Upgrade breaks impersonation with single sign-on extension

corey34

Active Member
We have an extension that handles single sign-on between Mailwizz and our main website. When we upgraded previously, we modified the main.php file in MW to handle this, but that solution no longer appears to work with MW 1.5.0. Trying to impersonate a customer kicks us back out to the login screen for the MW backend.

Below are the contents of our main-custom.php file. It seems as though the relevant portions are contained within the session parameters of the application components, but I'm guessing there have been some other changes made to the way impersonation works that renders these changes ineffective. Any thoughts as to a solution that would allow us to maintain this single sign-on when impersonating?

PHP:
<?php defined('MW_PATH') || exit('No direct script access allowed');

/**
 * Custom application main configuration file
 *
 * This file can be used to overload config/components/etc
 *
 * @package MailWizz EMA
 * @author Serban George Cristian <cristian.serban@mailwizz.com>
 * @link http://www.mailwizz.com/
 * @copyright 2013-2014 MailWizz EMA (http://www.mailwizz.com)
 * @license http://www.mailwizz.com/license/
 * @since 1.1
 
 */

$environment = @include __DIR__.'/../../../../protected/env.php';

$db = [];
if( $environment == 'local' ) {
    define( 'DOMAIN_MW', 'domain' );
    $db = [ 'connectionString' => 'mysql:host=localhost;dbname=database',
            'username'         => 'username',
            'password'         => '',
            'tablePrefix'      => 'mw_' ];
}
else if( $environment == 'staging' ) {
    define( 'DOMAIN_MW', 'domain' );
    $db = [ 'connectionString' => 'mysql:host=localhost;dbname=database',
            'username'         => 'username',
            'password'         => 'password',
            'tablePrefix'      => 'mw_' ];
}
else { // $environment == 'live'
    define( 'DOMAIN_MW', 'domain' );
    $db = [ 'connectionString' => 'mysql:host=localhost;dbname=database',
            'username'         => 'username',
            'password'         => 'password',
            'tablePrefix'      => 'mw_' ];
}

return [
    // application components
    'components' => [
        'session' => [
            'savePath' => '/tmp',
            'cookieMode' => 'allow',
            'cookieParams' => [
                'path' => '/',
                'domain' => '.'.DOMAIN_MW,
                'httpOnly' => true,
                ]
            ],
        'db' => $db,
        'log' => [
            'routes' => [[
                'class' => 'CFileLogRoute',
                'logFile' => 'test.log',
                'filter' => 'CLogFilter',
                'levels' => 'test'  
                ]]
            ]
        ],
    // params
    'params' => [
        'email.custom.header.prefix' => 'X-Kkkp-'
    ]
];
 
The impersonation works fine in our case, maybe rmeove the session component from your main-custom.php file, i don't see how that is correct since it defines params that are meant for file based sessions and we're using database sessions.
 
Back
Top