如何以编程方式登录/验证用户? [英] How to programmatically login/authenticate a user?
问题描述
我想在注册过程后立即登录用户,而不是通过登录表单.
I'd like to log the user in right after the registration process, without passing by the login form.
这可能吗?我找到了一个带有 FOSUserBundle 的解决方案,但我没有在我实际从事的项目中使用它.
Is this possible ? I've found a solution with FOSUserBundle, but I'm not using it on the project I'm actually working on.
这是我的 security.yml,我正在使用两个防火墙.纯文本编码器仅用于测试.
Here is my security.yml, I'm working with two firewalls. The plain text encoder is just for testing.
security:
encoders:
SymfonyComponentSecurityCoreUserUser: plaintext
RayCentralBundleEntityClient: md5
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
users:
admin: { password: admin, roles: [ 'ROLE_ADMIN' ] }
entity:
entity: { class: RayCentralBundleEntityClient, property: email }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
user_login:
pattern: ^/user/login$
anonymous: ~
admin_login:
pattern: ^/admin/login$
anonymous: ~
admin:
pattern: ^/admin
provider: in_memory
form_login:
check_path: /admin/login/process
login_path: /admin/login
default_target_path: /admin/dashboard
logout:
path: /admin/logout
target: /
site:
pattern: ^/
provider: entity
anonymous: ~
form_login:
check_path: /user/login/process
login_path: /user/login
default_target_path: /user
logout:
path: /user/logout
target: /
access_control:
- { path: ^/user/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user, roles: ROLE_USER }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
推荐答案
是的,您可以通过类似于以下内容的方式执行此操作:
Yes, you can do this via something similar to the following:
use SymfonyComponentEventDispatcherEventDispatcher,
SymfonyComponentSecurityCoreAuthenticationTokenUsernamePasswordToken,
SymfonyComponentSecurityHttpEventInteractiveLoginEvent;
public function registerAction()
{
// ...
if ($this->get("request")->getMethod() == "POST")
{
// ... Do any password setting here etc
$em->persist($user);
$em->flush();
// Here, "public" is the name of the firewall in your security.yml
$token = new UsernamePasswordToken($user, $user->getPassword(), "public", $user->getRoles());
// For older versions of Symfony, use security.context here
$this->get("security.token_storage")->setToken($token);
// Fire the login event
// Logging the user in above the way we do it doesn't do this automatically
$event = new InteractiveLoginEvent($request, $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);
// maybe redirect out here
}
}
当您将令牌设置到上下文中时,最后触发的事件不会自动完成,而在使用例如登录表单或类似表单时通常会如此.因此,将其包含在此处的原因.您可能需要根据您的用例调整使用的令牌类型 - 上面显示的 UsernamePasswordToken 是核心令牌,但如果需要,您可以使用其他令牌.
The event firing at the end isn't automatically done when you set a token into the context, whereas it would be normally when using eg a login form or similar. Hence the reason for including it here. You may need to adjust the type of token used, depending on your use case - the UsernamePasswordToken shown above is a core token, but you can use others if required.
编辑:根据以下 Franco 的评论,调整了上述代码以解释public"参数,并将用户角色添加到令牌创建中.
Edit: Adjusted the above code to explain the 'public' parameter and also add in the roles of the user into the token creation, based on Franco's comment below.
这篇关于如何以编程方式登录/验证用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
