ソースを参照

User : connexion

develop
Guillaume 3年前
コミット
13751bcf89
2個のファイルの変更83行の追加114行の削除
  1. +42
    -78
      Authenticator/LoginFormAuthenticator.php
  2. +41
    -36
      Controller/Security/SecurityAdminController.php

+ 42
- 78
Authenticator/LoginFormAuthenticator.php ファイルの表示

@@ -2,107 +2,71 @@

namespace Lc\SovBundle\Authenticator;

use Lc\SovBundle\Model\User\UserInterface;
use Lc\SovBundle\Doctrine\EntityManager;
use Lc\SovBundle\Repository\User\UserStore;
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\User\UserInterface as SfUserInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
use Symfony\Component\Security\Http\Util\TargetPathTrait;

class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface
class LoginFormAuthenticator extends AbstractLoginFormAuthenticator
{
use TargetPathTrait;

public const LOGIN_ROUTE = 'sov_login';

private $entityManager;
private $urlGenerator;
private $csrfTokenManager;
private $passwordEncoder;
protected $parameterBag;
protected UrlGeneratorInterface $urlGenerator;
protected UserStore $userStore;
protected FormFactoryInterface $formFactory;
protected ParameterBagInterface $parameterBag;

public function __construct(
EntityManager $entityManager,
UrlGeneratorInterface $urlGenerator,
CsrfTokenManagerInterface $csrfTokenManager,
UserPasswordEncoderInterface $passwordEncoder,
ParameterBagInterface $parameterBag
)
{
$this->entityManager = $entityManager;
UrlGeneratorInterface $urlGenerator,
UserStore $userStore,
FormFactoryInterface $formFactory,
ParameterBagInterface $parameterBag
) {
$this->urlGenerator = $urlGenerator;
$this->csrfTokenManager = $csrfTokenManager;
$this->passwordEncoder = $passwordEncoder;
$this->userStore = $userStore;
$this->formFactory = $formFactory;
$this->parameterBag = $parameterBag;
}

public function supports(Request $request)
public function supports(Request $request): bool
{
return self::LOGIN_ROUTE === $request->attributes->get('_route')
&& $request->isMethod('POST');
return $request->isMethod('POST') && $this->getLoginUrl($request) === $request->getPathInfo();
}

public function getCredentials(Request $request)
public function authenticate(Request $request): PassportInterface
{
$credentials = [
'email' => $request->request->get('email'),
'password' => $request->request->get('password'),
'csrf_token' => $request->request->get('_csrf_token'),
];
$request->getSession()->set(
Security::LAST_USERNAME,
$credentials['email']
$email = $request->request->get('email');
$password = $request->request->get('password');
$csrfToken = $request->request->get('_csrf_token');

return new Passport(
new UserBadge($email, function ($userIdentifier) {
return $this->userStore->getOneByEmail($userIdentifier);
}),
new PasswordCredentials($password),
[new CsrfTokenBadge('authenticate', $csrfToken)]
);

return $credentials;
}

public function getUser($credentials, UserProviderInterface $userProvider)
{
$token = new CsrfToken('authenticate', $credentials['csrf_token']);
if (!$this->csrfTokenManager->isTokenValid($token)) {
throw new InvalidCsrfTokenException();
}

$user = $this->entityManager->getRepository(UserInterface::class)->findOneBy(
['email' => $credentials['email']]
);

if (!$user) {
// fail authentication with a custom error
throw new CustomUserMessageAuthenticationException('Email could not be found.');
}

return $user;
}

public function checkCredentials($credentials, SfUserInterface $user)
{
return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
}

/**
* Used to upgrade (rehash) the user's password automatically over time.
*/
public function getPassword($credentials): ?string
{
return $credentials['password'];
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
{
public function onAuthenticationSuccess(
Request $request,
TokenInterface $token,
string $providerKey
): RedirectResponse {
$routeName = 'home';
$email = $request->request->get('email');
$loginRedirection = $this->parameterBag->get('lc_sov.login_redirection');
@@ -112,7 +76,7 @@ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements P
if (isset($useReferer) && $useReferer == true) {
$url = $request->request->get('_target_path');
} else {
$user = $this->entityManager->getRepository(UserInterface::class)->findOneBy(['email' => $email]);
$user = $this->userStore->getOneByEmail($email);

if (!empty($user)) {
$roles = $user->getRoles();
@@ -132,8 +96,8 @@ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements P
}
}

protected function getLoginUrl()
protected function getLoginUrl(Request $request): string
{
return $this->urlGenerator->generate(self::LOGIN_ROUTE);
}
}
}

+ 41
- 36
Controller/Security/SecurityAdminController.php ファイルの表示

@@ -3,6 +3,7 @@
namespace Lc\SovBundle\Controller\Security;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
@@ -10,59 +11,61 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
class SecurityAdminController extends AbstractController
{
/**
* @Route("/user/login", name="sov_login")
* @Route("/login", name="sov_login")
*/
public function login(AuthenticationUtils $authenticationUtils): Response
public function login(AuthenticationUtils $authenticationUtils, Request $request): Response
{
if ($this->getUser()) {
return $this->redirectToRoute('app_admin_dashboard');
}
dump($request);

if ($this->getUser()) {
return $this->redirectToRoute('app_admin_dashboard');
}

// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();

return $this->render('@EasyAdmin/page/login.html.twig', [
// parameters usually defined in Symfony login forms
'error' => $error,
'last_username' => $lastUsername,
return $this->render('@EasyAdmin/page/login.html.twig', [
// parameters usually defined in Symfony login forms
'error' => $error,
'last_username' => $lastUsername,

// OPTIONAL parameters to customize the login form:
// OPTIONAL parameters to customize the login form:

// the translation_domain to use (define this option only if you are
// rendering the login template in a regular Symfony controller; when
// rendering it from an EasyAdmin Dashboard this is automatically set to
// the same domain as the rest of the Dashboard)
'translation_domain' => 'admin',
// the translation_domain to use (define this option only if you are
// rendering the login template in a regular Symfony controller; when
// rendering it from an EasyAdmin Dashboard this is automatically set to
// the same domain as the rest of the Dashboard)
'translation_domain' => 'admin',

// the title visible above the login form (define this option only if you are
// rendering the login template in a regular Symfony controller; when rendering
// it from an EasyAdmin Dashboard this is automatically set as the Dashboard title)
'page_title' => '<img src="assets/img/'.$this->get('parameter_bag')->get('app.admin.logo').'" >',
// the title visible above the login form (define this option only if you are
// rendering the login template in a regular Symfony controller; when rendering
// it from an EasyAdmin Dashboard this is automatically set as the Dashboard title)
'page_title' => '<img src="assets/img/' . $this->get('parameter_bag')->get('app.admin.logo') . '" >',

// the string used to generate the CSRF token. If you don't define
// this parameter, the login form won't include a CSRF token
'csrf_token_intention' => 'authenticate',
// the string used to generate the CSRF token. If you don't define
// this parameter, the login form won't include a CSRF token
'csrf_token_intention' => 'authenticate',

// the URL users are redirected to after the login (default: '/admin')
'target_path' => $this->generateUrl('app_admin_dashboard'),
// the URL users are redirected to after the login (default: '/admin')
'target_path' => $this->generateUrl('app_admin_dashboard'),

// the label displayed for the username form field (the |trans filter is applied to it)
'username_label' => 'Your username',
// the label displayed for the username form field (the |trans filter is applied to it)
'username_label' => 'Your username',

// the label displayed for the password form field (the |trans filter is applied to it)
'password_label' => 'Your password',
// the label displayed for the password form field (the |trans filter is applied to it)
'password_label' => 'Your password',

// the label displayed for the Sign In form button (the |trans filter is applied to it)
'sign_in_label' => 'Log in',
// the label displayed for the Sign In form button (the |trans filter is applied to it)
'sign_in_label' => 'Log in',

// the 'name' HTML attribute of the <input> used for the username field (default: '_username')
'username_parameter' => 'email',
// the 'name' HTML attribute of the <input> used for the username field (default: '_username')
'username_parameter' => 'email',

// the 'name' HTML attribute of the <input> used for the password field (default: '_password')
'password_parameter' => 'password',
]);
// the 'name' HTML attribute of the <input> used for the password field (default: '_password')
'password_parameter' => 'password',
]);
}

/**
@@ -70,6 +73,8 @@ class SecurityAdminController extends AbstractController
*/
public function logout()
{
throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
throw new \LogicException(
'This method can be blank - it will be intercepted by the logout key on your firewall.'
);
}
}

読み込み中…
キャンセル
保存