Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[DX] Ability to authentication a User directly #11320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 9 commits into from
Closed

[DX] Ability to authentication a User directly #11320

wants to merge 9 commits into from

Conversation

norberttech
Copy link
Contributor

Q A
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #11158
License MIT

Simple usage example:

class LoginController extends ContainerAware
{
    public function loginAction()
    {
        $user = new User('norzechowicz', 'password123');
        $this->container->get('security.login_manager')->loginUser('firewall_name', $user);

        return new Response();
    }
}

weaverryan
weaverryan reviewed Jul 5, 2014
View reviewed changes
src/Symfony/Component/Security/Http/Login/LoginManager.php
$token = $this->createToken($firewallName, $user);

$request = $this->requestStack->getMasterRequest();
if (!is_null($request)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The core always uses this instead of is_null:

if (null !== $request) {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh sorry, going to fix that now!

@stefanosala
Copy link

Nice add! Just a notice, do you really need a full app to test the LoginManager class?

@norberttech
Copy link
Contributor Author

As you can see this PR is not just about LoginManager, there are also 2 new services and I think it's good to be sure that everything works as expected.

fabpot
fabpot reviewed Jul 23, 2014
View reviewed changes
src/Symfony/Component/Security/Http/Login/LoginManagerInterface.php

use Symfony\Component\Security\Core\User\UserInterface;

interface LoginManagerInterface
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see the need for an interface.

sstok
sstok reviewed Jul 23, 2014
View reviewed changes
src/Symfony/Bundle/SecurityBundle/Security/Http/RememberMe/RememberMeServicesResolver.php
public function resolve($providerKey)
{
$rememberMeServices = null;
if ($this->serviceContainer->has('security.authentication.rememberme.services.persistent.'.$providerKey)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I remember correctly these services are marked private. We also have (had?) this problem in the FOSUserBundle.

@linaori
Copy link
Contributor

linaori commented Jul 31, 2014

This feature is something I can see myself using. However, won't this make it easier for people to circumvent the security authentication process "because it's too complicated"? It does add "yet another way to authenticate", but is sometimes desired.

👍 For the PR

@weaverryan
Copy link
Member

Are there any big issues with this PR or are we getting close? Honestly, the remember me / resolver stuff is quite complex and I'm personally unsure of the side effects or the approach here. It might be perfectly sound (and so this is a good candidate to push towards merging) or there may be some fundamental issues. I see fabpot has reviewed this a bit, but I haven't see anything from the other deciders.

Thanks!

@fabpot
Copy link
Member

fabpot commented Sep 24, 2014

To be precise, I had a quick look at this PR, but I don't have any specific knowledge of the remember me feature.

@linaori linaori mentioned this pull request Sep 25, 2014
Closed
@hacfi
Copy link
Contributor

hacfi commented Sep 28, 2014

Maybe @schmittjoh should have a quick look at this if he’s not too busy.

@csarrazi
Copy link
Contributor

csarrazi commented Oct 1, 2014

I see one big issue with this PR: It will only work with UserNamePasswordToken tokens, and so will be useless to authenticate users with other authentication mechanisms (which are not based on a username and password). I feel that the creating the LoginManager should inherit from an abstract class, which implements the createToken() method, and that the security bundle should provide a way to override the login manager.

@weaverryan weaverryan mentioned this pull request Dec 4, 2014
Closed
ajgarlag
ajgarlag reviewed Dec 18, 2014
View reviewed changes
src/Symfony/Component/Security/Http/Login/LoginManager.php
*/
public function loginUser($firewallName, UserInterface $user, Response $response = null)
{
$this->userChecker->checkPostAuth($user);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't the method checkPreAuth be called previously?

@ajgarlag
Checks token authentication.
3860815 
Checks user preauth.
Improve functional test.
@ajgarlag
Copy link
Contributor

@csarrazi The createToken method is already abstract, so I think the LoginManager service could be easily decorated if needed.

Merge pull request #1 from ajgarlag/issue-11158
b6d23f3 
Checks that the created token is authenticated before login the user.
@norberttech
Copy link
Contributor Author

Closed because this PR was made into wrong branch, new PR #13062

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
DX DX = Developer eXperience (anything that improves the experience of using Symfony)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@norberttech @stefanosala @linaori @weaverryan @fabpot @hacfi @csarrazi @ajgarlag @sstok @javiereguiluz