I'm working on a API. To give User Access - for example by smartphone - I need to login users by rest.
Is there an existing module available? Actually, I'm using fosUserBundle. Maybe there is a possibility to get those two bundle work together?
The Users which will login by rest are already existing as "normal" fos users.
It would be grest if you could gomme some links, tips or hints cause I'm searching and searching and searching and for the reason that I am new in symfony it's not that easy :):)
rgrds
I use FOSUserBundle for login since a smartphone by the API.
APIBundle/Controller/UserController.php (the default route is /api)
/**
* #Post("/user/login")
* #Template(engine="serializer")
*/
public function loginAction()
{
$request = $this->get('request');
$username = $request->request->get('username');
$password = $request->request->get('password');
return $this->container->get('myproject_user.user_service')
->login($username, $password);
}
in this method, I call a personal service who manage the user's functions. (UserHandler.php)
UserBundle/Handler/UserHandler.php
class UserHandler implements UserHandlerInterface
{
private $om;
private $entityClass;
private $repository;
private $container;
private $manager;
public function __construct(ObjectManager $om, Container $container, $entityClass)
{
$this->om = $om;
$this->entityClass = $entityClass;
$this->repository = $this->om->getRepository($this->entityClass);
$this->container = $container;
$this->manager = $this->container->get('fos_user.user_manager');
}
public function login($username, $password)
{
$jsonErrorCreator = $this->container->get('myproject_api.create_error_json');
$code = 0;
// check the arguments here.
$user = $this->manager->findUserByUsername($username);
if($user === null) $user = $this->manager->findUserByEmail($username);
if($user === null)
{
$code = 224;
return ($jsonErrorCreator->createErrorJson($code, $username));
}
// check the user password
if($this->checkUserPassword($user, $password) === false)
{
$code = 225;
return ($jsonErrorCreator->createErrorJson($code, null));
}
// log the user
$this->loginUser($user);
$jsonCreator = $this->container->get('myproject_api.create_json');
$response = $jsonCreator->createJson(array('success'=>true, 'user'=>$user));
return $response;
}
protected function loginUser(User $user)
{
$security = $this->container->get('security.context');
$providerKey = $this->container->getParameter('fos_user.firewall_name');
$roles = $user->getRoles();
$token = new UsernamePasswordToken($user, null, $providerKey, $roles);
$security->setToken($token);
}
protected function checkUserPassword(User $user, $password)
{
$factory = $this->container->get('security.encoder_factory');
$encoder = $factory->getEncoder($user);
if(!$encoder)
return false;
return $encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt());
}
}
UserBundle/Handler/UserHandlerInterface.php
Interface UserHandlerInterface
{
public function login($username, $password);
}
Don't forget to declare your service !
UserBundle/Resources/config/services.yml
myproject_user.user_service:
class: %myproject_user.user_handler.class%
arguments: [ #doctrine.orm.entity_manager, #service_container, %fos_user.model.user.class%]
You can now login with your smartphone at the adresse api/user/login
I think I got the solution:
http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
This seems pretty nice to me and paired with Guras inputit should work as well.
Related
I am building a Slim Framework 4 Api Application, with Eloquent.
public/index.php
$capsule = new \Illuminate\Database\Capsule\Manager;
$capsule->addConnection($dbconfig);
$capsule->setAsGlobal();
$capsule->bootEloquent();
$app->add(new RequestUser()); // for calling middleware that adds user
Middlware
class RequestUser
{
public function __invoke(Request $request, RequestHandler $handler): Response
{
....................
$user = User::where('emailid', $email)->first();
$request = $request->withAttribute('user', $user);
$request = $request->withAttribute('token', (string) $exploded_authorization[1]);
return $handler->handle($request);
}
}
Controller
use Psr\Http\Message\ServerRequestInterface as Request;
public function create(Request $request, Response $response, $args)
{
$user = $request->getAttribute('user'); // gives me the request user information
}
Model
<?php
namespace App\Models\TableModel;
use Illuminate\Database\Eloquent\Model;
use DateTime;
use Psr\Http\Message\ServerRequestInterface as Request;
class Details extends Model
{
protected $table = 'my_table';
protected $primaryKey = 'Id';
public $timestamps = false;
protected $fillable = [];
protected $hidden = [];
protected $casts = [
];
protected $appends = ['can_edit', 'can_delete'];
public function getCanEditAttribute(){
$now = date('Y-m-d H:i:s');
return $this->Start_Date >= $now;
}
public function getCanDeleteAttribute(){
//request contains the user information from the middleware? How to access here
return
}
}
I want to access the $request in my Model so that i could get the user information, who is trying to access on CanDelete.
You got the wrong kind of middleware, it needs to be a routing middleware and binded to route or route group directly, not $app->add
We are trying to use FOSUserBundle and HWIOAuthBundle together in the way like it's described there https://gist.github.com/danvbe/4476697
The only difference is that we are using mongodb. This error is fired:
User provider "wf\UserBundle\Document\FOSUBUserProvider" must implement "Symfony\Component\Security\Core\User\UserProviderInterface"
the FOSUBUserProvider is picked from this sample (the src is below). Is not it supposed that HWI\Bundle\OAuthBundle\Security\Core\User\FOSUBUserProvider implements Symfony\Component\Security\Core\User\UserProviderInterface ?
<?php
namespace wf\UserBundle\Document;
use Symfony\Component\Security\Core\User\UserInterface;
use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;
use HWI\Bundle\OAuthBundle\Security\Core\User\FOSUBUserProvider as BaseFOSUBUserProvider;
class FOSUBUserProvider extends BaseFOSUBUserProvider
{
/**
* {#inheritDoc}
*/
public function connect(UserInterface $user, UserResponseInterface $response)
{
$property = $this->getProperty($response);
$username = $response->getUsername();
//on connect - get the access token and the user ID
$service = $response->getResourceOwner()->getName();
$setter = 'set'.ucfirst($service);
$setter_id = $setter.'Id';
$setter_token = $setter.'AccessToken';
//we "disconnect" previously connected users
if (null !== $previousUser = $this->userManager->findUserBy(array($property => $username))) {
$previousUser->$setter_id(null);
$previousUser->$setter_token(null);
$this->userManager->updateUser($previousUser);
}
//we connect current user
$user->$setter_id($username);
$user->$setter_token($response->getAccessToken());
$this->userManager->updateUser($user);
}
/**
* {#inheritdoc}
*/
public function loadUserByOAuthUserResponse(UserResponseInterface $response)
{
$username = $response->getUsername();
$user = $this->userManager->findUserBy(array($this->getProperty($response) => $username));
//when the user is registrating
if (null === $user) {
$service = $response->getResourceOwner()->getName();
$setter = 'set'.ucfirst($service);
$setter_id = $setter.'Id';
$setter_token = $setter.'AccessToken';
// create new user here
$user = $this->userManager->createUser();
$user->$setter_id($username);
$user->$setter_token($response->getAccessToken());
//I have set all requested data with the user's username
//modify here with relevant data
$user->setUsername($username);
$user->setEmail($username);
$user->setPassword($username);
$user->setEnabled(true);
$this->userManager->updateUser($user);
return $user;
}
//if user exists - go with the HWIOAuth way
$user = parent::loadUserByOAuthUserResponse($response);
$serviceName = $response->getResourceOwner()->getName();
$setter = 'set' . ucfirst($serviceName) . 'AccessToken';
//update access token
$user->$setter($response->getAccessToken());
return $user;
}
}
FOSUBUserProvider implements AccountConnectorInterface and OAuthAwareUserProviderInterface which are both interfaces so it not possible that they implement UserProviderInterface.
Checking docs in hwioauthbundle I found that OAuthUserProvider is the class that implements UserProviderInterface.
https://github.com/hwi/HWIOAuthBundle/blob/master/Security/Core/User/OAuthUserProvider.php
Using
providers:
fos_userbundle:
id: fos_user.user_manager
in 'security.yml' instead of (custom)
providers:
wf_hwi_provider:
id: wf_user.fos_user_provider
does it
On my administrator cms I can add newsitems and add a language code in column 'language' to the newsitem 'en' or 'nl'. In the bootstrapfile the language is set through:
public function _initLanguage()
{
$objSessionLanguage= new Zend_Session_Namespace('Zend_Lang');
$objLocale = new Zend_Locale();
$locale = new Zend_Locale();
$language = $locale->getLanguage();
$region = $locale->getRegion();
Zend_Loader::loadClass('Zend_Controller_Request_Http');
$request = new Zend_Controller_Request_Http();
if($language=='nl' or $language=='en')
{
if($language=='nl')
{
$localFile = 'dutch.php';
$Locale = 'nl';
}else
{ {
$localFile = 'english.php';
$Locale = 'en';
}
$objSessionLanguage->localFile=$localFile;
$objSessionLanguage->Locale=$Locale;
}else
{
if(!isset($objSessionLanguage->localFile))
{
$localFile = 'english.php';
$Locale = 'en';
}else
{
$localFile = $objSessionLanguage->localFile;
$Locale =$objSessionLanguage->Locale;
}
}
$objTranslate = new Zend_Translate('array', APPLICATION_PATH .'/../language/english.php', 'en');
$objTranslate->addTranslation(APPLICATION_PATH .'/../language/'.$localFile, $Locale);
$objTranslate->setLocale($Locale);
Zend_Registry::set("Zend_Translate", $objTranslate);
}
To display newsitems in a NewsList I want to select the newsitems in the newsmodel depending on language.
<?php
class Admin_Model_News extends Zend_Db_Table_Abstract
{
protected $_modelName = 'news';
protected $_modelLabel = 'News';
protected $_name = 'news';
protected $_objGeneralSettingVar;
public function init()
{
parent::init();
$this->_objGeneralSettingVar = Zend_Registry::get( "objGeneralSettingVar");
}
public function fetchNewsList()
{
$objSelect = $this->select()->limit(5);
$objSelect->where ("language = '$language'");
$objSelect->order("news_date DESC");
return $this->fetchAll($objSelect)->toArray();
}
}
But with the above
$objSelect->where ("language = '$language'");
no newsitems is displayed. I am sure I am missing something but can not seem to find it. How can I use the language setting in selecting newsitems on language?
In Admin_Model_News you are using
$objSelect->where ("language = '$language'");
for your where clause, but $language has not been set anywhere, so you are querying Where language = null.
The function fetchNewsList should look like this:-
public function fetchNewsList($language)
{
$objSelect = $this->select()->limit(5);
$objSelect->where ("language = '$language'");
$objSelect->order("news_date DESC");
return $this->fetchAll($objSelect)->toArray();
}
You don't show how you are using Admin_Model_News, but it should be something like this:-
$news = new Admin_Model_News();
$newList = $news->fetchNewsList(howeverYouGetlanguage());
In one of these php frameworks I've noticed a posibility to request the object Request in action as $this->request->paramName
class MyRequest extends Zend_Controller_Request_Http{
public $params = array();
public function __construct() {
$this->params = $this->getParams();
parent::__construct();
}
public function __get($name) {
if (isset($this->_params[$name])) {
return $this->_params[$name];
}
}
public function __isset($name) {
return isset($this->_params[$name]);
}
}
in MyController I've added variable request
public $request = null;
How can I change that standart Request to my one?
public function __construct(
Zend_Controller_Request_Abstract $request,
Zend_Controller_Response_Abstract $response,
array $invokeArgs = array()) {
$request = new MyRequest();
parent::__construct($request, $response, $invokeArgs);
$this->request = $this->getRequest();
}
This function has given no results.
Option 1 is make method _initRequest() in bootstrap:
protected function _initRequest() {
$this->bootstrap ( 'FrontController' );
$front = $this->getResource ( 'FrontController' );
$request = $front->getRequest ();
if (null === $front->getRequest ()) {
$request = new MyRequest();
$front->setRequest ( $request );
}
return $request;
}
A bit dirty and untested solution. Would love to hear if it works.
//Bootstrap:
public function _initRequest()
{
$this->bootstrap('frontController');
$front = $this->getResource('frontController');
$front->setRequest(new MyRequest());
}
Try this it might help you:
in controller file
public function exampleAction(){
$result = $this->_request;
$model = new Employer_Model_JobInfo();
$results = $model->sample($result);
}
// the above line stores the values sent from the client side in $result.then sends that values to Model file with parameter $result ..
in model file
class Employer_Model_JobInfo extends Gears_Db_Table_Abstract{
public function sample($param){
$paramVal = $param->getParam('name');
$paramVal1 = $param->getParam('email');
}
}
The name and email are what name used to sent the data from client to server.
Can some one guide me for typical implementation example of ACL. Like 'admin' can access 'admin' module, 'user' can access 'user module', and guest can access 'open' pages.
I can paste you my ACL. It consists of three elements: acl.ini, ACL controller plugin (My_Controller_Plugin_Acl) and My_Acl class, and USER table. However it does not deal with modules, but with controllers and actions. Nevertheless it may give you some general idea about ACL. My use of ACL is based on the one in a book called "Zend Framework in Action".
USER table (privilege field is used for ACL):
CREATE TABLE IF NOT EXISTS `USER` (
`user_id` INT UNSIGNED NOT NULL AUTO_INCREMENT ,
`email` VARCHAR(85) NOT NULL ,
`password` CHAR(32) NOT NULL,
`phone` VARCHAR(45) NULL ,
`phone_public` TINYINT(1) NULL DEFAULT 0 ,
`first_name` VARCHAR(45) NULL ,
`last_name` VARCHAR(45) NULL ,
`last_name_public` TINYINT(1) NULL DEFAULT 1 ,
`is_enabled` TINYINT(1) NOT NULL DEFAULT 1 ,
`created` TIMESTAMP NOT NULL,
`privilage` ENUM('BASIC','PREMIUM','ADMIN') NOT NULL DEFAULT 'BASIC' ,
PRIMARY KEY (`user_id`) ,
UNIQUE INDEX `email_UNIQUE` (`email` ASC) )
ENGINE = InnoDB;
acl.ini (I have four privileges, such that basic inherits from guest, premium inherits form basic and administrator for premium):
; roles
acl.roles.guest = null
acl.roles.basic = guest
acl.roles.premium = basic
acl.roles.administrator = premium
; resources
acl.resources.deny.all.all = guest
acl.resources.allow.index.all = guest
acl.resources.allow.error.all = guest
acl.resources.allow.user.login = guest
acl.resources.allow.user.logout = guest
acl.resources.allow.user.create = guest
acl.resources.allow.user.index = basic
acl.resources.allow.user.success = basic
My_Acl class (creates ACL roles and resources based on the ini file):
class My_Acl extends Zend_Acl {
public function __construct() {
$aclConfig = Zend_Registry::get('acl');
$roles = $aclConfig->acl->roles;
$resources = $aclConfig->acl->resources;
$this->_addRoles($roles);
$this->_addResources($resources);
}
protected function _addRoles($roles) {
foreach ($roles as $name => $parents) {
if (!$this->hasRole($name)) {
if (empty($parents)) {
$parents = null;
} else {
$parents = explode(',', $parents);
}
$this->addRole(new Zend_Acl_Role($name), $parents);
}
}
}
protected function _addResources($resources) {
foreach ($resources as $permissions => $controllers) {
foreach ($controllers as $controller => $actions) {
if ($controller == 'all') {
$controller = null;
} else {
if (!$this->has($controller)) {
$this->add(new Zend_Acl_Resource($controller));
}
}
foreach ($actions as $action => $role) {
if ($action == 'all') {
$action = null;
}
if ($permissions == 'allow') {
$this->allow($role, $controller, $action);
}
if ($permissions == 'deny') {
$this->deny($role, $controller, $action);
}
}
}
}
}
}
My_Controller_Plugin_Acl:
class My_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract {
/**
*
* #var Zend_Auth
*/
protected $_auth;
protected $_acl;
protected $_action;
protected $_controller;
protected $_currentRole;
public function __construct(Zend_Acl $acl, array $options = array()) {
$this->_auth = Zend_Auth::getInstance();
$this->_acl = $acl;
}
public function preDispatch(Zend_Controller_Request_Abstract $request) {
$this->_init($request);
// if the current user role is not allowed to do something
if (!$this->_acl->isAllowed($this->_currentRole, $this->_controller, $this->_action)) {
if ('guest' == $this->_currentRole) {
$request->setControllerName('user');
$request->setActionName('login');
} else {
$request->setControllerName('error');
$request->setActionName('noauth');
}
}
}
protected function _init($request) {
$this->_action = $request->getActionName();
$this->_controller = $request->getControllerName();
$this->_currentRole = $this->_getCurrentUserRole();
}
protected function _getCurrentUserRole() {
if ($this->_auth->hasIdentity()) {
$authData = $this->_auth->getIdentity();
$role = isset($authData->property->privilage)?strtolower($authData->property->privilage): 'guest';
} else {
$role = 'guest';
}
return $role;
}
}
Finally a part of Bootstrap.php where everything is initialized:
protected function _initLoadAclIni() {
$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/acl.ini');
Zend_Registry::set('acl', $config);
}
protected function _initAclControllerPlugin() {
$this->bootstrap('frontcontroller');
$this->bootstrap('loadAclIni');
$front = Zend_Controller_Front::getInstance();
$aclPlugin = new My_Controller_Plugin_Acl(new My_Acl());
$front->registerPlugin($aclPlugin);
}
I have a simple example that might fits your needs
class Dagho_Acl_Main extends Zend_Acl {
public function __construct() {
$anonymous = new Zend_Acl_Role("anonymous");
$customer = new Zend_Acl_Role("customer");
$admin = new Zend_Acl_Role("admin");
$anonymousResource = new Zend_Acl_Resource("acl");
$defaultResource = new Zend_Acl_Resource("default");
$customerResource = new Zend_Acl_Resource("user");
$adminResource = new Zend_Acl_Resource("manage");
$this->addRole($anonymous)
->addRole($customer)
->addRole($admin);
$this->addResource($anonymousResource)
->addResource($defaultResource)
->addResource($customerResource)
->addResource($adminResource);
$this->allow($anonymous, $anonymousResource);
$this->allow($anonymous, $defaultResource);
$this->deny($anonymous, $customerResource);
$this->deny($anonymous, $adminResource);
$this->allow($customer, $anonymousResource);
$this->allow($customer, $defaultResource);
$this->allow($customer, $customerResource);
$this->deny($customer, $adminResource);
$this->allow($admin, $defaultResource);
$this->allow($admin, $anonymousResource);
$this->allow($admin, $adminResource);
$this->deny($admin, $customerResource);
return $this ;
}
}
and here is my plugin :
<?php
class Dagho_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract {
public function preDispatch(Zend_Controller_Request_Abstract $request) {
$module = $request->getModuleName();
$controller = $request->getControllerName();
$action = $request->getActionName();
$doctrineAuth = new Dagho_Auth_Doctrine();
$logged = $doctrineAuth->checklogin();
$identity = $doctrineAuth->getIdentity();
Zend_Registry::set("identity", $identity);
if ($logged && $identity["role"] !== "anonymous") {
/// user had an identity let's check the ACL
$acl = new Dagho_Acl_Main();
$isAllowed = $acl->isAllowed($identity["role"], $module);
if (!$isAllowed) {
return $request->setModuleName("acl")->setControllerName("index")
->setActionName("denied")->setDispatched(true);
} else {
/// user has identity and he is allowed to access it
return;
}
} elseif ($logged === false || ($logged && $identity["role"] === "anonymous" )) {
//// user not logged on > login.php or its his first visit
$identity = $doctrineAuth->getStorage()->write(array('name' => 'anonymous', 'role' => "anonymous",));
Zend_Registry::set("identity", $identity);
return $request->setModuleName("acl")->setControllerName("index")
->setActionName("login")->setDispatched(true);
} else {
return $request->setModuleName("acl")->setControllerName("index")
->setActionName("denied")->setDispatched(true);
}
parent::preDispatch($request);
}
}