Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

[Security][DX] RFC: A simple way to do programmatic login #40662

Copy link
Copy link
Closed
@Seldaek

Description

@Seldaek
Issue body actions

Description
There are various reasons why an app may need to login a user without the user having to go through the configured authenticators. A few examples I ran into are logging the user in after a password reset, or after the registration confirmation email was clicked.

Example
IMO a great API to have would be Security::programmaticLogin(Request $request, UserInterface $user, ?AuthenticatorInterface $authenticator = null)

After discussing this with @wouterj - it appears that the main complexity here is in choosing which Token class should be used. IMO it'd be fine to by default, pick the default authenticator for the current firewall, and make that one authenticate the user via createAuthenticatedToken. If that's not ok the developer can optionally pass the correct authenticator.

Why?
I had to figure this out myself and it took some help from @wouterj + some trial and error to arrive at this code:

        try {
            $this->userChecker->checkPreAuth($event->getUser());
        } catch (AuthenticationException $e) {
            // skip authenticating if any pre-auth check does not pass
            return;
        }
        if (($response = $this->userAuthenticator->authenticateUser($event->getUser(), $this->myPreferredAuthenticator, $event->getRequest()))) {
            return $response;
        }

Now as you can see, you have to know about UserAuthenticatorInterface to get that service injected, you then have to also figure out what the class name of your preferred authenticator is to get that injected, and then I also had to remember to call the user checker otherwise inactive users were being logged in under some circumstances which is not good.

Not too bad, I survived, but I can imagine this would be a bigger roadblock for others less familiar with the framework, so having some easier API in a more visible location would be nice.

Metadata

Metadata

Assignees

No one assigned

    Labels

    DXDX = Developer eXperience (anything that improves the experience of using Symfony)DX = Developer eXperience (anything that improves the experience of using Symfony)Help wantedIssues and PRs which are looking for volunteers to complete them.Issues and PRs which are looking for volunteers to complete them.Security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      Morty Proxy This is a proxified and sanitized view of the page, visit original site.