Question

我正在使用symfony2为移动应用构建api。我已经设置了FOSAuthServerBundle＆amp;正确配置它。

http://blog.tankist.de/blog/2013/07/18/oauth2-explained-part-3-using-oauth2-with-your-bare-hands/

我还可以使用客户端凭证生成一个tokan。我还可以将用户重定向到Outh登录页面。我被认证和＆amp;授权部分。作为当前网站作为自己的实体成员作为网站用户。有人可以发布一些身份验证的例子吗？授权流程与FOSAuth合作。我是symfony的新手。

任何帮助将不胜感激。

Answer 1

我刚为post api做了自定义登录操作。我没有使用任何第三方套装进行后api授权。但是，我在我的项目中使用了以下第三方软件包来提供rest api，我只是在这里分享了我的自定义登录操作，它可能对你有帮助。我使用过的捆绑包： JMSSerializerBundle， FOSRestBundle， NelmioApiDocBundle， NelmioCorsBundle， FOSUserBundle

 <?php
    namespace Yoursite\ApiBundle\Controller;

    use FOS\RestBundle\View\View;
    use Nelmio\ApiDocBundle\Annotation\ApiDoc;
    use FOS\UserBundle\FOSUserEvents;
    use Symfony\Component\HttpFoundation\Request;

    class UserApiController extends Controller
    {

    /**
     * Response header status code
     *
     * @var int
     */
    private $statusCode = 200;

    /**
     * This action is used for user signin through api
     *
     * @ApiDoc(
     *  resource=true,
     *  description="User Post action for signin"
     * )
     *
     * @param $request
     * @return View view instance
     */
    public function postAuthSigninAction(Request $request) {
        $responseArr= array();
        $view = new View();
        $this->statusCode = 200;
        $userData = json_decode($request->getContent(), true);

        $email = $userData['email'];
        $password = $userData['password'];

        $um = $this->get('fos_user.user_manager');
        $user = $um->findUserByUsernameOrEmail($email);

        if (!$user instanceof \YourSite\UserBundle\Entity\User) {
            $responseArr['meta']['error'] = "The email address or password is incorrect.";
            $this->statusCode = 401;
            return $view->create($responseArr, $this->statusCode);
        }

        $encoder_service = $this->get('security.encoder_factory');
        $encoder = $encoder_service->getEncoder($user);
        $encoded_pass = $encoder->encodePassword($password, $user->getSalt());

        if ($encoded_pass != $user->getPassword()) {
            $responseArr['meta']['error'] = "The email address or password is incorrect.";
            $this->statusCode = 401;
            return $view->create($responseArr, $this->statusCode);
        }

        $user->setToken(md5($password.time()));
        $this->getDoctrine()->getManager()->persist($user);
        $this->getDoctrine()->getManager()->flush();
        $responseArr['data'] = $user;
        return $view->create($responseArr, $this->statusCode);
    }
    }
    ?>

登录＆amp; FOSAuthServerBundle的授权过程

1 个答案: