¿How Preventing FOSUserBundle , realize automatic logon , when the FOSUserBundle register user? - symfony

What happens is that in my application, only the administrator user can add new users, but when I create a new one, the current session becomes automatically or log in with the new user. I thank who can explain how to avoid that, thank you.

Your question is not clear - please add some details (or code).
You added tag FOSUserBundle but not said how you use it...
If I understand correctly - check this:
If you create new User use UserManager here is explained
Second - When User is created (by RegistrationController), this bundle fire many events - check it
Im sure You used normal registration method instead of UserManager createUser method or some other magic.
Remember that If you need prevent autologin for implemented registration action, you can extend this bundle and override Controller
Important: Even If it helped ADD more exmplanation to your question (it can help other users)

Related

Error or bug with Symfony User updating roles

This time I got a curious bug in my project managing the roles from a user.
I got installed the EasyAdmin bundle where I can manage the roles from the users. So I log with a user that have access to the EasyAdmin (ROLE_ADMIN in this case). Beside of this role I have also a few roles more, one of them, called ROLE_SUPERSUSER, where a user can edit 2 fields that the rest of users don't have the permission to edit them.
So throw the EasyAdmin, I remove the ROLE_SUPERSUSER from myself and here comes the gest of the matter. If I try to access to the edit zone from the profile if you have this ROLE_SUPERSUSER you will be able to edit this field, but because I removed it this role from myself, I expect to don't watch this fields over there. Instead of this, an error appears in the screen.
If I just logout and log in again the problem it's solved. But obviously I can't force the users to logout and login when I change their roles.
I guess the problem comes throw the cache but I don't find a solution.
Symfony roles are added on authentication by default, so you would have to re-login for this change to take effect.
You can change this in security.yml.
security:
always_authenticate_before_granting: true
I could find a solution thanks to KNPUniversity.
The solution pass throw the creation of a listener who updates the user before each controller.
I got the ideas from these links:
https://github.com/symfony/symfony/pull/24331
With special attention to this link:
https://github.com/symfony/symfony/issues/12025#issuecomment-219723819

Magnolia CMS - Public user registration Notification

I am using Admin-supervised registration (Never) strategy as Public user registration. With this approach, Admin needs to enable the user, but admin is not getting an email. Is this the expected behaviour or admin should get an email to notify new user has been registered. If that is not out of the box feature, How can I enable admin to get an email when the user is registered ?
Also, I would like to know can I mix and match Registration after mail notification and Admin to enable. Then we can make sure provided email is correct as well and Admin to control to access.
Thanks.
For getting the notification, you can simply add custom strategy that would wrap the ootb provided one and send email on top ... or you can add observer on the users workspace and configure it to call MailCommand upon new disabled user being created in the repo. Whichever of the two suits you better.
As for combining two of the existing strategies, the simplest way to achieve that is by writing your own that will indeed do combination of the two provided out of the box. Since each of the functionalities you desire is there, it should be rather simple to combine them in one class.
HTH,
Jan

what is the best practice for implementing only one user (Admin) in mvc 4 web application

I want my website to be seen by anonymous users. and i don't want it to have a login /register user part.
i just need one user as administrator and its username and password is chosen manually.
what is the best practice to implement this login part (website has only one user for ever).
my question is how to implement this one user login part, where store username and password and does it need a table in database?
For me - if you're having such a simple system, then merely storing the username / pwd in the web.config is fine.
I'd create a helper class to wrap up talking to the config file (ConfigurationManager.AppSettings on MSDN) and use and evaluate a simple "logon" action.
No table needed.
Finally - make sure you add the AuthoriseAttribute to your controller that will be doing the admin actions...
HTH
Simplest way - just delete the controller and the view responsible for registering new users, change the routing to the login page and you're set.

Support of two authentication modes

Currently I have a site with usual authentication mode: login/password. The new authentication mode must be added (some number which will be verified by another system, an answer will be returned and a user will be logged in or not). So I have to store this number in my DB in addition to login/password data.
User can upgrade his/her account to use the new authentication mode, but after this the old one will not be available anymore. Only the new one will be used for the registration of new accounts.
Could you please suggest the best way to handle this situation? The simplest way in my opinion it's just save this new code in some additional property and check if this property empty or not (or add some enumeration LoginType with corresponding values).
UPDATE:
I'm wondering whether can i just use the provided above way to solve the problem or it will be a bad workaround? Also (as the second approach) I thinking about removing the current record (user account) and adding a new one with the new login name on account upgrade (when user changes the way to log in). Now I use DefaultMembershipProvider.
Thank you in advance for your answers.
Question related to ASP.NET (Web forms), not ASP.NET MVC.
Maxim

Auto register user with HWIOAuthBundle

I am using HWIOAuthBundle with FOSUserBundle with success.
When I go to the /login page it redirects me to the Google Accounts, authorizes and returns back to the register form with filled data (except password fields).
Is it possible to auto register user with ommiting register form ?
In this case we do not need password because of authentication with Google Account.
How should I achieve this scenario ?
A question is a bit old, but better later than never.
You just need to create a custom provider - if you want to integrate the bundle with FOSUserBundle you need to override the FOSUBUserProvider class.
In HWIOAuthBundle/Security/Core/User directory you may find all providers that are available in the OAuthBundle out of the box.
To create new user while connecting you just need to override loadUserByOAuthUserResponse() method of the FOSUBUserProvider (or EntityUserProvider, etc.) provider class. As you may see, default method throws an exception if the user is not found in database, you just need it to call userManager and create new entry.
This is exactly the same situation as with FOSFacebookBundle intergration (if you did so).
Hopes this answer helps you (especially it may sound a bit chaotic).
Edit:
I've posted a blog post explaining the integration process.
Try this gist
or this tutorial
There's a good walk-through on how to integrate HWIOAuthBundle and FOSUserBundle to achieve the automatic user registration and update here, which might be worth a read:
https://gist.github.com/danvbe/4476697
Yes of course.
You should handle a response from google and authorize user manualy something like:
// authorize
$token = new OAuthToken(null, $user->getRoles());
$token->setUser($user);
$token->setAuthenticated(true);
// update session
$session = $this->getContainer()->get('session');
$session->set('_security_secured_area', serialize($token));
$session->save();
after user was authorized redirect to the call page by user

Resources