Update aunthenticators
This commit is contained in:
parent
be3ae61dbf
commit
3164804ac3
@ -4,66 +4,69 @@ Example security configuration:
|
|||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
security:
|
security:
|
||||||
|
hide_user_not_found: false
|
||||||
providers:
|
providers:
|
||||||
client:
|
connection:
|
||||||
entity:
|
entity: { class: App\Entity\Connection, property: clientId }
|
||||||
class: 'App\Entity\Connection' # must implements UserInterface
|
|
||||||
property: 'clientId'
|
|
||||||
firewalls:
|
firewalls:
|
||||||
api:
|
dev:
|
||||||
pattern: ^/api
|
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
||||||
provider: client
|
security: false
|
||||||
anonymous: ~
|
simple-connection:
|
||||||
lazy: true
|
pattern: ^/simple-connection
|
||||||
stateless: false
|
stateless: true
|
||||||
guard:
|
security: false
|
||||||
authenticators:
|
|
||||||
- RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator
|
|
||||||
callback:
|
callback:
|
||||||
pattern: ^/callback
|
pattern: ^/callback
|
||||||
provider: client
|
provider: connection
|
||||||
anonymous: ~
|
|
||||||
lazy: true
|
|
||||||
stateless: true
|
stateless: true
|
||||||
guard:
|
custom_authenticators:
|
||||||
authenticators:
|
|
||||||
- RetailCrm\ServiceBundle\Security\CallbackClientAuthenticator
|
- RetailCrm\ServiceBundle\Security\CallbackClientAuthenticator
|
||||||
|
front:
|
||||||
|
pattern: ^/(front|login)
|
||||||
|
provider: connection
|
||||||
|
stateless: false
|
||||||
|
remember_me:
|
||||||
|
secret: '%kernel.secret%'
|
||||||
|
lifetime: 604800 # 1 week in seconds
|
||||||
|
always_remember_me: true
|
||||||
|
custom_authenticators:
|
||||||
|
- RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator
|
||||||
main:
|
main:
|
||||||
anonymous: true
|
pattern: ^/
|
||||||
lazy: true
|
lazy: true
|
||||||
|
|
||||||
access_control:
|
access_control:
|
||||||
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } # login for programmatically authentication user
|
- { path: ^/front, roles: IS_AUTHENTICATED_REMEMBERED }
|
||||||
- { path: ^/api, roles: ROLE_USER }
|
- { path: ^/simple-connection, roles: PUBLIC_ACCESS }
|
||||||
- { path: ^/callback, roles: ROLE_USER }
|
|
||||||
```
|
```
|
||||||
|
|
||||||
To authenticate the user after creating it, you can use the following code
|
To authenticate the user after creating it, you can use the following code
|
||||||
|
|
||||||
```php
|
```php
|
||||||
|
|
||||||
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
|
use App\Entity\Connection;
|
||||||
use RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator;
|
use App\Services\ConnectionManager;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
|
||||||
|
use RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator;
|
||||||
|
|
||||||
class AppController extends AbstractController
|
class AppController extends AbstractController
|
||||||
{
|
{
|
||||||
public function someAction(
|
public function someAction(
|
||||||
Request $request,
|
Request $request,
|
||||||
GuardAuthenticatorHandler $guardAuthenticatorHandler,
|
Connection $connection,
|
||||||
FrontApiClientAuthenticator $frontApiClientAuthenticator,
|
ConnectionManager $manager,
|
||||||
ConnectionManager $manager
|
UserAuthenticatorInterface $userAuthenticator,
|
||||||
|
FrontApiClientAuthenticator $authenticator
|
||||||
): Response {
|
): Response {
|
||||||
$user = $manager->getUser(); // getting user
|
$exist = $manager->search($connection); //get connection
|
||||||
|
|
||||||
$guardAuthenticatorHandler->authenticateUserAndHandleSuccess(
|
$userAuthenticator->authenticateUser(
|
||||||
$user,
|
$connection,
|
||||||
$request,
|
$authenticator,
|
||||||
$frontApiClientAuthenticator,
|
$request
|
||||||
'api'
|
|
||||||
);
|
);
|
||||||
// ...
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,26 +8,15 @@ use Symfony\Component\HttpFoundation\Request;
|
|||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
|
||||||
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
|
||||||
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
|
|
||||||
|
|
||||||
/**
|
abstract class AbstractClientAuthenticator extends AbstractAuthenticator
|
||||||
* Class AbstractClientAuthenticator
|
|
||||||
*
|
|
||||||
* @package RetailCrm\ServiceBundle\Security
|
|
||||||
*/
|
|
||||||
abstract class AbstractClientAuthenticator extends AbstractGuardAuthenticator
|
|
||||||
{
|
{
|
||||||
public const AUTH_FIELD = 'clientId';
|
public const AUTH_FIELD = 'clientId';
|
||||||
|
|
||||||
private $errorResponseFactory;
|
private $errorResponseFactory;
|
||||||
|
|
||||||
/**
|
|
||||||
* AbstractClientAuthenticator constructor.
|
|
||||||
*
|
|
||||||
* @param ErrorJsonResponseFactory $errorResponseFactory
|
|
||||||
*/
|
|
||||||
public function __construct(ErrorJsonResponseFactory $errorResponseFactory)
|
public function __construct(ErrorJsonResponseFactory $errorResponseFactory)
|
||||||
{
|
{
|
||||||
$this->errorResponseFactory = $errorResponseFactory;
|
$this->errorResponseFactory = $errorResponseFactory;
|
||||||
@ -36,37 +25,12 @@ abstract class AbstractClientAuthenticator extends AbstractGuardAuthenticator
|
|||||||
/**
|
/**
|
||||||
* {@inheritdoc }
|
* {@inheritdoc }
|
||||||
*/
|
*/
|
||||||
public function start(Request $request, AuthenticationException $authException = null): Response
|
abstract public function supports(Request $request): ?bool;
|
||||||
{
|
|
||||||
$error = new Error();
|
|
||||||
$error->message = 'Authentication required';
|
|
||||||
|
|
||||||
return $this->errorResponseFactory->create($error,Response::HTTP_UNAUTHORIZED);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc }
|
* {@inheritdoc }
|
||||||
*/
|
*/
|
||||||
public function getCredentials(Request $request): string
|
abstract public function authenticate(Request $request): Passport;
|
||||||
{
|
|
||||||
return $request->get(static::AUTH_FIELD);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritdoc }
|
|
||||||
*/
|
|
||||||
public function getUser($credentials, UserProviderInterface $userProvider): ?UserInterface
|
|
||||||
{
|
|
||||||
return $userProvider->loadUserByUsername($credentials);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* {@inheritdoc }
|
|
||||||
*/
|
|
||||||
public function checkCredentials($credentials, UserInterface $user): bool
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc }
|
* {@inheritdoc }
|
||||||
|
@ -3,12 +3,8 @@
|
|||||||
namespace RetailCrm\ServiceBundle\Security;
|
namespace RetailCrm\ServiceBundle\Security;
|
||||||
|
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
|
||||||
|
|
||||||
/**
|
|
||||||
* Class CallbackClientAuthenticator
|
|
||||||
*
|
|
||||||
* @package RetailCrm\ServiceBundle\Security
|
|
||||||
*/
|
|
||||||
class CallbackClientAuthenticator extends AbstractClientAuthenticator
|
class CallbackClientAuthenticator extends AbstractClientAuthenticator
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
@ -26,4 +22,19 @@ class CallbackClientAuthenticator extends AbstractClientAuthenticator
|
|||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritdoc }
|
||||||
|
*/
|
||||||
|
public function authenticate(Request $request): Passport
|
||||||
|
{
|
||||||
|
$identifier = $request->request->get(static::AUTH_FIELD);
|
||||||
|
|
||||||
|
return new SelfValidatingPassport(
|
||||||
|
new UserBadge($identifier, function ($userIdentifier) {
|
||||||
|
return $this->repository->findByIdentifier($userIdentifier);
|
||||||
|
}),
|
||||||
|
[]
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -2,32 +2,29 @@
|
|||||||
|
|
||||||
namespace RetailCrm\ServiceBundle\Security;
|
namespace RetailCrm\ServiceBundle\Security;
|
||||||
|
|
||||||
|
use App\Repository\ConnectionRepository;
|
||||||
use RetailCrm\ServiceBundle\Response\ErrorJsonResponseFactory;
|
use RetailCrm\ServiceBundle\Response\ErrorJsonResponseFactory;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\Security\Core\Security;
|
use Symfony\Component\Security\Core\Security;
|
||||||
|
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
|
||||||
|
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
|
||||||
|
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
|
||||||
|
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
|
||||||
|
|
||||||
/**
|
|
||||||
* Class FrontApiClientAuthenticator
|
|
||||||
*
|
|
||||||
* @package RetailCrm\ServiceBundle\Security
|
|
||||||
*/
|
|
||||||
class FrontApiClientAuthenticator extends AbstractClientAuthenticator
|
class FrontApiClientAuthenticator extends AbstractClientAuthenticator
|
||||||
{
|
{
|
||||||
private $security;
|
private $security;
|
||||||
|
private $repository;
|
||||||
|
|
||||||
/**
|
|
||||||
* FrontApiClientAuthenticator constructor.
|
|
||||||
*
|
|
||||||
* @param ErrorJsonResponseFactory $errorResponseFactory
|
|
||||||
* @param Security $security
|
|
||||||
*/
|
|
||||||
public function __construct(
|
public function __construct(
|
||||||
ErrorJsonResponseFactory $errorResponseFactory,
|
ErrorJsonResponseFactory $errorResponseFactory,
|
||||||
Security $security
|
Security $security,
|
||||||
|
ConnectionRepository $repository
|
||||||
) {
|
) {
|
||||||
parent::__construct($errorResponseFactory);
|
parent::__construct($errorResponseFactory);
|
||||||
|
|
||||||
$this->security = $security;
|
$this->security = $security;
|
||||||
|
$this->repository = $repository;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -45,8 +42,15 @@ class FrontApiClientAuthenticator extends AbstractClientAuthenticator
|
|||||||
/**
|
/**
|
||||||
* {@inheritdoc }
|
* {@inheritdoc }
|
||||||
*/
|
*/
|
||||||
public function supportsRememberMe(): bool
|
public function authenticate(Request $request): Passport
|
||||||
{
|
{
|
||||||
return true;
|
$identifier = $request->request->get(static::AUTH_FIELD);
|
||||||
|
|
||||||
|
return new SelfValidatingPassport(
|
||||||
|
new UserBadge($identifier, function ($userIdentifier) {
|
||||||
|
return $this->repository->findByIdentifier($userIdentifier);
|
||||||
|
}),
|
||||||
|
[new RememberMeBadge()]
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user