我需要通过外部和粘性会话验证用户,但目前,我想验证任何用户。
我正在查看自定义身份验证器文档:https://symfony.com/doc/current/security/custom_authenticator.html
我创建了一个没有原则的用户和UserProvider:
\App\Security\User
\App\Security\UserProvider
然后创建自定义身份验证器:\App\Security\ApiAuthentificator.php
并始终返回有效的自验证护照:
<?php
// src/Security/ApiAuthenticator.php
namespace App\Security;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
use Symfony\Component\HttpFoundation\RedirectResponse;
use App\Security\UserProvider;
class ApiAuthenticator extends AbstractAuthenticator
{
private $userProvider;
public function __construct(UserProvider $userProvider)
{
$this->userProvider = $userProvider;
}
/**
* Called on every request to decide if this authenticator should be
* used for the request. Returning `false` will cause this authenticator
* to be skipped.
*/
public function supports(Request $request): ?bool
{
return 'login' === $request->attributes->get('_route')
&& $request->isMethod('POST');
}
public function authenticate(Request $request): PassportInterface
{
/*
$apiToken = $request->headers->get('X-AUTH-TOKEN');
if (null === $apiToken) {
// The token header was empty, authentication fails with HTTP Status
// Code 401 "Unauthorized"
throw new CustomUserMessageAuthenticationException('No API token provided');
}
return new SelfValidatingPassport(new UserBadge($apiToken));
*/
//
// TODO: call to API
//
$credentials = [
'username' => $request->request->get('_username'),
'password' => $request->request->get('_password')
];
return new SelfValidatingPassport(new UserBadge($credentials['username']));
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
{
// on success, let the request continue
return null;
// return new RedirectResponse($this->urlGenerator->generate('admin'));
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
{
$data = [
// you may want to customize or obfuscate the message first
'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
// or to translate this message
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
];
// return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
return new Response('<html><body>' . $data['message'] . '</body></html>');
}
}
但是,当我登录时,登录进程响应无效凭据,但它不是ApiAuthenticator上的onAuthenticationFailure函数。
在UserProvider中,始终在loadUserByIdentifier中返回一个User,并且由于防火墙为stateless: true
,因此不会调用refreshUser:
<?php
// src/Security/UserProvider
namespace App\Security;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UserNotFoundException;
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use App\Security\User;
use App\Utils\HelpCurl;
class UserProvider implements UserProviderInterface, PasswordUpgraderInterface
{
/**
* Symfony calls this method if you use features like switch_user
* or remember_me.
*
* If you're not using these features, you do not need to implement
* this method.
*
* @throws UserNotFoundException if the user is not found
*/
public function loadUserByIdentifier($identifier): UserInterface
{
// Load a User object from your data source or throw UserNotFoundException.
// The $identifier argument may not actually be a username:
// it is whatever value is being returned by the getUserIdentifier()
// method in your User class.
$user = new User();
$user->setUsername($identifier);
return $user;
/*
throw new \Exception('TODO: fill in loadUserByIdentifier() inside '.__FILE__);
*/
}
/**
* @deprecated since Symfony 5.3, loadUserByIdentifier() is used instead
*/
public function loadUserByUsername($username): UserInterface
{
return $this->loadUserByIdentifier($username);
}
/**
* Refreshes the user after being reloaded from the session.
*
* When a user is logged in, at the beginning of each request, the
* User object is loaded from the session and then this method is
* called. Your job is to make sure the user's data is still fresh by,
* for example, re-querying for fresh User data.
*
* If your firewall is "stateless: true" (for a pure API), this
* method is not called.
*
* @return UserInterface
*/
public function refreshUser(UserInterface $user)
{
if (!$user instanceof User) {
throw new UnsupportedUserException(sprintf('Invalid user class "%s".', get_class($user)));
}
throw new \Exception('TODO: fill in refreshUser() inside '.__FILE__);
/*
// Return a User object after making sure its data is "fresh".
// Or throw a UsernameNotFoundException if the user no longer exists.
throw new \Exception('TODO: fill in refreshUser() inside '.__FILE__);
*/
}
/**
* Tells Symfony to use this provider for this User class.
*/
public function supportsClass($class)
{
return User::class === $class || is_subclass_of($class, User::class);
}
/**
* Upgrades the hashed password of a user, typically for using a better hash algorithm.
*/
public function upgradePassword(UserInterface $user, string $newHashedPassword): void
{
// TODO: when hashed passwords are in use, this method should:
// 1. persist the new password in the user storage
// 2. update the $user object with $user->setPassword($newHashedPassword);
}
}
- 有什么想法吗,还缺什么**
我粘贴安全性和用户:
一个三个三个一个
1条答案
按热度按时间qpgpyjmq1#
我解决了。
ApiAuthenticator
所说的身份验证。尽管也输入了ApiAuthenticator
。在
security.yaml
中禁用form_login
,用户将通过ApiAuthenticator
正确进行身份验证。stateless
或stateless: false
。现在我有了一个使用粘滞会话进行身份验证的用户,我只需要使用api进行验证。
谢谢!