So the problem that I ran into is this: Currently, the symfony2 project that I have has a user object with its own encryption methods for its password in the database:
private function blowfishCrypt($password,$cost)
{
$chars='./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$salt=sprintf('$2a$%02d$',$cost);
mt_srand();
for($i=0;$i<22;$i++) $salt.=$chars[mt_rand(0,63)];
return crypt($password,$salt);
}
public function encryptPassword($string)
{
$this->setEncryptedPassword($this->blowfishCrypt($string, 10));
}
The login method basically just checks the entered password as follows:
if (crypt($userPost['password'], $user->getEncryptedPassword()) != $user->getEncryptedPassword())
Then it sets the session variables, authTokenand userId.
But because of this, calls must be made in all applications to ensure that userId and authToken are set in the session - so that any action that we want users who pass the test to have access only to us should perform the check:
if (!authToken) { return 401 }
, , , . , , symfony2. ?
EDIT: , , (, ). , , symfony2?
2: , , , , UserInterface . , security.yml:
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
access_control:
- { path: ^/., roles: IS_AUTHENTICATED_FULLY }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login_check.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/signup.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
providers:
main:
entity:
class: BundleNamespace\Entity\User
property: email
encoders:
Symfony\Component\Security\Core\User\User: plaintext
. , /,/login,/signup .., . . , , . . ?