forked from lolautruche/EzCoreExtraBundle
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request lolautruche#46 from lolautruche/feat/loginEmail
Implemented user authentication by email
- Loading branch information
Showing
14 changed files
with
613 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the EzCoreExtraBundle package. | ||
* | ||
* @copyright Jérôme Vieilledent <jerome@vieilledent.fr> | ||
* @license For full copyright and license information view LICENSE file distributed with this source code. | ||
*/ | ||
|
||
namespace Lolautruche\EzCoreExtraBundle\DependencyInjection\Compiler; | ||
|
||
use Lolautruche\EzCoreExtraBundle\Security\RepositoryAuthenticationProvider; | ||
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface; | ||
use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
use Symfony\Component\DependencyInjection\Reference; | ||
|
||
class SecurityPass implements CompilerPassInterface | ||
{ | ||
public function process(ContainerBuilder $container) | ||
{ | ||
if (!$container->hasDefinition('security.authentication.provider.dao')) { | ||
return; | ||
} | ||
|
||
$container->findDefinition('security.authentication.provider.dao') | ||
->setClass(RepositoryAuthenticationProvider::class) | ||
->addMethodCall('setConfigResolver', [new Reference('ezpublish.config.resolver')]); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
parameters: | ||
ez_core_extra.default.twig_globals: {} | ||
ez_core_extra.default.security.authentication_email.enabled: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Authentication by e-mail | ||
|
||
By default, eZ users can only authenticate using their username. However, using e-mail for authentication is quite a | ||
common use case. | ||
|
||
EzCoreExtraBundle enables the possibility for any eZ user to authenticate against their e-mail, in addition to their username. | ||
|
||
You can easily activate it for your SiteAccess using the following config, where `my_siteaccess` is the name of | ||
your SiteAccess or SiteAccess group: | ||
|
||
```yaml | ||
ez_core_extra: | ||
system: | ||
my_siteaccess: | ||
enable_email_authentication: true | ||
``` | ||
Original behavior - authentication by username - is kept and will always have precedence (e.g. username will always | ||
be tested first). | ||
> **Important note**: `EzCoreExtraBundle` **MUST** be instanciated | ||
> **after eZ bundles** in `AppKernel`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the EzCoreExtraBundle package. | ||
* | ||
* @copyright Jérôme Vieilledent <jerome@vieilledent.fr> | ||
* @license For full copyright and license information view LICENSE file distributed with this source code. | ||
*/ | ||
|
||
namespace Lolautruche\EzCoreExtraBundle\Security; | ||
|
||
use eZ\Publish\Core\MVC\ConfigResolverInterface; | ||
|
||
trait EmailAuthenticationActivationChecker | ||
{ | ||
/** | ||
* @var ConfigResolverInterface | ||
*/ | ||
private $configResolver; | ||
|
||
public function setConfigResolver(ConfigResolverInterface $configResolver) | ||
{ | ||
$this->configResolver = $configResolver; | ||
} | ||
|
||
/** | ||
* @return bool | ||
*/ | ||
protected function isEmailAuthenticationEnabled() | ||
{ | ||
return (bool)$this->configResolver->getParameter('security.authentication_email.enabled', 'ez_core_extra'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the EzCoreExtraBundle package. | ||
* | ||
* @copyright Jérôme Vieilledent <jerome@vieilledent.fr> | ||
* @license For full copyright and license information view LICENSE file distributed with this source code. | ||
*/ | ||
|
||
namespace Lolautruche\EzCoreExtraBundle\Security; | ||
|
||
use eZ\Publish\API\Repository\Repository; | ||
use eZ\Publish\API\Repository\Exceptions\NotFoundException; | ||
use eZ\Publish\Core\MVC\Symfony\Security\Authentication\RepositoryAuthenticationProvider as BaseProvider; | ||
use eZ\Publish\Core\MVC\Symfony\Security\UserInterface as EzUserInterface; | ||
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; | ||
use Symfony\Component\Security\Core\Exception\BadCredentialsException; | ||
use Symfony\Component\Security\Core\User\UserInterface; | ||
|
||
/** | ||
* eZ Repository authentication provider override. | ||
* Allows to authenticate against e-mail, in addition to traditional username. | ||
* | ||
* Original behavior is kept and always has precedence. | ||
*/ | ||
class RepositoryAuthenticationProvider extends BaseProvider | ||
{ | ||
use EmailAuthenticationActivationChecker; | ||
|
||
/** | ||
* @var Repository | ||
*/ | ||
private $contentRepository; | ||
|
||
/** | ||
* @var \eZ\Publish\API\Repository\UserService | ||
*/ | ||
private $userService; | ||
|
||
public function setRepository(Repository $repository) | ||
{ | ||
parent::setRepository($repository); | ||
$this->contentRepository = $repository; | ||
$this->userService = $repository->getUserService(); | ||
} | ||
|
||
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) | ||
{ | ||
try { | ||
parent::checkAuthentication($user, $token); | ||
} catch (BadCredentialsException $e) { | ||
if (!($this->isEmailAuthenticationEnabled() && $user instanceof EzUserInterface)) { | ||
throw $e; | ||
} | ||
|
||
// This check was already made in parent implementation and really represents an exception, so rethrow it. | ||
if ($token->getUser() instanceof UserInterface) { | ||
throw $e; | ||
} | ||
|
||
try { | ||
$authenticatedRepoUser = $this->userService->loadUserByCredentials($user->getUsername(), $token->getCredentials()); | ||
$this->contentRepository->setCurrentUser($authenticatedRepoUser); | ||
} catch (NotFoundException $exception) { | ||
throw new BadCredentialsException('Invalid credentials', 0, $e); | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the EzCoreExtraBundle package. | ||
* | ||
* (c) Jérôme Vieilledent <jerome@vieilledent.fr> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Lolautruche\EzCoreExtraBundle\Security; | ||
|
||
use eZ\Publish\API\Repository\UserService; | ||
use eZ\Publish\API\Repository\Values\User\User as APIUser; | ||
use eZ\Publish\Core\MVC\ConfigResolverInterface; | ||
use eZ\Publish\Core\MVC\Symfony\Security\User\APIUserProviderInterface; | ||
use Symfony\Component\Security\Core\Exception\UnsupportedUserException; | ||
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; | ||
use Symfony\Component\Security\Core\User\UserInterface; | ||
|
||
/** | ||
* eZ User provider decorator. | ||
* Allows to fetch users using e-mail, in addition to traditional username. | ||
*/ | ||
class UserProvider implements APIUserProviderInterface | ||
{ | ||
use EmailAuthenticationActivationChecker; | ||
|
||
/** | ||
* @var APIUserProviderInterface | ||
*/ | ||
private $innerUserProvider; | ||
|
||
/** | ||
* @var UserService | ||
*/ | ||
private $userService; | ||
|
||
public function __construct(APIUserProviderInterface $innerUserProvider, UserService $userService) | ||
{ | ||
$this->innerUserProvider = $innerUserProvider; | ||
$this->userService = $userService; | ||
} | ||
|
||
public function loadUserByUsername($username) | ||
{ | ||
try { | ||
return $this->innerUserProvider->loadUserByUsername($username); | ||
} catch (UsernameNotFoundException $e) { | ||
if (!$this->isEmailAuthenticationEnabled()) { | ||
throw $e; | ||
} | ||
|
||
$users = $this->userService->loadUsersByEmail($username); | ||
if (empty($users)) { | ||
throw new UsernameNotFoundException("Could not find a user with idenfifier $username"); | ||
} | ||
|
||
return $this->loadUserByAPIUser(reset($users)); | ||
} | ||
} | ||
|
||
public function refreshUser(UserInterface $user) | ||
{ | ||
return $this->innerUserProvider->refreshUser($user); | ||
} | ||
|
||
public function supportsClass($class) | ||
{ | ||
return $this->innerUserProvider->supportsClass($class); | ||
} | ||
|
||
public function loadUserByAPIUser(APIUser $apiUser) | ||
{ | ||
return $this->innerUserProvider->loadUserByAPIUser($apiUser); | ||
} | ||
} |
Oops, something went wrong.