This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit ezplatform.com

eZ Community » Forums » eZ Publish 5 Platform » [EZ 5.3] - user login in PHP
expandshrink

[EZ 5.3] - user login in PHP

[EZ 5.3] - user login in PHP

Friday 13 June 2014 4:10:18 pm - 8 replies

Hello,

Is there a way to login a user in a controller ? We try the solution in this post (http://share.ez.no/forums/ez-publish-5-platform/how-to-log-a-user-in-a-controller) , but when we reload the page, we are always connected with anonymous user.

Is there another way to do the connection ?

Tkx for your help

Friday 13 June 2014 10:53:57 pm

i use this solution :

use eZ\Publish\API\Repository\Values\User\User as ApiUser;
use eZ\Publish\Core\MVC\Symfony\Security\User;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
 
$roles = array('ROLE_USER');                       
$user = new User($apiUser, $roles);                       
$user->setAPIUser($apiUser);                        
$token = new UsernamePasswordToken($user, null, "ezpublish_front", $roles);          
$this->get("security.context")->setToken($token); 
$request = $this->container->get("request");                        
$event = new InteractiveLoginEvent($request, $token);                        
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);

may be there is a better practice... but it's works

Monday 16 June 2014 9:04:56 am

Hi Joël,

Thanks for your response. However, I don't understand how you instanciate "$apiUser". And where are password and login ? In the request ? If yes, what keys do you associate for them ?

 

Thanks,

 

Clem

Monday 16 June 2014 11:33:10 am

you're right i forgot some pieces, here the whole thing (in my case i load eZ API user by login) :

 

use eZ\Publish\API\Repository\Values\User\User as ApiUser;
use eZ\Publish\Core\MVC\Symfony\Security\User;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
 
$userService = $this->repository->getUserService();
try {    
       $apiUser = $userService->loadUserByLogin($login);    
       $roles = array('ROLE_USER');   
       $user = new User($apiUser, $roles);    
       $user->setAPIUser($apiUser);    
       $token = new UsernamePasswordToken($user, null, "ezpublish_front", $roles);    
       $this->container->get("security.context")->setToken($token); 
       $request = $this->container->get("request");   
       $event = new InteractiveLoginEvent($request, $token);    
       $this->container->get("event_dispatcher")->dispatch("security.interactive_login", $event);
}
catch (\eZ\Publish\API\Repository\Exceptions\NotFoundException $e)
{    
       return 'error';
<span style="font-size: 1.1em;">}</span>

Monday 16 June 2014 12:23:42 pm

Thansk for the details. When I try your code and i display the current user with the method below,  I am always connected with anonymous user :

 var_dump($this->get('ezpublish.api.repository')->getCurrentUser());exit;

 

Do you have an idea ?

Tuesday 17 June 2014 5:53:16 pm

I conclude that nobody knows ?.... sad.gif Emoticon

Tuesday 17 June 2014 6:04:41 pm

Hi

User authentication, and thus security, is not a small subject. Symfony security component is VERY complex, but VERY powerful happy.gif Emoticon. So first, you need to completely understand how it works (and don't get limited to this presentation, you'll probably have to also dig the cookbook and full documentation of the Security Component).

As for what you want to do, I guess you can get inspired by the REST session authenticator, triggered by REST session creation (used only with session authentication). The original pull request will give you more hints to understand the code for sure.

Wednesday 18 June 2014 10:25:56 am

Hi Jerôme,

Tkx for your response.

We just display the template login as it is explained in Symfony documentation. However we have always this error when we try to access to "/login_check" :

 <h1>Unable to find the controller for path "/login_check"</h1>

With this error, they say in the documentation to make sure that the check_path URL (e.g. /login_check) is behind the firewall we're using for our form login. But here is our configuration "security.yml" and all routes are behind firewall sad.gif Emoticon :

firewalls:        
    dev:            
        pattern:  ^/(_(profiler|wdt)|css|images|js)/            
        security: false
        
    ezpublish_setup:            
        pattern: ^/ezsetup            
        security: false
        
    ezpublish_rest:            
        pattern: ^/api/ezp/v2            
        stateless: true            
        ezpublish_http_basic:                
            realm: eZ Publish REST API
        
    ezpublish_front:            
        pattern: ^/            
        anonymous: ~            
        form_login:
            require_previous_session: false            
        logout: ~
 
#        secured_area:
#            pattern:    ^/demo/secured/
#            form_login:
#                check_path: /demo/secured/login_check
#                login_path: /demo/secured/login
#            logout:
#                path:   /demo/secured/logout
#                target: /demo/            #anonymous: ~            
#http_basic:            
#    realm: "Secured Demo Area"
 
    access_control:        
        #- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }        
        #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

The routes are correctly defined in the "routing.yml" file :

login:    
    path:   /login    
    defaults:  { _controller: ezpublish.security.controller:loginAction }
login_check:    
    path:   /login_check
logout:    
    path:   /logout

The stranger thing is when we access directly to "/login" page, we can connect. But when it is throw another template, or when we want to view directly the "/login_check" page, we have the error.

 

Tkx for your help

Wednesday 18 June 2014 10:54:22 am

We find the solution. The method "post" missed in the form to login.

We have been focused on the error because Symfony doc says to verify the url "/login_check". But they don't say that the path has to be verified in a post request !!!!!!

 

Tkx for your help !

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from