Symfony 4:以管理员身份注销活动用户 [英] Symfony 4: Logout active user by admin

问题描述

我的Symfony 4.2应用程序中的管理员用户应该能够注销另一个(非管理员)用户.我根据Symfony安全捆绑包( https://symfony创建了一个用户登录系统.com/doc/current/security/form_login_setup.html ).

The admin user in my Symfony 4.2 application should be able to log out another (non-admin) user. I created a user login system depending on the Symfony security-bundle (https://symfony.com/doc/current/security/form_login_setup.html).

现在，我正在构建一个管理仪表盘，其中必须列出所有用户的在线状态(最后活动).

Now I am building an admin dashboard where all user have to be listed with their online status (last activity).

是否有推荐的方法列出活动用户并在需要时终止其会话?

Is there a recommended way to list active users and kill their session if needed?

我已经阅读了一些类似这样的帖子: Symfony如何返回所有已登录的活动用户" .但是答案有点老了，只是列出了活跃用户.

I've read some posts like this: Symfony how to return all logged in Active Users. But the answers are a little bit older and are just about listing the active users.

推荐答案

以下是杀死用户会话的好方法:将 EventListener 与 onKernelRequest 事件一起使用.在您的主要代码中:公共函数onKernelRequest(KernelEvent $ event)

Here's a good way to kill user sessions: use an EventListener with an onKernelRequest event. In your main code: public function onKernelRequest(KernelEvent $event)

$request = $event->getRequest();
$token = $this->container->get('security.token_storage')->getToken();

if ($token === null) { // somehow
        return;
}

if ($token->getUser()->isLocked() === true) {
        // you must implement a boolean flag on your user Entities, which the admins can set to false
        $this->container->get('security.token_storage')->setToken(); // default is null, therefore null
        $request->getSession()->invalidate(); // these lines will invalidate user session on next request
        return;
 }

现在，请回答您的另一个问题:如何列出用户的在线状态?很简单，您的用户实体应该实现另一个布尔标志，例如 isOnline(带有 getter 和 setter).

Now, on to your other question: How to list users with their online status? Easy, your user Entities should implement another boolean flag, such as isOnline (with a getter and setter).

接下来，您应该创建一个 LoginListener (无需实现任何接口).在您的主要代码中:

Next, you should create a LoginListener (no need to implement any interface). And in your main code:

public function onSecurityInteractiveLogin(InteractiveLoginEvent $event) {
       $user = $event->getAuthenticationToken()->getUser();
       if ($user instanceof UserInterface) {
             // set isOnline flag === true
             // you will need to fetch the $user with the EntityManager ($this->em)
             // make sure it exists, set the flag and then
             $this->em->flush();
       }
}

您的第三个事件应该是 LogoutListener ，您将在其中设置 isOnline标志=== false

Your third event should be a LogoutListener, where you will set the isOnline flag === false

当用户请求注销时，Symfony调用LogoutListener(作为处理程序).但是您可以编写自己的:

Symfony calls a LogoutListener (as a handler) when a user requests logout. But you can write your own:

class LogoutListener implements LogoutHandlerInterface {

 public function logout(Request $request, Response $response, TokenInterface $token): void
    {
        $user = $token->getUser();
        if (!$user instanceof UserInterface) { /** return if user is somehow anonymous
                * this should not happen here, unless... reasons */
                return;
        }

       // else
      $username = $user->getUsername(); // each user class must implement getUsername()
      // get the entity Manager ($this->em, injected in your constructor)
      // get your User repository
      $repository = $this->em->getRepository(MyUser::class);
      $user = $repository->findOneBy(['username' => $username]); // find one by username
      $user->setIsOnline(false);
      $this->em->flush(); // done, you've recorded a logout

    }
}

希望这会有所帮助.运气好的话，它会的.干杯!:-)

Hope this helps. With a bit of luck, it will. Cheers! :-)

这篇关于Symfony 4:以管理员身份注销活动用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！