What I'm looking to do is
Currently, to GET secure pages on foo.com I'm using form-based access via the SecurityServiceProvider and a db-backed UserProvider to authenticate. Works great: any attempt to load a secured route is intercepted by the firewall and then redirected after successful authentication.
What I can't figure out is how to pass the POST variables (username and password) on to the provider instance and forward the user to the supplied route.
Stub POST route:
$app->post('/login', function(Request $req) use ($app) {
$route = $req->request->filter('route');
$username = $req->get('username');
$password = $req->get('password');
/* magic happens...? */
});
Here is an example of using the user provider to load a user check the password matches then setting the token in the security service. So if you put this code into a route you can get access to the Request for your username and password.
$userProvider = $app['security.user_provider.default'];
$user = null;
try {
$user = $userProvider->loadUserByUsername($username);
} catch (UsernameNotFoundException $e)
{
;
}
$encoder = $app['security.encoder_factory']->getEncoder($user);
// compute the encoded password
$encodedPassword = $encoder->encodePassword($password, $user->getSalt());
// compare passwords
if ($user->password == $encodedPassword)
{
// set security token into security
$token = new UsernamePasswordToken($user, $password, 'yourProviderKeyHere', array('ROLE_USER'));
$app['security']->setToken($token);
// redirect or give response here
} else {
// error feedback
}