RetailCRM-Mirror/service-bundle
1
0
Fork 0
mirror of synced 2024-11-28 15:46:04 +03:00
Code Issues Projects Releases Wiki Activity

Update aunthenticators

Browse Source
This commit is contained in:
Кривич Сергей 2022-07-19 16:27:00 +03:00
parent be3ae61dbf
commit 3164804ac3
4 changed files with 86 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
Resources/doc/Security.md
View File

@ -4,67 +4,70 @@ Example security configuration:
```yaml ```yaml
security: security:
hide_user_not_found: false
providers: providers:
client: connection:
entity: entity: { class: App\Entity\Connection, property: clientId }
class: 'App\Entity\Connection' # must implements UserInterface
property: 'clientId'
firewalls: firewalls:
api: dev:
pattern: ^/api pattern: ^/(_(profiler|wdt)|css|images|js)/
provider: client security: false
anonymous: ~ simple-connection:
lazy: true pattern: ^/simple-connection
stateless: false stateless: true
guard: security: false
authenticators:
- RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator
callback: callback:
pattern: ^/callback pattern: ^/callback
provider: client provider: connection
anonymous: ~
lazy: true
stateless: true stateless: true
guard: custom_authenticators:
authenticators: - RetailCrm\ServiceBundle\Security\CallbackClientAuthenticator
- RetailCrm\ServiceBundle\Security\CallbackClientAuthenticator front:
pattern: ^/(front|login)
provider: connection
stateless: false
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
always_remember_me: true
custom_authenticators:
- RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator
main: main:
anonymous: true pattern: ^/
lazy: true lazy: true
access_control: access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } # login for programmatically authentication user - { path: ^/front, roles: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/api, roles: ROLE_USER } - { path: ^/simple-connection, roles: PUBLIC_ACCESS }
- { path: ^/callback, roles: ROLE_USER }
``` ```
To authenticate the user after creating it, you can use the following code To authenticate the user after creating it, you can use the following code
```php ```php
use Symfony\Component\Security\Guard\GuardAuthenticatorHandler; use App\Entity\Connection;
use RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator; use App\Services\ConnectionManager;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
use RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator;
class AppController extends AbstractController class AppController extends AbstractController
{ {
public function someAction( public function someAction(
Request $request, Request $request,
GuardAuthenticatorHandler $guardAuthenticatorHandler, Connection $connection,
FrontApiClientAuthenticator $frontApiClientAuthenticator, ConnectionManager $manager,
ConnectionManager $manager UserAuthenticatorInterface $userAuthenticator,
): Response { FrontApiClientAuthenticator $authenticator
$user = $manager->getUser(); // getting user ): Response {
$exist = $manager->search($connection); //get connection
$guardAuthenticatorHandler->authenticateUserAndHandleSuccess( $userAuthenticator->authenticateUser(
$user, $connection,
$request, $authenticator,
$frontApiClientAuthenticator, $request
'api' );
); }
// ...
} }
}
``` ```

46
Security/AbstractClientAuthenticator.php
View File

@ -8,26 +8,15 @@ use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
/** abstract class AbstractClientAuthenticator extends AbstractAuthenticator
* Class AbstractClientAuthenticator
*
* @package RetailCrm\ServiceBundle\Security
*/
abstract class AbstractClientAuthenticator extends AbstractGuardAuthenticator
{ {
public const AUTH_FIELD = 'clientId'; public const AUTH_FIELD = 'clientId';
private $errorResponseFactory; private $errorResponseFactory;
/**
* AbstractClientAuthenticator constructor.
*
* @param ErrorJsonResponseFactory $errorResponseFactory
*/
public function __construct(ErrorJsonResponseFactory $errorResponseFactory) public function __construct(ErrorJsonResponseFactory $errorResponseFactory)
{ {
$this->errorResponseFactory = $errorResponseFactory; $this->errorResponseFactory = $errorResponseFactory;
@ -36,37 +25,12 @@ abstract class AbstractClientAuthenticator extends AbstractGuardAuthenticator
/** /**
* {@inheritdoc } * {@inheritdoc }
*/ */
public function start(Request $request, AuthenticationException $authException = null): Response abstract public function supports(Request $request): ?bool;
{
$error = new Error();
$error->message = 'Authentication required';
return $this->errorResponseFactory->create($error,Response::HTTP_UNAUTHORIZED);
}
/** /**
* {@inheritdoc } * {@inheritdoc }
*/ */
public function getCredentials(Request $request): string abstract public function authenticate(Request $request): Passport;
{
return $request->get(static::AUTH_FIELD);
}
/**
* {@inheritdoc }
*/
public function getUser($credentials, UserProviderInterface $userProvider): ?UserInterface
{
return $userProvider->loadUserByUsername($credentials);
}
/**
* {@inheritdoc }
*/
public function checkCredentials($credentials, UserInterface $user): bool
{
return true;
}
/** /**
* {@inheritdoc } * {@inheritdoc }

21
Security/CallbackClientAuthenticator.php
View File

@ -3,12 +3,8 @@
namespace RetailCrm\ServiceBundle\Security; namespace RetailCrm\ServiceBundle\Security;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
/**
* Class CallbackClientAuthenticator
*
* @package RetailCrm\ServiceBundle\Security
*/
class CallbackClientAuthenticator extends AbstractClientAuthenticator class CallbackClientAuthenticator extends AbstractClientAuthenticator
{ {
/** /**
@ -26,4 +22,19 @@ class CallbackClientAuthenticator extends AbstractClientAuthenticator
{ {
return false; return false;
} }
/**
* {@inheritdoc }
*/
public function authenticate(Request $request): Passport
{
$identifier = $request->request->get(static::AUTH_FIELD);
return new SelfValidatingPassport(
new UserBadge($identifier, function ($userIdentifier) {
return $this->repository->findByIdentifier($userIdentifier);
}),
[]
);
}
} }

32
Security/FrontApiClientAuthenticator.php
View File

@ -2,32 +2,29 @@
namespace RetailCrm\ServiceBundle\Security; namespace RetailCrm\ServiceBundle\Security;
use App\Repository\ConnectionRepository;
use RetailCrm\ServiceBundle\Response\ErrorJsonResponseFactory; use RetailCrm\ServiceBundle\Response\ErrorJsonResponseFactory;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
/**
* Class FrontApiClientAuthenticator
*
* @package RetailCrm\ServiceBundle\Security
*/
class FrontApiClientAuthenticator extends AbstractClientAuthenticator class FrontApiClientAuthenticator extends AbstractClientAuthenticator
{ {
private $security; private $security;
private $repository;
/**
* FrontApiClientAuthenticator constructor.
*
* @param ErrorJsonResponseFactory $errorResponseFactory
* @param Security $security
*/
public function __construct( public function __construct(
ErrorJsonResponseFactory $errorResponseFactory, ErrorJsonResponseFactory $errorResponseFactory,
Security $security Security $security,
ConnectionRepository $repository
) { ) {
parent::__construct($errorResponseFactory); parent::__construct($errorResponseFactory);
$this->security = $security; $this->security = $security;
$this->repository = $repository;
} }
/** /**
@ -45,8 +42,15 @@ class FrontApiClientAuthenticator extends AbstractClientAuthenticator
/** /**
* {@inheritdoc } * {@inheritdoc }
*/ */
public function supportsRememberMe(): bool public function authenticate(Request $request): Passport
{ {
return true; $identifier = $request->request->get(static::AUTH_FIELD);
return new SelfValidatingPassport(
new UserBadge($identifier, function ($userIdentifier) {
return $this->repository->findByIdentifier($userIdentifier);
}),
[new RememberMeBadge()]
);
} }
} }