Add security manager and log-in form
							parent
							
								
									dcc07cd251
								
							
						
					
					
						commit
						005f7d4cf8
					
				| @ -0,0 +1,47 @@ | |||||||
|  | <?php | ||||||
|  | 
 | ||||||
|  | namespace App\Controller; | ||||||
|  | 
 | ||||||
|  | use Exception; | ||||||
|  | use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; | ||||||
|  | use Symfony\Component\HttpFoundation\Response; | ||||||
|  | use Symfony\Component\Routing\Annotation\Route; | ||||||
|  | use Symfony\Component\Security\Http\Authentication\AuthenticationUtils; | ||||||
|  | 
 | ||||||
|  | /** | ||||||
|  |  * Controller about security (login / logout) | ||||||
|  |  * | ||||||
|  |  * @package App\Controller | ||||||
|  |  */ | ||||||
|  | class SecurityController extends AbstractController { | ||||||
|  |     /** | ||||||
|  |      * Show login form | ||||||
|  |      * | ||||||
|  |      * @param AuthenticationUtils $authenticationUtils | ||||||
|  |      * | ||||||
|  |      * @return Response Page response | ||||||
|  |      * | ||||||
|  |      * @Route("/login") | ||||||
|  |      */ | ||||||
|  |     public function login (AuthenticationUtils $authenticationUtils): Response { | ||||||
|  |         $error = $authenticationUtils->getLastAuthenticationError(); | ||||||
|  |         $lastUsername = $authenticationUtils->getLastUsername(); | ||||||
|  | 
 | ||||||
|  |         return $this->render('security/login.html.twig', [ | ||||||
|  |             'last_username' => $lastUsername, | ||||||
|  |             'error'         => $error, | ||||||
|  |         ] | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     /** | ||||||
|  |      * *Perform* logout | ||||||
|  |      * | ||||||
|  |      * @throws Exception When firewall failed and this method is *really* called | ||||||
|  |      * | ||||||
|  |      * @Route("/logout") | ||||||
|  |      */ | ||||||
|  |     public function logout () { | ||||||
|  |         throw new Exception('This method can be blank - it will be intercepted by the logout key on your firewall'); | ||||||
|  |     } | ||||||
|  | } | ||||||
| @ -0,0 +1,99 @@ | |||||||
|  | <?php | ||||||
|  | 
 | ||||||
|  | namespace App\Security; | ||||||
|  | 
 | ||||||
|  | use App\Entity\User; | ||||||
|  | use Doctrine\ORM\EntityManagerInterface; | ||||||
|  | use Symfony\Component\HttpFoundation\RedirectResponse; | ||||||
|  | use Symfony\Component\HttpFoundation\Request; | ||||||
|  | use Symfony\Component\Routing\Generator\UrlGeneratorInterface; | ||||||
|  | use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||||||
|  | use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; | ||||||
|  | use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException; | ||||||
|  | use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; | ||||||
|  | use Symfony\Component\Security\Core\Security; | ||||||
|  | use Symfony\Component\Security\Core\User\UserInterface; | ||||||
|  | use Symfony\Component\Security\Core\User\UserProviderInterface; | ||||||
|  | use Symfony\Component\Security\Csrf\CsrfToken; | ||||||
|  | use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; | ||||||
|  | use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator; | ||||||
|  | use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; | ||||||
|  | use Symfony\Component\Security\Http\Util\TargetPathTrait; | ||||||
|  | 
 | ||||||
|  | class LoginFormAuthentificatorAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface { | ||||||
|  |     use TargetPathTrait; | ||||||
|  | 
 | ||||||
|  |     private $entityManager; | ||||||
|  |     private $urlGenerator; | ||||||
|  |     private $csrfTokenManager; | ||||||
|  |     private $passwordEncoder; | ||||||
|  | 
 | ||||||
|  |     public function __construct ( | ||||||
|  |         EntityManagerInterface $entityManager, | ||||||
|  |         UrlGeneratorInterface $urlGenerator, | ||||||
|  |         CsrfTokenManagerInterface $csrfTokenManager, | ||||||
|  |         UserPasswordEncoderInterface $passwordEncoder | ||||||
|  |     ) { | ||||||
|  |         $this->entityManager = $entityManager; | ||||||
|  |         $this->urlGenerator = $urlGenerator; | ||||||
|  |         $this->csrfTokenManager = $csrfTokenManager; | ||||||
|  |         $this->passwordEncoder = $passwordEncoder; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     public function supports (Request $request) { | ||||||
|  |         return 'app_security_login' === $request->attributes->get('_route') && $request->isMethod('POST'); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     public function getCredentials (Request $request) { | ||||||
|  |         $credentials = [ | ||||||
|  |             'email'      => $request->request->get('email'), | ||||||
|  |             'password'   => $request->request->get('password'), | ||||||
|  |             'csrf_token' => $request->request->get('_csrf_token'), | ||||||
|  |         ]; | ||||||
|  |         $request->getSession()->set( | ||||||
|  |             Security::LAST_USERNAME, | ||||||
|  |             $credentials['email'] | ||||||
|  |         ); | ||||||
|  | 
 | ||||||
|  |         return $credentials; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     public function getUser ($credentials, UserProviderInterface $userProvider) { | ||||||
|  |         $token = new CsrfToken('authenticate', $credentials['csrf_token']); | ||||||
|  |         if (!$this->csrfTokenManager->isTokenValid($token)) { | ||||||
|  |             throw new InvalidCsrfTokenException(); | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         $user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $credentials['email']]); | ||||||
|  | 
 | ||||||
|  |         if (!$user) { | ||||||
|  |             // fail authentication with a custom error | ||||||
|  |             throw new CustomUserMessageAuthenticationException('Email could not be found.'); | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         return $user; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     public function checkCredentials ($credentials, UserInterface $user) { | ||||||
|  |         return $this->passwordEncoder->isPasswordValid($user, $credentials['password']); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     /** | ||||||
|  |      * Used to upgrade (rehash) the user's password automatically over time. | ||||||
|  |      */ | ||||||
|  |     public function getPassword ($credentials): ?string { | ||||||
|  |         return $credentials['password']; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     public function onAuthenticationSuccess (Request $request, TokenInterface $token, $providerKey) { | ||||||
|  |         if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { | ||||||
|  |             return new RedirectResponse($targetPath); | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         return new RedirectResponse($this->urlGenerator->generate('app_external_index')); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     protected function getLoginUrl () { | ||||||
|  |         return $this->urlGenerator->generate('app_security_login'); | ||||||
|  |     } | ||||||
|  | } | ||||||
| @ -1,5 +1,7 @@ | |||||||
| {% extends 'base.html.twig' %} | {% extends 'base.html.twig' %} | ||||||
| 
 | 
 | ||||||
|  | {% block title %}{% trans %}Accueil{% endtrans %}{% endblock %} | ||||||
|  | 
 | ||||||
| {% block body %} | {% block body %} | ||||||
|     <h1>{% trans %}Accueil{% endtrans %}</h1> |     <h1>{% trans %}Accueil{% endtrans %}</h1> | ||||||
|     <p> |     <p> | ||||||
| @ -0,0 +1,35 @@ | |||||||
|  | {% extends 'base.html.twig' %} | ||||||
|  | 
 | ||||||
|  | {% block title %}Log in{% endblock %} | ||||||
|  | 
 | ||||||
|  | {% block body %} | ||||||
|  |     <form method="post"> | ||||||
|  |         {% if error %} | ||||||
|  |             <div class="alert alert-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</div> | ||||||
|  |         {% endif %} | ||||||
|  | 
 | ||||||
|  |         {% if app.user %} | ||||||
|  |             <div class="mb-3"> | ||||||
|  |                 You are logged in as {{ app.user.username }}, <a href="{{ path('app_security_logout') }}">Logout</a> | ||||||
|  |             </div> | ||||||
|  |         {% endif %} | ||||||
|  | 
 | ||||||
|  |         <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1> | ||||||
|  | 
 | ||||||
|  |         <label for="inputEmail">Email</label> | ||||||
|  |         <input type="email" value="{{ last_username }}" name="email" id="inputEmail" class="form-control" required autofocus> | ||||||
|  | 
 | ||||||
|  |         <label for="inputPassword">Password</label> | ||||||
|  |         <input type="password" name="password" id="inputPassword" class="form-control" required> | ||||||
|  | 
 | ||||||
|  |         <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"> | ||||||
|  | 
 | ||||||
|  |         <div class="checkbox mb-3"> | ||||||
|  |             <label> | ||||||
|  |                 <input type="checkbox" name="_remember_me"> Remember me | ||||||
|  |             </label> | ||||||
|  |         </div> | ||||||
|  | 
 | ||||||
|  |         <button class="btn btn-lg btn-primary" type="submit">Sign in</button> | ||||||
|  |     </form> | ||||||
|  | {% endblock %} | ||||||
					Loading…
					
					
				
		Reference in New Issue