How to authorize user via SecurityBundle & FOSUserBundle in another module?

A

Alexander Strelov2013-03-26 11:20:06

symfony

Alexander Strelov, 2013-03-26 11:20:06

I deal with authorization through the SecurityBundle, everything works fine in normal mode (the bundle is inherited from FOSUserBundle and part of the functionality is redefined in it), but there was a need to perform user authorization in another controller of another bundle of the same project. A call is made to another router that does not belong to the base bundle; in it, it is necessary to check the login password and authorize the user or give an error, now I have implemented it in the hardcore version, i.e. I directly get the user from the repository by login, calculate the password hash and compare it with the hash in the database.
To make it clearer, here is my "code":

$request = $this->get('request');<br>
if ('POST' == $request->getMethod() || 'GET' == $request->getMethod()) {<br>
    $username = $request->get('username');<br>
    $password = $request->get('password');<br>
    $em = $this->getDoctrine()->getManager();<br>
    $userEntity = $em->getRepository('MyBundle:User')->findOneBy(array('username' => $username));<br>
    if (!$userEntity) {<br>
        return $this->getResponseError('404', $typeResponse);<br>
    }<br>
    $factory = $this->get('security.encoder_factory');<br>
    $encoder = $factory->getEncoder($userEntity);<br>
    $encodePassword = $encoder->encodePassword($password, $userEntity->getSalt());<br>
    if ($encodePassword == $userEntity->getPassword()) {<br>
        $response = new Response;<br>
        if (!$this->authenticateUser($userEntity, $response)) {<br>
            return $this->getResponseError('User locked', $typeResponse);<br>
        }<br>
    } else {<br>
        return $this->getResponseError('Wrong password or login', $typeResponse);<br>
    }<br>
}<br>

I understand that this is not correct, but there is not enough experience how to implement this at the event dispatcher level.
I ask for help from respected developers.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

J

JekaRu, 2013-03-26
@JekaRu

Kernel events in the KernelEvents class.
In theory, it just hangs up on kernel.request. In the handler method, your code
should be something like this:

class AutenticatorListener
{
    private $securityContext;
    private $firewall;

    public function __construct(SecurityContext $securityContext, $firewall)
    {
        $this->securityContext = $securityContext;
        $this->firewall        = $firewall;
    }

    public function checkLogin(GetResponseEvent $event)
    {
        if (HttpKernel::SUB_REQUEST == $event->getRequestType()) {
            return;
        }

        $request = $event->getRequest();
        // ...  ваш код
        //....
        //....

        $token = new UsernamePasswordToken($user, null, $this->firewall, $user->getRoles());
        $this->securityContext->setToken($token);
    }
}

N

Neutral, 2013-03-26
@Neutral

There is an Events tab in the profiler - there you can see the events for which listeners are registered. A complete list of events should be found in the documentation for the libraries or directly in the code. For FOSUser, look at the FOSUserEvents class .
The user from the database can be obtained through the service fos_user.user_provider.usernameor fos_user.user_provider.username_email, and logged in through fos_user.security.login_manager.