I'm trying to authenticate some users via a form but I want to check in an API if the login/password is validated and retrieve some informations about the users to populate my database (so when I'm in my login page, there is actually no users in my user table.
I'm using this example https://github.com/gonzalo123/silexSecurity and I have implemented it like this : - The UserProvider
class UserProvider implements UserProviderInterface,ServiceProviderInterface{
private $users = array();
public function register(Application $app) {
$app['users.security'] = $app->share(function ($app) {
return $this;
});
}
public function boot(Application $app) {
}
public function addUser(Application $app,$login, $pwd, $id_prvi, $email, $job, $firstname, $lastname) {
try{
$app->db('mydb')->insert('users', array('idprvi' => $id_prvi, 'mail' => $email, 'username' => $login, 'password' => $pwd, 'job' => $job, 'firstname' => $firstname, 'lastname' => $lastname ));
}catch(\Exception $e){
return $e->getMessage();
}
}
public function getUsers(Application $app){
$users_db = $app->db('mydb')->fetchAll('SELECT username, password FROM users');
foreach( $users_db as $user)
{
$this->users[$user['username']] = array(array('ROLE_USER'), $user['password']);
}
return $this->users;
}
public function ifUsersInDB($login){
return array_key_exists($login,$this->users);
}
public function loadUserByUsername($username)
{
if (!isset($this->users[$username])) {
throw new UsernameNotFoundException(sprintf('"%s" does not exist.', $username));
}
return new User($username, $this->users[$username][1], $this->users[$username][0], true, true, true, true);
}
public function refreshUser(UserInterface $user)
{
if (!$user instanceof User) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
}
return $this->loadUserByUsername($user->getUsername());
}
public function supportsClass($class)
{
return $class === 'Symfony\Component\Security\Core\User\User';
}
}
my configuration
...
$app->register(new SecurityServiceProvider());
$app->register(new SessionServiceProvider());
$app->register(new UserProvider());
$app['security.firewalls'] = array(
'login' => array(
'pattern' => '^/login(/|_check_api)?$',
),
'secured' => array(
'pattern' => '^.*$',
'form' => array(
'login_path' => '/login',
'check_path' =>'/login_check',
'default_target_path' => '/',
'always_use_default_target_path' => true
),
'logout' => array(
'logout_path' => '/logout',
'invalidate_session' => false
),
'users' => $app['users.security']->getUsers($app)
),
);
$app['security.access_rules'] = array(
array('^.*$', 'ROLE_USER'),
);
$app->on(AuthenticationEvents::AUTHENTICATION_FAILURE, function (AuthenticationEvent $event) {
});
$app->on(AuthenticationEvents::AUTHENTICATION_SUCCESS, function (AuthenticationEvent $event) {
});
$app->on(SecurityEvents::INTERACTIVE_LOGIN, function (InteractiveLoginEvent $event) {
});
$app->on(SecurityEvents::SWITCH_USER, function (SwitchUserEvent $event) {
});
form
<div id="form_user_login" >
<div >
<form action="{{ path('check_api') }}" method="post">
<span class="red-text">{{ form_message | raw}}</span>
<div class="col s4">
<div class="row">
<div class="input-field col s12">
<input type="text" name="_username" value="{{ last_username }}" class = "validate" />
</div>
</div>
<div class="row">
<div class="input-field col s12">
<input type="password" name="_password" value="" class = "validate" />
</div>
</div>
<input type="submit" value="S'inscrire"/>
</div>
</form>
</div>
</div>
I want to use the following function before the login_check is called :
public function userAPICheck(Application $app, Request $request)
{
$message = "";
$password =$request->get('_password');
$login = "";
try {
$login = $request->get('_username');
$api_password = $app['utils']->password($password);
$api_response = $app['utils']->getKeyAccessUser($login, $api_password);
$password = $app['security.encoder.digest']->encodePassword($password, '');
dump($api_response);
if ($api_response->return > 0) {dump(array('ici',$api_response));
$message = "Erreur";
$userToken->setAuthenticated(false);
} else {
if (!$this->ifUsersInDB($login)) {
$this->addUser($app,$login, $password, $api_response->uid, $api_response->email, $api_response->fonction, $api_response->prenom, $api_response->nom);
}
}
} catch (\Exception $e) {
$message = $e->getMessage();
dump($message);
}
}
Is it possible to do this or do I have to use a completely other method?