1

Hello fellow travellers, I am trying to learn how to create SOAP Web services end point in PHP. I have found Laminas-soap with its elegant solution. However when trying to add authentication to it although it works when adding creditials to SoapHeaders it goes through, the problem is even without SoapHeaders credentials it still goes through. Can anybody help me with this problem? Here is my Server Code:

Update: Should I just put authentication on every call to not put state on the server?

    <?php

// api.php

require_once __DIR__ . '/vendor/autoload.php';
require_once '../classes/DBConnection.php';

class Server
{   
    
    private $conn;
     
    /**
     * authenticate
     *
     * @param  string $username
     * @param  string $password
     * @return boolean
     */
    public static function authenticate($username, $password) 
    {
        if($username == "Kaloy" && $password == 'password') return true;
        else throw new SOAPFault("Wrong user/pass combination", 401);
    }   

    public function __construct($conn) 
    {
        $this->conn = $conn;    
    }

    /**
     * Say hello.
     *
     * @param string $firstName
     * @return string $greetings
     */
    public function sayHello($firstName)
    {
        return 'Hello ' . $firstName;
    }
        
    /**
     * get products
     *
     * @param string $category
     * @param string $category2
     * @param string $category3
     * @param string $category4
     * @return Array $products
     */
    public function getProd($category, $category2, $category3, $category4) {
        if ($category == "books") {
            // return join(",", array(
            //     "The WordPress Anthology",
            //     "PHP Master: Write Cutting Edge Code",
            //     "Build Your Own Website the Right Way"));
            return array(
                "The WordPress Anthology",
                "PHP Master: Write Cutting Edge Code",
                "Build Your Own Website the Right Way");
        }
        else {            
            return array("No products listed under that category");
        }
    }
        
    /**
     * getData
     *
     * @param string $id
     * @return Object
     */
    public function getData($id) 
    {
        $result = [];
        if (is_null($id)) return $result;
        $qry = "SELECT * FROM test_table";
        return $this->conn->query($qry)->fetchAll(PDO::FETCH_ASSOC);
    }

}

$serverUrl = "http://localhost/laminas-soap/api.php";
$options = [
    'uri' => $serverUrl,
];
$server = new \Laminas\Soap\Server(null, $options);

if (isset($_GET['wsdl'])) {
    $soapAutoDiscover = new \Laminas\Soap\AutoDiscover(new \Laminas\Soap\Wsdl\ComplexTypeStrategy\ArrayOfTypeSequence());
    $soapAutoDiscover->setBindingStyle(array('style' => 'document'));
    $soapAutoDiscover->setOperationBodyStyle(array('use' => 'literal'));
    $soapAutoDiscover->setClass('Server');
    $soapAutoDiscover->setUri($serverUrl);
    
    header("Content-Type: text/xml");
    echo $soapAutoDiscover->generate()->toXml();
} else {
    $soap = new \Laminas\Soap\Server($serverUrl . '?wsdl');
    $soap->setObject(new \Laminas\Soap\Server\DocumentLiteralWrapper(new Server($conn)));
    $soap->handle();
}
Kaloy
  • 91
  • 1
  • 12
  • 1
    I can't help you with your problem, unfortunately, but I can tell you that I lived through SOAP and I hope that I never have to deal with it again in a production environment. Except for some holdouts, most APIs from the past 5 years or so (or more) have been REST-based instead. SOAP was okay with fat tooling like Visual Studio or Java IDEs, but for languages like PHP the boilerplate stuff can be overwhelming. If you need SOAP, it is what it is, but if you can avoid it I'd recommend doing so. Also, Laminas themselves now recommend https://github.com/phpro/soap-client instead. – Chris Haas May 12 '21 at 14:46
  • Yeah man I know, Rest is the way to go. I keep asking my tech lead why SOAP why SOAP hes starting to get pissed off – Kaloy May 13 '21 at 16:50
  • I'd say give that other library a shot, since Laminas is in security-only mode now. Maybe/hopefully it will just work as you expect! – Chris Haas May 13 '21 at 17:12

0 Answers0