Symfony2 authenticating users through a webservice

Question

I'm currently dealing with Symfony2's Security component.

I try to authenticate users against a webservice. To authenticate a user, I have to provide to the webservice a username and a password.

I know that I've got to create a class that implements UserProvider. But the loadUserByUsername function doesn't fit my webservice needs : in order to authenticate a user, it ask for both username and password whereas the UserProvider's function only requires username.

Here is a similar question to the problem I face : Symfony2 authentication without UserProvider

I've been struggling on this problem for a couple of days...

Did my answer on the linked question help any? Or did it just confuse things? — Cerad, Mar 07 '13 at 19:29
What kind of webservice are you using? How are the passwords encoded? Maybe you have to create a authentication provider as described in http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html ...it is a lot of work though! Check out http://stackoverflow.com/questions/14928514/symfony2-authentication-via-3rd-party-rest-api/14947332#14947332 ..it should help you to get started. — hacfi, Mar 08 '13 at 01:08
Thanks a lot for both of your answer ! I'll try to do it like @hacfi suggested [here](http://stackoverflow.com/questions/14928514/symfony2-authentication-via-3rd-party-rest-api/14947332#14947332). — SupaCoco, Mar 08 '13 at 14:30
I've just created the following classes : token, listener and provider. I'm stuck on the authenticate function of the AuthenticationProvider. Is it here that I've to call the REST webservice ? — SupaCoco, Mar 08 '13 at 15:43
I helped out Montgomery Jean to set this up..his repo is online at GitHub: https://github.com/freen/wordrot — hacfi, Mar 09 '13 at 17:25
Yes, you make the REST call in the authenticate method of your Authentication Provider. — hacfi, Mar 09 '13 at 17:26
I actually have gist of my facebookprovider: https://gist.github.com/hacfi/f9ae2cd8d7de29ca1950#file-facebookprovider-php-L44 — hacfi, Mar 09 '13 at 18:03

score 2 · Answer 1 · answered Oct 07 '13 at 11:13

I fixed this problem in that way:

services.yml:

services:
     user_provider:
         class: "%my_class%"
         arguments: ["@service_container"]

WebServiceUserProvider.php

/**
 * @param ContainerInterface $container
 */
public function __construct(ContainerInterface $container)
{
    $this->apiClient = $container->get('api_client');
    $this->request = $container->get('request');
}

and use $password = $this->request->get('password'); in your loadUserByUsername method

score 0 · Answer 2 · answered Sep 27 '13 at 05:55

One way of accomplishing this would be to load the user by the username and then validate the password. If the a user exists for the given username and the password entered matches with the password of that user, then authenticate the user. Example:

public function userLogin($username, $password)
{
    $em = $this->getEntityManager();
    $query = $em->createQuery('SELECT u FROM VenomCoreBundle:User u WHERE u.username = :username OR u.email = :username AND u.isDeleted <> 1 ')
            ->setParameter('username', $username);
    try {
        $entity = $query->getSingleResult();
        if (count($entity) > 0) {
            $encoder = new MessageDigestPasswordEncoder('sha512', true, 10);
            $passwordEnc = $encoder->encodePassword($password, $entity->getSalt());
            $userPassword = $entity->getPassword();

            if ($passwordEnc == $userPassword) {
                $tokenValue = $entity->getUserToken();
                $profile = $entity->getUserProfile();
                if(!$profile) {
                    return false;
                }
                $userName = $profile->getFullName();



                $response = array(
                    'token' => $tokenValue,
                    'username' => $userName
                );
            } else {
                return false;
            }
        }
    } catch (\Doctrine\Orm\NoResultException $e) {
        return false;
    }

    return $response;
}

Symfony2 authenticating users through a webservice

2 Answers2

Linked