How to implement a before filter that asks to confirm a user password to access some routes?
I'd see this when using Laravel (password.confirm middleware) but I could find similar for Symfony.
Thank you.
I can't comment so #alessandro_podo.. I'd try eventlistener but I don't know how to redirecto to login page and back to the current route. #KMAHY that's not what I need.. I don't wanna check isGranted I want to ask for user to enter username/password even if he is logged in.
Related
I want my website to be seen by anonymous users. and i don't want it to have a login /register user part.
i just need one user as administrator and its username and password is chosen manually.
what is the best practice to implement this login part (website has only one user for ever).
my question is how to implement this one user login part, where store username and password and does it need a table in database?
For me - if you're having such a simple system, then merely storing the username / pwd in the web.config is fine.
I'd create a helper class to wrap up talking to the config file (ConfigurationManager.AppSettings on MSDN) and use and evaluate a simple "logon" action.
No table needed.
Finally - make sure you add the AuthoriseAttribute to your controller that will be doing the admin actions...
HTH
Simplest way - just delete the controller and the view responsible for registering new users, change the routing to the login page and you're set.
I have a special use case I can not solve. When the user click on Facebook Connect and find an similar email in my DB. I want to ask the user if the account belongs to him.
If the answer is yes, he needs to connect with his account and then add the Facebook ID in the DB.
If the answer is no, I create a new user in the DB and log in.
I don't find the best way to do this. Can someone help me ?
In controller you can check whether email exists in DB or not using fos user bundle user manager
$user = $this->get('fos_user.user_manager')->findUserByEmail($email);
After user confirms, you can use implemented facebook provider to do necessary action.
between,
I have a question for you,
"If the answer is no, I create a new user in the DB and log in."
how do you create a new user with same email (assuming email is unique)?
I am using HWIOAuthBundle with FOSUserBundle with success.
When I go to the /login page it redirects me to the Google Accounts, authorizes and returns back to the register form with filled data (except password fields).
Is it possible to auto register user with ommiting register form ?
In this case we do not need password because of authentication with Google Account.
How should I achieve this scenario ?
A question is a bit old, but better later than never.
You just need to create a custom provider - if you want to integrate the bundle with FOSUserBundle you need to override the FOSUBUserProvider class.
In HWIOAuthBundle/Security/Core/User directory you may find all providers that are available in the OAuthBundle out of the box.
To create new user while connecting you just need to override loadUserByOAuthUserResponse() method of the FOSUBUserProvider (or EntityUserProvider, etc.) provider class. As you may see, default method throws an exception if the user is not found in database, you just need it to call userManager and create new entry.
This is exactly the same situation as with FOSFacebookBundle intergration (if you did so).
Hopes this answer helps you (especially it may sound a bit chaotic).
Edit:
I've posted a blog post explaining the integration process.
Try this gist
or this tutorial
There's a good walk-through on how to integrate HWIOAuthBundle and FOSUserBundle to achieve the automatic user registration and update here, which might be worth a read:
https://gist.github.com/danvbe/4476697
Yes of course.
You should handle a response from google and authorize user manualy something like:
// authorize
$token = new OAuthToken(null, $user->getRoles());
$token->setUser($user);
$token->setAuthenticated(true);
// update session
$session = $this->getContainer()->get('session');
$session->set('_security_secured_area', serialize($token));
$session->save();
after user was authorized redirect to the call page by user
I'm looking for a basic explanation of how could I do this with symfony2, since there is no decent documentation in the web about this. I know how could I do the process with plain php, but I don't know where to start with symfony2.
Any help would be really appreciated, guys.
Thanks!
To clarify what I'm looking for: once the user completes the registration process, send an automatic email with a link to activate his account
FOSUserBundle has this feature by default.
You can do it on your own:
Create a user specific secure hash and store it in the database at registration.
Send an email to user containing a link with that hash: myapp.com/signup/token/..(token here).../
Create the relevant route to the controller that will check the hash, pass the token in the url to the controller as variable.
Check if the hash is correct in the controller and do the relevant action.
I have site with login form on homepage. Login form have remember_me feature. I can't figure out how to convert IS_AUTHENTICATED_REMEMBERED to IS_AUTHENTICATED_FULLY.
I suppose I should use Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices and method loginSuccess() or autoLogin() but I don't know how…
Why do you need to convert the user's role to IS_AUTHENTICATED_FULLY?
The documentation page How to add "Remember Me" Login Functionality should provide you with all of the information you need to get this working.