Symfony2:无需密码即可编辑用户

时间:2013-04-06 21:45:49

标签: php security symfony

在我的应用程序中,只有管理员用户可以创建并理论上编辑用户。到目前为止,仅使用Symfony安全系统(不需要FOSUserBundle管理 - 不需要复杂性),创建具有不同角色的用户就可以了。完全逃避我的挑战是如何在不知道用户密码的情况下编辑用户。我一直遇到预期的验证错误

  

密码不能为空

。如何完成编辑?我肯定错过了一些非常基本的东西。

编辑操作:

    public function editAction($id) {
        $em = $this->getDoctrine()->getManager();
        $user = $em->getRepository('ManaClientBundle:User')->find($id);
        $form = $this->createForm(new UserType(), $user);
        return array(
            'form' => $form->createView(),
            'user' => $user,
            'title' => 'Edit user',
            );
   }

更新操作:

   public function updateAction(Request $request, $id) {
        $em = $this->getDoctrine()->getManager();
        $user = $em->getRepository('ManaClientBundle:User')->find($id);
        $originalPassword = $user->getPassword();
        $form = $this->createForm(new UserType(), $user);
        $form->bind($request);
        if ($form->isValid()) {
            $plainPassword = $form->get('password')->getData();
            if (!empty($plainPassword))  {  
                //encode the password   
                $encoder = $this->container->get('security.encoder_factory')->getEncoder($entity); //get encoder for hashing pwd later
                $tempPassword = $encoder->encodePassword($entity->getPassword(), $entity->getSalt()); 
                $user->setPassword($tempPassword);                
            }
            else {
                $user->setPassword($originalPassword);
            }
            $em->persist($user);
            $em->flush();
            return $this->redirect($this->generateUrl('user_main', array()));
        }        

用户表单:

public function buildForm(FormBuilderInterface $builder, array $options) {
    $builder
            ->add('enabled', 'choice', array(
                'choices' => array('Yes' => 'Yes', 'No' => 'No'),
                'expanded' => true,
                'multiple' => false,
                'label' => 'Enabled: ',
            ))
            ->add('fname')
            ->add('sname')
            ->add('email')
            ->add('username')
            ->add('password', 'repeated', array(
                'type' => 'password',
                'invalid_message' => 'Password fields do not match',
                'first_options' => array('label' => 'Password'),
                'second_options' => array('label' => 'Repeat Password'),
            ))
            ->add('role', 'choice', array(
                'choices' => array('ROLE_USER' => 'User', 'ROLE_ADMIN' => 'Admin'),
                'expanded' => true,
                'multiple' => false,
                'label' => 'Group: ',
            ))
    ;
}

4 个答案:

答案 0 :(得分:8)

直到我看到更优雅的解决方案,这就是我想出的:

  1. 使用除密码字段
  2. 之外的所有字段创建UserEditType表单类
  3. 将UserEditType分配给默认
  4. 以外的验证组
  5. 在2中为验证组配置密码长度约束。
  6. 修改编辑和更新操作以使用UserEditType
  7. 现在可以在没有密码的情况下编辑用户了!

    UserEditType:

    class UserEditType extends AbstractType {
        public function buildForm(FormBuilderInterface $builder, array $options) {
            $builder
                    ->add('enabled', 'choice', array(
                        'choices' => array('Yes' => 'Yes', 'No' => 'No'),
                        'expanded' => true,
                        'multiple' => false,
                        'label' => 'Enabled: ',
                    ))
                    ->add('fname')
                    ->add('sname')
                    ->add('email')
                    ->add('username')
                    ->add('role', 'choice', array(
                        'choices' => array('ROLE_USER' => 'User', 'ROLE_ADMIN' => 'Admin'),
                        'expanded' => true,
                        'multiple' => false,
                        'label' => 'Group: ',
                    ))
            ;
        }
    
        public function setDefaultOptions(OptionsResolverInterface $resolver) {
            $resolver->setDefaults(array(
                'data_class' => 'Mana\ClientBundle\Entity\User',
                'validation_groups' => array('edit'),
            ));
        }
    

    用户实体中的密码:

     * @ORM\Column(name="userpass", type="string", length=100, nullable=false)
     * @Assert\NotBlank(message="Password may not be empty")
     * @Assert\Length(
     *      min = "5",
     *      max = "12",
     *      minMessage = "Password must be at least 5 characters long",
     *      maxMessage = "Password cannot be longer than than 12 characters",
     *      groups = {"Default"}
     * )
    

    更新操作:

    public function updateAction(Request $request, $id) {
        $em = $this->getDoctrine()->getManager();
        $user = $em->getRepository('ManaClientBundle:User')->find($id);
    
        $form = $this->createForm(new UserEditType(), $user);
        $form->bind($request);
        if ($form->isValid()) {
            $em->persist($user);
            $em->flush();
            return $this->redirect($this->generateUrl('user_main', array()));
        }
        return array(
            'form' => $form->createView(),
            'user' => $user,
            'title' => 'Edit user',
        );
    }
    

答案 1 :(得分:6)

我的项目中遇到了同样的问题。

我通过从表单中删除密码字段来解决它,仅用于我的编辑操作。

因此,在我的UserController中,我更改了editAction

//find the line where the form is created
$editForm = $this->createForm(new UserType($this->container), $entity)
        ->remove('password'); //add this to remove the password field

答案 2 :(得分:0)

如果要使用remove()功能,则也可以在表单设置中应用。至少在Symfony 3.3中。这样,您就可以避免上面@pusle所述的密码确认:

        $form = $this->formFactory->createForm()->remove("current_password");
        $form->setData($user)->remove("current_password");

这里是FOSUserBundle的ProfileController中的整个方法。它对我有用:


public function editDiffAction($id, Request $request)
    {
        $userManager = $this->get('fos_user.user_manager');
        $user = $userManager->findUserBy(['id' => $id]);

        $event = new GetResponseUserEvent($user, $request);

        if (null !== $event->getResponse()) {
            return $event->getResponse();
        }

        $form = $this->formFactory->createForm()->remove("current_password");
        $form->setData($user)->remove("current_password");

        $form->handleRequest($request);

        if ($form->isValid()) {
            $event = new FormEvent($form, $request);

            $userManager = $this->get('fos_user.user_manager');
            $userManager->updateUser($user);

            $url = $this->generateUrl('fos_user_profile_show_diff', array('id' => $user->getId() ));
            $response = new RedirectResponse($url);

            return $response;
        }

        return $this->render('@FOSUser/Profile/edit_diff.html.twig', array(
            'form' => $form->createView(),
            'user_id' => $user->getId(),
        ));
    }

答案 3 :(得分:-1)

只需添加'禁用'=> “禁用”并且不会考虑此字段。