I'm looking for a basic explanation of how could I do this with symfony2, since there is no decent documentation in the web about this. I know how could I do the process with plain php, but I don't know where to start with symfony2.
Any help would be really appreciated, guys.
Thanks!
To clarify what I'm looking for: once the user completes the registration process, send an automatic email with a link to activate his account
FOSUserBundle has this feature by default.
You can do it on your own:
Create a user specific secure hash and store it in the database at registration.
Send an email to user containing a link with that hash: myapp.com/signup/token/..(token here).../
Create the relevant route to the controller that will check the hash, pass the token in the url to the controller as variable.
Check if the hash is correct in the controller and do the relevant action.
Related
How to implement a before filter that asks to confirm a user password to access some routes?
I'd see this when using Laravel (password.confirm middleware) but I could find similar for Symfony.
Thank you.
I can't comment so #alessandro_podo.. I'd try eventlistener but I don't know how to redirecto to login page and back to the current route. #KMAHY that's not what I need.. I don't wanna check isGranted I want to ask for user to enter username/password even if he is logged in.
I am developing an application that posts comments into Merge Requests on Gitlab. It works by authenticating with a given user, and then after some setup will register a webhook on the relevant project to be informed when a Merge Request update happens. When a new Merge Request is detected I want to post a comment on the Merge Request asking for some specific detail to be sent over.
However, when we post the comment on the Merge Request we can only ever seem to do it as the user that we have the OAuth token for (which of course makes sense). My question is what should we do/could we have done in order to post the note as a 'bot user' without having to register a full user into the repository? Or is this just impossible?
You can create a reporter user and use its access token. The problem my arise when the user doesn't have enough access control.
You can create a project scoped token, a bot user will automatically be created for such a token
Ref: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
I search for a solution to authtificate using the access token,
The customer sends a link via email https://www.mywebsite.com/?token=ijn8pC5q2bwftM7dMcjkhkdhgkfdjgfdgg type). when the customer click on the link, the applciation should get automatically the token and then redirect the user his personal page,
Any idea please
You can implement this using an custom authentication guard. This well described in the documentation of symfony. In the example they use an http header field, but you can easily use a query parameter to do the same thing.
As Daniel commented, be aware of token invalidation to ensure a secure application.
I will not post any of my code, because this is more just a question to know if it's possible.
I've been googling a lot, but didn't find any concrete solutions. I hope someone can help me here.
The facts:
I have a login form
I need to authenticate the credentials over a web-service
I need to send both username and password, to get back a token if logged in successfully.
The problems:
With a custom provider I'm always stuck with the fact that they only have direct access to the userename, like: loadUserByUsername. I need to access the password there as well, to be able to send this to my web-service.
I have only 1 web-service which sends only back a token if provided username and password are correct.
Question:
How can I access and send both username and password to my web-service?
Thanks!
Generally speaking one would authenticate using an API token to a web service.
That API token is usually issued via an auto-generation script when the user account is created (either by an admin or by a registration form). This token is then passed by the API call to the web-service in a header which then uses it to authenticate the user.
As far as Symfony goes, by far the easiest way of doing this is with Guard. A new component built by Ryan Weaver from KNP.
KNPUniversity has a great tutorial on it (for free).
Note that this is only one option of many, and the 'best' way is probably mainly opinion based and directly related to the use case in question. But it might help you get on the right track.
If the token you want to create should be a JSON Web Token (JWT), a very conventient bundle is LexikJWTAuthenticationBundle, which does almost all of the work automatically. If you just follow the documentation, you will have it quickly up and running. You can combine it with FOSUserBundle, with a custom User entity or whatever.
I'm new using Webflow and I don't know how to do that: I want to implement a recovery password flow, I'm taking the user's email, generate a random ticket and store it with hibernate. The problem is that I don't know how send an email to the user with a link to another flow which should check if the ticket is valid and then let the user change his password. Before using webflow I was sending the next URL: (http://localhost:8080/changePassword?ticket=15teumv5huebt...) changePassword is a view in my project but I know this URL will be overriden. Can anyone give me some suggestion? Thanks in advance.
well, if your flow's id is "changePassword", you should be able to send a link with "http://localhost:8080/changePassword?ticket=15teumv5huebt..."
you might want to automatically replace localhost by the server ip and do the same for the port number
also you might have to use your application's name "http://localhost:8080/appName/changePassword?ticket=15teumv5huebt..."