Manual authentificate an user in Symfony

We had this situation, a client asked to be able to connect easily using a kind of super password to a Symfony web app we developped.

The idea : use the email of an existing user, use a special password, and it will work.

So we used the failure_handler event of the classic security Symfony system.

For this, first you need to say Symfony to use the handler we will create. In your security.yaml config file :

firewalls:
    dev:
        anonymous: ~
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        anonymous: ~
        provider: in_db
        form_login:
            use_referer: false
            login_path: login
            check_path: login
            failure_handler: App\Handler\LoginFailureHandler

Everytime a login will fail, we are gonna reach our new file LoginFailureHandler. The content of this new file :

class LoginFailureHandler extends DefaultAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface
{
    private $container;
    private $userRepository;

    /**
     * LoginHandler constructor.
     * @param ParameterBagInterface|null $parameterBag
     * @param HttpUtils $httpUtils
     * @param EntityManagerInterface $entityManager
     * @param ContainerInterface $container
     * @param HttpKernelInterface $httpKernel
     */
    public function __construct(HttpUtils $httpUtils, EntityManagerInterface $entityManager, UserRepository $userRepository, 
                                  ContainerInterface $container, HttpKernelInterface $httpKernel)
    {
        parent::__construct($httpKernel, $httpUtils);
        $this->container = $container;
        $this->userRepository = $userRepository;
    }

    /**
     * @param Request $request
     * @param AuthenticationException $exception
     * @return RedirectResponse
     */
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        // get email posted in the login form
        $email = $exception->getToken()->getUser();

        if ($email && $request->get('_password') === 'MY_SUPER_PASSWORD') {
            $userManual = $this->UserRepositoy->findOneBy(['email' => $email]);

            if ($userManual) {
                // manually authenticate user in controller
                $token = new UsernamePasswordToken($userManual, null, 'main', $userManual->getRoles());
                $this->container->get('security.token_storage')->setToken($token);
                $this->container->get('session')->set('_security_main', serialize($token));

                $defaultAuthenticationSuccessHandler = new DefaultAuthenticationSuccessHandler($this->httpUtils);
                return $defaultAuthenticationSuccessHandler->onAuthenticationSuccess($request, $token);
            }
        }

        return parent::onAuthenticationFailure($request, $exception);
    }
}

Laissez un commentaire