I am building a site using Symfony2, and it will be the type of white label of the site where several domains are displayed on the same server. Thus, coolsite.customer1.com and aservice.customer2.com will appear on the same site, but will have to be different from the end user. I already decided for domains and downloaded unique configurations as a service.
When installing and using the FOS UserBundle with a user user (who stores the domain_id domain in it), registration, login, etc. works great, except that users of domain1 can also log into domain2. This is expected in the FOS UserBundle. I need to make changes to the package so that it only authenticates users in the domain to which they are assigned.
I created a userProvider that extends the original userProvider in FOS and overrides the loadUserByUsername method to also verify the domain. See below:
use FOS\UserBundle\Security\UserProvider as FOSProvider; use Symfony\Component\DependencyInjection\ContainerInterface; use FOS\UserBundle\Model\UserManagerInterface; use Me\CoreBundle\Models\Core; class UserProvider extends FOSProvider { protected $container; public function __construct(UserManagerInterface $userManager, ContainerInterface $container) { parent::__construct($userManager); $this->container = $container; } public function loadUserByUsername($username) { $core = $this->container->get('me_core'); $user = $this->findUserBy(array( 'username'=>$username, 'domain_id'=>$core->getDomainMap()->getId(), )); if (!$user) { throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username)); } return $user; } public function findUserBy(array $criteria) { return $this->userManager->findUserBy($criteria); } }
I configured the service as follows.
services: me.security.authentication.userprovider: class: Me\UserBundle\Security\UserProvider arguments: - @fos_user.user_manager - @service_container
My security.yml is as follows:
security: providers: me.security.authentication.userprovider: id: fos_user.user_provider.username encoders: FOS\UserBundle\Model\UserInterface: sha512 firewalls: main: pattern: ^/ form_login: provider: fos_userbundle csrf_provider: form.csrf_provider logout: true anonymous: true access_control: - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/public, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin/, role: ROLE_ADMIN } - { path: ^/, role: ROLE_USER } role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: ROLE_ADMIN
What happens when I try to access a site is an exception. " ServiceNotFoundException: the service" security.authentication.manager "has a dependency on the non-existent service" security.user.provider.concrete.fos_userbundle ". "
I based my modifications on this cookbook recipe.
Any ideas? I am completely fixated on this.