Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[DX] Ability to authentication a User directly#11320

Closed
norberttech wants to merge 9 commits into
symfony:masterfrom
norberttech:issue-11158
Closed

[DX] Ability to authentication a User directly#11320
norberttech wants to merge 9 commits into
symfony:masterfrom
norberttech:issue-11158

Conversation

@norberttech
Copy link
Copy Markdown
Contributor

@norberttech norberttech commented Jul 5, 2014

Q A
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #11158
License MIT

Simple usage example:

class LoginController extends ContainerAware
{
    public function loginAction()
    {
        $user = new User('norzechowicz', 'password123');
        $this->container->get('security.login_manager')->loginUser('firewall_name', $user);

        return new Response();
    }
}

weaverryan
weaverryan reviewed Jul 5, 2014
View reviewed changes
Comment thread src/Symfony/Component/Security/Http/Login/LoginManager.php Outdated
Copy link
Copy Markdown
Contributor

@weaverryan weaverryan Jul 5, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The core always uses this instead of is_null:

if (null !== $request) {

Copy link
Copy Markdown
Contributor Author

@norberttech norberttech Jul 5, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh sorry, going to fix that now!

@stefanosala
Copy link
Copy Markdown

stefanosala commented Jul 7, 2014

Nice add! Just a notice, do you really need a full app to test the LoginManager class?

@norberttech
Copy link
Copy Markdown
Contributor Author

norberttech commented Jul 7, 2014

As you can see this PR is not just about LoginManager, there are also 2 new services and I think it's good to be sure that everything works as expected.

fabpot
fabpot reviewed Jul 23, 2014
View reviewed changes
Comment thread src/Symfony/Component/Security/Http/Login/LoginManagerInterface.php Outdated
Copy link
Copy Markdown
Member

@fabpot fabpot Jul 23, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see the need for an interface.

sstok
sstok reviewed Jul 23, 2014
View reviewed changes
Comment thread src/Symfony/Bundle/SecurityBundle/Security/Http/RememberMe/RememberMeServicesResolver.php
Copy link
Copy Markdown
Contributor

@sstok sstok Jul 23, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I remember correctly these services are marked private. We also have (had?) this problem in the FOSUserBundle.

@linaori
Copy link
Copy Markdown
Contributor

linaori commented Jul 31, 2014

This feature is something I can see myself using. However, won't this make it easier for people to circumvent the security authentication process "because it's too complicated"? It does add "yet another way to authenticate", but is sometimes desired.

👍 For the PR

@weaverryan
Copy link
Copy Markdown
Contributor

weaverryan commented Sep 22, 2014

Are there any big issues with this PR or are we getting close? Honestly, the remember me / resolver stuff is quite complex and I'm personally unsure of the side effects or the approach here. It might be perfectly sound (and so this is a good candidate to push towards merging) or there may be some fundamental issues. I see fabpot has reviewed this a bit, but I haven't see anything from the other deciders.

Thanks!

@fabpot
Copy link
Copy Markdown
Member

fabpot commented Sep 24, 2014

To be precise, I had a quick look at this PR, but I don't have any specific knowledge of the remember me feature.

@linaori linaori mentioned this pull request Sep 25, 2014
Closed
@hacfi
Copy link
Copy Markdown
Contributor

hacfi commented Sep 28, 2014

Maybe @schmittjoh should have a quick look at this if he’s not too busy.

@csarrazi
Copy link
Copy Markdown
Contributor

csarrazi commented Oct 1, 2014

I see one big issue with this PR: It will only work with UserNamePasswordToken tokens, and so will be useless to authenticate users with other authentication mechanisms (which are not based on a username and password). I feel that the creating the LoginManager should inherit from an abstract class, which implements the createToken() method, and that the security bundle should provide a way to override the login manager.

@weaverryan weaverryan mentioned this pull request Dec 4, 2014
Closed
ajgarlag
ajgarlag reviewed Dec 18, 2014
View reviewed changes
Comment thread src/Symfony/Component/Security/Http/Login/LoginManager.php Outdated
Copy link
Copy Markdown
Contributor

@ajgarlag ajgarlag Dec 18, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't the method checkPreAuth be called previously?

@ajgarlag
Checks token authentication.
3860815 
Checks user preauth.
Improve functional test.
@ajgarlag
Copy link
Copy Markdown
Contributor

ajgarlag commented Dec 19, 2014

@csarrazi The createToken method is already abstract, so I think the LoginManager service could be easily decorated if needed.

Merge pull request #1 from ajgarlag/issue-11158
b6d23f3 
Checks that the created token is authenticated before login the user.
@norberttech
Copy link
Copy Markdown
Contributor Author

norberttech commented Dec 21, 2014

Closed because this PR was made into wrong branch, new PR #13062

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

DX DX = Developer eXperience (anything that improves the experience of using Symfony)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@norberttech @stefanosala @linaori @weaverryan @fabpot @hacfi @csarrazi @ajgarlag @sstok @javiereguiluz