I am using HWIOAuthBundle with FOSUserBundle with success.
When I go to the /login page it redirects me to the Google Accounts, authorizes and returns back to the register form with filled data (except password fields).
Is it possible to auto register user with ommiting register form ?
In this case we do not need password because of authentication with Google Account.
How should I achieve this scenario ?
A question is a bit old, but better later than never.
You just need to create a custom provider - if you want to integrate the bundle with FOSUserBundle you need to override the FOSUBUserProvider class.
In HWIOAuthBundle/Security/Core/User directory you may find all providers that are available in the OAuthBundle out of the box.
To create new user while connecting you just need to override loadUserByOAuthUserResponse() method of the FOSUBUserProvider (or EntityUserProvider, etc.) provider class. As you may see, default method throws an exception if the user is not found in database, you just need it to call userManager and create new entry.
This is exactly the same situation as with FOSFacebookBundle intergration (if you did so).
Hopes this answer helps you (especially it may sound a bit chaotic).
Edit:
I've posted a blog post explaining the integration process.
Try this gist
or this tutorial
There's a good walk-through on how to integrate HWIOAuthBundle and FOSUserBundle to achieve the automatic user registration and update here, which might be worth a read:
https://gist.github.com/danvbe/4476697
Yes of course.
You should handle a response from google and authorize user manualy something like:
// authorize
$token = new OAuthToken(null, $user->getRoles());
$token->setUser($user);
$token->setAuthenticated(true);
// update session
$session = $this->getContainer()->get('session');
$session->set('_security_secured_area', serialize($token));
$session->save();
after user was authorized redirect to the call page by user
Related
How to implement a before filter that asks to confirm a user password to access some routes?
I'd see this when using Laravel (password.confirm middleware) but I could find similar for Symfony.
Thank you.
I can't comment so #alessandro_podo.. I'd try eventlistener but I don't know how to redirecto to login page and back to the current route. #KMAHY that's not what I need.. I don't wanna check isGranted I want to ask for user to enter username/password even if he is logged in.
What happens is that in my application, only the administrator user can add new users, but when I create a new one, the current session becomes automatically or log in with the new user. I thank who can explain how to avoid that, thank you.
Your question is not clear - please add some details (or code).
You added tag FOSUserBundle but not said how you use it...
If I understand correctly - check this:
If you create new User use UserManager here is explained
Second - When User is created (by RegistrationController), this bundle fire many events - check it
Im sure You used normal registration method instead of UserManager createUser method or some other magic.
Remember that If you need prevent autologin for implemented registration action, you can extend this bundle and override Controller
Important: Even If it helped ADD more exmplanation to your question (it can help other users)
I have a question about how can I force a re-login for all users when I execute a process that reloads all user roles.
Is possible do that? I'm using FOSUserBundle as user provider.
Thank you!
I never used FosUserBundle but one simple way to do this is in your User Class implementing the EquatableInterface and inserting in the isEqualTo method something like:
# this comparison is ONLY indicative
if ($this->roles !== $user->getRoles()) {
return false;
}
PS: At any request Symfony checks that assigned roles are not changed (but you can add also other fields to check like Email, Username, etc...), otherwise the user is automatically disconnected (but without printing a friendly message to the user)
EDIT: I already set up login form with symfony and the authorisation works just fine. But would like to go a bit deeper into how it is manage by the security bundle of symfony.
I want to study/understand the way symfony security handles authentification. If I understand well so far the URL "/login_path" as specified in security.yml at the line check_path trigger authentification in Symfony:
Then come controller/listener/service get username and password throught the variable POST["_username"] and POST["_password"] from the login_form.
I wanted to have a look how this is handled in Symfony. Which files should I have a look at in the Security folder in Symfony?
Anyone to just explain me the mecanism about how it works?
Does some listener catch the URL then transmit it to some controller in Symfony.
(I just want to have a look to understand it)
thanks in advance.
There is no Single file you can Look at. Security in Symfony is splitted into multiple aspects like authentication, authorization, user providers,..
Read the manual, it's explained there very well. But yes, it's really complex.
http://symfony.com/doc/current/book/security.html
The basic process looks like this:
- firewall rules decide if access is allowed and auth is required
- a token is generated by one of the configured listeners
- authentication provider validates the token
- user is loaded from configured user provider
Our site has got two ASP.NET membership providers. The built in one, and a custom one (SqlMembershipProvider.
I am able to log into both no problems, but I don't necessary require the ability to have both logged in at the same time.
The issue I have is as follows:
User "person_a#site.com" logs into the built in provider. They then navigate to the section of the site where we require the custom provider.
On this page, I can check if they are authenticated, and get their username. I can then get a MembershipUser object form the custom providers GetUser method. (HttpContext.Current.User.Identity.Name)
It is possible (and very likely) that the username "person_a#site.com" could also exist in the users for the custom provider.
But, I don't want them to be logged in here, as they haven't authenticated against the custom provider.
So, is it possible to check which proivider HttpContext.Current.User was generated from.
Hope this all makes sense!!
Yes, if you notice on the RolePrincipal there is a property called ProviderName.
Typically when people roll their own providers they omit usage of this field.
In your case, simply modify your custom provider to identify itself, if it does not already, and check that property of the user.