one-time-access-bundle icon indicating copy to clipboard operation
one-time-access-bundle copied to clipboard

Published 20 hours ago verified publisher icon xphere

Add support for Symfony 3.1.4

Open ghost opened this issue 8 years ago • 3 comments

It would be great if you could update the dependencies to add support for Symfony 3.1.4.

Thanks

ghost avatar Nov 25 '16 14:11 ghost

I wish this could be as easy as to update dependencies in composer.json.

Security internals might have changed since the last tested version of Symfony, so this may be harder than it looks.

I'll take a look at it, any feedback is appreciated. Thanks

xphere avatar Nov 25 '16 16:11 xphere

I forked your project, and I'm trying to update the code to make it work with symfony 3.1, but it's not trivial.

I don't understand that part in your documentation :

The current user provider must implement OneTimeAccessBundle\Security\Provider\ProviderInterface

I'm using the default user provider from Symfony (Symfony\Bridge\Doctrine\Security\User\EntityUserProvider) and I don't know how to subclass it

Here is my security.yml : ` security:

providers:
    in_memory:
        memory:
            users:
                api: { password: "$2y$04$IJxIR59jRnJhG9FEsIaCJOC.8DEXOz486psjowUE82YLwbn/OcaW.", roles: [ 'ROLE_API' ] }
    user_db:
        entity:
            class: EspacePartenaireBundle:Utilisateur
            property: username
            manager_name: mysql
    chain_provider:
        chain:
            providers: [in_memory, user_db]
encoders:
    Symfony\Component\Security\Core\User\User:
        algorithm: bcrypt
        cost:      4
    EspacePartenaireBundle\Entity\Utilisateur:
        algorithm: bcrypt
        cost:      4

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    rest_api:
        pattern: ^/api/
        stateless: true
        http_basic: ~
        provider: chain_provider

    espace_partenaire:
        anonymous: ~

        form_login:
            login_path: login
            check_path: login
            use_referer: true
            remember_me: true
            always_use_default_target_path: false
            default_target_path: /
            target_path_parameter: _target_path
        remember_me:
            secret: '%secret%'
            lifetime: 2592000 # 30 jours en secondes
            path: /
            always_remember_me: true

        provider: user_db

        logout:
            path:   /logout
            target: /
        one_time_access:
            route: acme_myapp_ota

role_hierarchy:
    ROLE_ADMIN:       [ROLE_USER]
    ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

access_control:
    - { path: ^/admin, roles: ROLE_ADMIN }
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api, roles: ROLE_API }
    - { path: ^/, roles: ROLE_USER }

`

And the error message :

Provider 'Symfony\Bridge\Doctrine\Security\User\EntityUserProvider' must implement xPheRe\OneTimeAccessBundle\Security\ProviderInterface interface.

Which is obvious, but I don't know how to do it.

ghost avatar Nov 25 '16 16:11 ghost

This bundle supposes your firewall uses a custom UserProvider to access the tokens. There are many ways you can do that, the easier one is:

  • create a custom User which implements UserInterface
  • add some field to store the OTA token
  • create a custom UserProvider extending EntityUserProvider
  • implement xPheRe\OneTimeAccessBundle\Security\ProviderInterface
  • use this service in your firewall instead of the chain of providers

If you follow this steps and it still doesn't work, maybe it's time to find a better way to integrate with an existing chain of user providers for the next version.

xphere avatar Nov 25 '16 21:11 xphere