Symfony 4:以管理员身份注销活动用户 [英] Symfony 4: Logout active user by admin
问题描述
我的Symfony 4.2应用程序中的管理员用户应该能够注销另一个(非管理员)用户.我根据Symfony安全捆绑包( https://symfony创建了一个用户登录系统.com/doc/current/security/form_login_setup.html ).
The admin user in my Symfony 4.2 application should be able to log out another (non-admin) user. I created a user login system depending on the Symfony security-bundle (https://symfony.com/doc/current/security/form_login_setup.html).
现在,我正在构建一个管理仪表盘,其中必须列出所有用户的在线状态(最后活动).
Now I am building an admin dashboard where all user have to be listed with their online status (last activity).
是否有推荐的方法列出活动用户并在需要时终止其会话?
Is there a recommended way to list active users and kill their session if needed?
我已经阅读了一些类似这样的帖子: Symfony如何返回所有已登录的活动用户" .但是答案有点老了,只是列出了活跃用户.
I've read some posts like this: Symfony how to return all logged in Active Users. But the answers are a little bit older and are just about listing the active users.
推荐答案
以下是杀死用户会话的好方法:将 EventListener
与 onKernelRequest
事件一起使用.在您的主要代码中:公共函数onKernelRequest(KernelEvent $ event)
Here's a good way to kill user sessions:
use an EventListener
with an onKernelRequest
event. In your main code: public function onKernelRequest(KernelEvent $event)
$request = $event->getRequest();
$token = $this->container->get('security.token_storage')->getToken();
if ($token === null) { // somehow
return;
}
if ($token->getUser()->isLocked() === true) {
// you must implement a boolean flag on your user Entities, which the admins can set to false
$this->container->get('security.token_storage')->setToken(); // default is null, therefore null
$request->getSession()->invalidate(); // these lines will invalidate user session on next request
return;
}
现在,请回答您的另一个问题:如何列出用户的在线状态?很简单,您的用户实体应该实现另一个布尔标志,例如 isOnline
(带有 getter 和 setter).
Now, on to your other question: How to list users with their online status? Easy, your user Entities should implement another boolean flag, such as isOnline
(with a getter and setter).
接下来,您应该创建一个 LoginListener
(无需实现任何接口).在您的主要代码中:
Next, you should create a LoginListener
(no need to implement any interface). And in your main code:
public function onSecurityInteractiveLogin(InteractiveLoginEvent $event) {
$user = $event->getAuthenticationToken()->getUser();
if ($user instanceof UserInterface) {
// set isOnline flag === true
// you will need to fetch the $user with the EntityManager ($this->em)
// make sure it exists, set the flag and then
$this->em->flush();
}
}
您的第三个事件应该是 LogoutListener
,您将在其中设置 isOnline标志=== false
Your third event should be a LogoutListener
, where you will set the isOnline flag === false
当用户请求注销时,Symfony调用LogoutListener(作为处理程序).但是您可以编写自己的:
Symfony calls a LogoutListener (as a handler) when a user requests logout. But you can write your own:
class LogoutListener implements LogoutHandlerInterface {
public function logout(Request $request, Response $response, TokenInterface $token): void
{
$user = $token->getUser();
if (!$user instanceof UserInterface) { /** return if user is somehow anonymous
* this should not happen here, unless... reasons */
return;
}
// else
$username = $user->getUsername(); // each user class must implement getUsername()
// get the entity Manager ($this->em, injected in your constructor)
// get your User repository
$repository = $this->em->getRepository(MyUser::class);
$user = $repository->findOneBy(['username' => $username]); // find one by username
$user->setIsOnline(false);
$this->em->flush(); // done, you've recorded a logout
}
}
希望这会有所帮助.运气好的话,它会的.干杯!:-)
Hope this helps. With a bit of luck, it will. Cheers! :-)
这篇关于Symfony 4:以管理员身份注销活动用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!