep this logic in his own place.

class DecriptPasswordRequest extends \Slim\Middleware
{
    public function call()
    {
        $decriptedRoutes = array('login', 'credentials');
        $app=$this->app;
        $container = $app->container;
        $currentRoute = $app->router()->getCurrentRoute();

        if ($app->request->getmethod() == 'POST' && in_array($currentRoute, $decriptedRoutes){
            $body = $app->request->post();
            if (!isset($body['password'])){
                throw new Exception('Password missing');
            }
            $provider = new ClassThatDecryptPassword();
            $body['password'] = $provider->decrypt($body['password']);
        }
        $container['bodydecripted'] = $body;
        $this->next->call();
    }
}

did you check the code ? Today only I got the time to do that. Routes won't be prepared when the middleware call functions are executed. Hence we can't use the getCurrentRoute() function in middleware call() function. It will give you null. You can use $app->request()->getPathInfo(). For more information go [here](http://stackoverflow.com/questions/20270340/slim-php-route-in-middleware) and [here](http://stackoverflow.com/questions/21881963/slim-php-only-catch-valid-routes-with-middleware) — kaushik, Jul 14 '14 at 17:29

Modify request object in Slim framework

2 Answers2