1

i'm need create authentication in one of projects, but simple login/password not suitable. Needs stepwise authentication: 1'st - user enter its phone number - check if user exists, then to phone send sms and open next form, else show message; 2'st - form with code input, user enter obtained code - check if code equals generated then authenticate user, else send again.

As sample i thought get phone data in custom controller and if user finded show him form the similarity:

<form action="{{ path('login_check') }}" method="post">
    <input type="hidden" id="username" name="_username" value="{{ user_phone }}" />
    <label for="password">Code:</label>
    <input type="text" id="password" name="_password" value="" />
    <input type="submit" name="login" />
</form>

But i do not like this option. Perhaps somebody tell more beautiful version?)

i.paramonov
  • 185
  • 1
  • 17

2 Answers2

0

I didn't use this solution, but I think that can help you

How to go back to referer after login failure?

This answer shows how to use in case of "login-failure", but the login options has a "success_handler: some.service.id". Check the website below to see the options of the " app/config/security.yml"

http://symfony.com/doc/current/reference/configuration/security.html

Good luck

Community
  • 1
  • 1
Canela
  • 160
  • 1
  • 1
  • 11
0

I this case you need to create two firewall with different patterns in your security.yml:

firewall:
    phone:
       pattern: ^/phoneauth/login$
       form_login:
          provider: phone_auth_provider
          check_path: your_login_check_path
       context: same_unique_name
       ...
    code:
       pattern: ^/codeauth/login$
       form_login
          provider: code_auth_provider
          check_path: your_login_check_path
       context: same_unique_name
       ...

Now you need to create two custom providers, one for phoneauth and another for codeauth In the phoneauth you just need to create a query to search for the phone number if the phone number exists it should return the User object otherwise do your process for sending SMS and base on your message which you return you can redirect it to the codeauth login page.
In the codeauth provider which is somewhat similar to the previous provider you can create query to search for the entered code and if it's found it will return the user object.

For more helps check below links:

Authenticate someone with a custom entity provider
Multi firewall configuration in security.yml

Javad
  • 4,339
  • 3
  • 21
  • 36
  • Javad, i create phone_auth_provider and code_auth_provider, code_auth_provider - empty class implements UserProviderInterface, and in phone_auth_provider loadUserByUserName i write query to find user by phone number and return him if finded, but i always have error message "Bad credentials"... what am i doing wrong? – i.paramonov Mar 04 '14 at 22:06
  • 1
    First of all, make sure the `loadUserByUserName` returns the user object, you can var_dump the returned variable before return and if it was a user object it means first step is done correctly. Next step is creating custom authentication which is a little difficult; because you are not going to authenticate the user base on password (there is no password in your case) – Javad Mar 04 '14 at 22:38
  • I do not quite understand you, `loadUserByUserName` object of class User, but I do not understand where I should return the response object to the form code entry. Thank you for helping me)) – i.paramonov Mar 05 '14 at 18:45
  • If you see the UserProvider class and understand the concept of that, it search for a user either by username or something else and if it could find it, it will return an object of user which is instance of UserInterface; then it will do the authentication process – Javad Mar 07 '14 at 15:15
  • Ok Javad, i create PhoneProvier, wherein mothod loadUserByUsername find and return UserInterface object. Its work fine. But always i have error "Bad credentials". If use default login and password form, this error does not arise and authentication passes normal. Also, i dont undestend, where i must return response with code form (for entering sended to phone code). That is, i dont undestend how two firewalls must working jointly. Thank you) – i.paramonov Mar 08 '14 at 19:27
  • Good job; now what you can to is to create a custom authentication provider or set the found user credential to current token which is sent to the default authentication provider, this will return true for the user which is found instead of "Bad credentials" error. In order to share two firewalls they need to have a similar *context* (check my edited solution) I am trying to provide some helpful code to fix this issue for on next solution – Javad Mar 09 '14 at 01:15
  • Sorry Javad, I do not quite understand, you can see my experience is still too little to solve this problem, thanks – i.paramonov Mar 10 '14 at 21:52