I'm building a website with symfony and for the user management I choose FOSUserBundle. Now.. I've build my form where I need an username, email and password (nothing more for now), which are the fields in my User table. But with FOSUserBundle it expects a lot more fields in my table like username_canonical, token, login_confirmation....
Is there a way to still use FOSUserBundle, but only with the 3 fields that I want to use? I was searching to maybe override it, but I couldn't find a solution.
In order to use FOS\UserBundle your user class needs to implement FOS\UserBundle\Model\UserInterface. It will provide the mandatory information. If you really want to have a simpler user interface (although FOS\UserBundle\Model\UserInterface is pretty simple) you will need to create your own logic (e.g. fork FOS\UserBundle).
Related
I use FOSUser bundle to perform user operations. Now I want to do single form which will have related to password and to email fields. I found ChangePassword and Username forms which already ready to use, but how to unite them? Should I make my own custom form? And if there are exists ready solution in FOS for resetting email (I mean need to change mail only after accepting). Of course I can do all of this with my own, but how to be better, I guess these actions already exists in the bundle.
You can use forms in forms. But this is slow. It's an easier solution to make your own form. Fosuser does not provide an interface for every process. You have to expand according to your own needs. We recommend keeping the password change page separate. The Bcrypt encryption library slows down the page if it is slow.
I'm starting with Symfony 3, and I need some guidance about how to proceed with the process of implementing dynamic authorization and authentication.
First of all, the authentication bit is mostly done, I've done it according to this link from symfony docs: http://symfony.com/doc/current/security/entity_provider.html. What I'm yet to understand is how to implement the interface function getRoles() in order to return a value from the database (I have a table Role related to the User table).
Secondly, the authorization part. My application will require the end user to create his own access mechanism, in other words, I have an interface where the user creates a Role, then defines what pages that Role will be able to access and what privileges it'll have (create, read, update, delete, and so on). Afterwards the roles are attributed to the application users.
All in all it is pretty standard stuff so Symfony must have a clean way to do it. What I figured out so far is that I'll have to use ACLs, so I did as in the docs: http://symfony.com/doc/current/security/acl.html
My honest question here is: What now? What steps do I take to fully implement the authentication mechanism? What should I do now in order to persist and retrieve the access rules? How do I relate them with the user Roles?
P.S.: This question might be sort of a duplicate of some other questions here, but truth being told, those questions did not help me either, nor my scavenging in the docs did.
So, your question is very broad. Anyway it is a good question, so I'm going to try to reply.
THE AUTHENTICATION
Nothing to say here, I simply hope you used FOSUserBundle as suggested by the article itself: is the best way to implement a registration/login system in Symfony and it will give you an idea of how the entire process works. Starting from scratch if you are not a Symfony experienced developer seems to not be the best idea.
Give FOSUserBundle a try!
THE AUTHORIZATION PROCESS
About authorization you have basically two options: the use of Voters and the use of ACL.
In my experience the best option is ever the use of Voters.
In most cases, in fact, you will have a bidirectional reference (see Doctrine's documentation about this) in your entities between the User and the object on which (s)he have rights. In this case the ACL is not required and even discouraged.
In fact, the ACL does nothing more than creating a relationship between two objects (the User and the Article in your use case). To manage this relationship it uses a table in the database and so it has to query it to get the relationship and check for the authorization rights.
But if you already have a bidirectional reference between the User and the Article/Group directly in your entities, then you already have this relationship in place and so you can use Voters and the use of the ACL is superfluous and even, as said, discouraged as it is a useless duplication.
If you don't have this bidirectional relationship in your entities, then create it: it will be certainly useful in the future for other things and, anyway, you will have ever the ability to access your linked entities directly from your entities tree!
More, in your scenario, you cannot use ACL as you will have custom rights/privileges on your objects: the voters, again, are the best option to build this kind of things.
Don't use ACL, but Voters instead
HOW TO PROCEED
The first thing I would do, is to list in an interface all the available privileges: after all, they are strictly related to your application business logic, as it is not possible for a user to make someone able to do something that your app cannot do: if your application doesn't implement an editing flow, then it is not possible for a user to give someone the ability to edit an article. It's obvious.
So, something like this may be good:
interface PrivilegesEnum
{
const CREATE = 1;
const EDIT = 2;
const DELETE = 4;
const READ = 8;
const OTHER = 16;
// ... Other privileges
}
As you can see, I've given a numeric value to each privilege: this will give you the ability to use bitmasks that is a really powerful mechanism to manage this kind of things: it allows you to use only one field in the database to list all the privileges.
You can read more about bitmasks here:
https://www.google.it/search?q=bitmask+php+example
How to implement a bitmask in php?
Why should I use bitwise/bitmask in PHP?
http://alanhollis.com/a-quick-guide-to-using-bitmasks-for-permissions-in-php/
https://codereview.stackexchange.com/questions/1509/php-bitmask-class
https://www.google.it/search?q=php+bitmask+theory
How to implement a bitmask in php?
http://php.net/manual/en/language.operators.bitwise.php
http://php.net/manual/it/language.operators.bitwise.php
https://code.tutsplus.com/articles/understanding-bitwise-operators--active-11301
https://code.tutsplus.com/articles/number-systems-an-introduction-to-binary-hexadecimal-and-more--active-10848
I used this system in the past and those are some useful links I collected. They might help you!
BUILD A FORM TO LIST PRIVILEGES
Another thing you may find useful is a FormType to list your available privileges: you can do this writing a simple custom FormType.
HOW TO MANAGE ROLES
To manage roles read how Roles are managed by the Security Component and in FOSUserBundle (on Stackoverflow)
THE RELATIONSHIP BETWEEN USERS AND GROUPS AND ARTICLES
Once you reached this point you should have some more entities, read more about Doctrine relationship mechanisms knowing it better and you should be able to relate your users with their role, their group and the articles.
Anyway you will have all the required conceptual and practical tools needed to think better at your concrete implementation.
FINAL NOTE
As you can see, implement such type how authorization process isn't so simple.
I suggest you to think very carefully if it is really required in this stage of the development of your app, because if you can defer it in the future, then I suggest you to do it.
If you want to go online as fast as possible, implementing this system will require a lot of time to learn, implement, debug and refact the code (I'm speaking of weeks, not days!).
So, if you have all this time, then, go to implement this system. But if you feel you haven't all this time, then go with a more "static" system, go online, and then make it more "dynamic".
After all, this is the Lean Startup era!
Good luck!
I have used this tutorial for creating my user login in Laravel: Laravel Authentication Essentials. So I have a SessionController that contains the methods create, store and destroy, for showing the form, logging in and out respectively.
But there is no model in this tutorial, the validation and Auth::attempt is in the controller. And that doesn't feel right. I can not create a Session model, since the Session class already exists.
Should I put the login/out logic in the User model, or is there another way to do this that complies with the MVC architectural pattern?
First, remember (or know) that you can change everything in Laravel. If you need a Session model using a sessions table, go to app/config/session.php and change the Laravel sessions table to laravel_sessions:
'table' => 'laravel_sessions',
People are doing things differently these days, methods are improving on a daily basis and the way you do your code must be confortable to you. If you feel it is not right the way you are seeing people doing it, change it, Laravel give you the power to change and do things your way. And if you feel you just found a better way of doing it, share it.
This is a 2013 video and today Jeffrey is doing authentication in a completly different way. Sign up for a Laracasts account and take the full Build a Larabook video series to see how he's doing it now.
There's no Session model in this tutorial because he's not storing sessions (successful logins) in a sessions table.
In the tutorial he never touches the User model, so there is no login in the user model. The only thing he's using to do authentication is Auth::attempt(), a Laravel facade method which uses internally the user model (M), to find a user and check if the password matches. He's working with a Session controller (C) and everything related to login (or sign in) and showing login views (V) is done inside that particular controller.
If it is easier to you, you can rename SessionsController to LoginController, I, myself, don't really like the Sessions name for login, but that's a matter of taste not code correctness.
That being said I don't see an MVC (or whatever name people like to call it this week) problem in that video.
EDIT Answering the comment:
The purpose of the model is towards data, no data, no model. In the context of Laravel and a database management system, yes, no table, no model. In the context, for instance, of a client-server API, your server API (Laravel, Rails...) will provide data for your client model (Angular, EmberJS...), so, there will be no table directly related to the client model, but still a model.
But in that particular case you are accessing a model, the user model, via a service, the Authentication service.
I'm writing an application in PHP using Yii. I'm trying to add the ability for users to be able to be authenticated differently.
My main question is what is the best way to go about it.
For example, I was thinking of doing something like so:
Have a table of Authenticators in a database that correlates to classes.
In the users table, have an authenticator id column that correlates to an authenticator.
This is about where I get stuck. I'm trying to be a Yii as possible here and use ActiveRecord. Each authenticator would need to know the users ID, so I'd have to pass that to the authenticator model (that stores the class name) and then find a way to pull the actual class, while passing the user to that as well.
All this seems a bit ... over kill.
Any guidance would be greatly appreciated.
Thanks!
Kyle
Just create your own descendant of CUserIdentity which implements Factory pattern. Sounds difficult, but I think there's no short answer at all.
You have all your answers in this topic: Authentication and Authorization.
i'm suggesting you to use rbac approach and the easiest way is to use right module.
I'm hoping to use Ion Auth for a Codeigniter application, but I'm unsure of exactly how to structure the tables appropriately. Basically, I have a few different types of users each with different attributes. How would one build this out with just a single meta table?
Some ideas were offered here ( Create user roles and profiles in Codeigniter using Ion Auth ) but none seem particularly elegant or ideal. Is there a a better way? Can I easily work with multiple meta tables (e.g. meta_type1, meta_type2, etc.) somehow?
A related issue pertains to the "identity" config parameter for login etc. How could I have the identity be email for one user type, and username for another?
Thanks in advance for any tips/advice/ideas
Ion Auth code is really clean and organized.
You can easily hack the login process to accept both username or email. Even better, you can fork the repo on GitHub and make the $config['identity'] variable accept both string or array, and act according to that. And send a pull request! :-)
Regarding meta data for users: I would definitely use a single table to handle users metadata. You can put several columns and set to null in case some user type doesn't need them.
Hope my ideas help! Good luck and happy coding.
I also meet the same problem as you. And i found codeigniter authentication library alternative that could solve the problem. Flexi Auth seems can handle "multiple extra meta table" for different user groups.