我使用FriendsOfSymfony UserBundle。当我将防火墙中的所有内容设置为form_login时,它会起作用,但如果我将其设置为simple_form以使用Custom Authenticator,则即使帐户被锁定或已停用,它也会让我登录。我想检查用户是否来自正确的IP,这就是我创建自定义身份验证器的原因,但似乎来自FOS的某些身份验证不会以这种方式处理。如何在保留FOS UserBundle的完整功能的同时将simple_form与自定义身份验证器一起使用?
除了标准之外,还有其他方法可以实现其他身份验证吗?也许我做错了什么?我知道我可以更正我的身份验证器的代码以检查锁定/启用等,但我想 - 因为它实际上已经在FOS中完成了 - 我为什么要这样做?
编辑:此外,我注意到当我使用simple_form时,类Symfony\Component\Security\Core\User\UserChecker的方法无法被调用。
以下是我的验证码和security.yml代码:
config.yml
services:
login_authenticator:
class: Forex\AlchemyBundle\Security\LoginAuthenticator
arguments: ["@security.encoder_factory"]
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
simple_form:
authenticator: login_authenticator
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } # To be removed
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/.*, roles: ROLE_USER }
LoginAuthenticator
<?php
namespace Forex\AlchemyBundle\Security;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\UserProviderInterface;
class LoginAuthenticator implements SimpleFormAuthenticatorInterface
{
private $encoderFactory;
public function __construct(EncoderFactoryInterface $encoderFactory)
{
$this->encoderFactory = $encoderFactory;
}
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
{
try {
$user = $userProvider->loadUserByUsername($token->getUsername());
} catch (UsernameNotFoundException $e) {
throw new AuthenticationException('Invalid username or password');
}
$encoder = $this->encoderFactory->getEncoder($user);
$passwordValid = $encoder->isPasswordValid(
$user->getPassword(),
$token->getCredentials(),
$user->getSalt()
);
if ($passwordValid) {
$request = Request::createFromGlobals();
$current_ip = $request->server->get('REMOTE_ADDR');
$user->setLoggedIP($current_ip);
if (!$user->isValidIP()) {
throw new AuthenticationException(
"You cannot login from your location.",
100
);
}
return new UsernamePasswordToken(
$user,
$user->getPassword(),
$providerKey,
$user->getRoles()
);
} else {
// TODO: Check if there weren't too many tries to login
}
throw new AuthenticationException('Invalid username or password');
}
public function supportsToken(TokenInterface $token, $providerKey)
{
return $token instanceof UsernamePasswordToken
&& $token->getProviderKey() === $providerKey;
}
public function createToken(Request $request, $username, $password, $providerKey)
{
return new UsernamePasswordToken($username, $password, $providerKey);
}
}
答案 0 :(得分:1)
我遇到了同样的问题。以下是我解决它的方法。
您必须在Authenticator中的authenticateToken()方法中调用UserChecker类的checkPreAuth()和checkPostAuth()方法。
这样做是这样的:
1)配置user_checker服务:
services:
app.user_checker:
class: AppBundle\Security\UserChecker
2)将autenticator配置为服务并注入user_checker服务:
services:
app.my_authenticator:
class: AppBundle\Security\MyAuthenticator
arguments: ["@app.user_checker", "@security.password_encoder"]
3)现在你可以在authenticateToken()上调用checkPreAuth()和checkPostAuth()
无论如何,我认为symfony方法是正确的,因为在我的情况下,你需要在simple_form中执行不同于login_form的检查。