From b6448bf63ac3de6cf1370f11a024213e0e717d92 Mon Sep 17 00:00:00 2001 From: Peter Rehm Date: Wed, 21 Jan 2015 08:24:35 +0100 Subject: [PATCH 1/4] Added configuration of the your_api_key_user_provider as user provider --- cookbook/security/api_key_authentication.rst | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/cookbook/security/api_key_authentication.rst b/cookbook/security/api_key_authentication.rst index 8fb6dfbdb38..a8371db8e29 100644 --- a/cookbook/security/api_key_authentication.rst +++ b/cookbook/security/api_key_authentication.rst @@ -318,6 +318,10 @@ using the ``simple_preauth`` key: simple_preauth: authenticator: apikey_authenticator + providers: + simple_preauth: + id: your_api_key_user_provider + .. code-block:: xml @@ -336,6 +340,8 @@ using the ``simple_preauth`` key: > + + @@ -355,6 +361,11 @@ using the ``simple_preauth`` key: ), ), ), + 'providers' => array( + 'simple_preauth' => array( + 'id' => 'your_api_key_user_provider', + ), + ), )); That's it! Now, your ``ApiKeyAuthentication`` should be called at the beginning @@ -394,6 +405,10 @@ configuration or set it to ``false``: simple_preauth: authenticator: apikey_authenticator + providers: + simple_preauth: + id: your_api_key_user_provider + .. code-block:: xml @@ -412,6 +427,8 @@ configuration or set it to ``false``: > + + @@ -430,6 +447,11 @@ configuration or set it to ``false``: ), ), ), + 'providers' => array( + 'simple_preauth' => array( + 'id' => 'your_api_key_user_provider', + ), + ), )); Even though the token is being stored in the session, the credentials - in this From 26ada449228973a309abb3477f673bd492dbc51d Mon Sep 17 00:00:00 2001 From: Peter Rehm Date: Fri, 23 Jan 2015 20:32:06 +0100 Subject: [PATCH 2/4] Updated according to comment and changed to AppBundle --- cookbook/security/api_key_authentication.rst | 98 ++++++++++++++------ 1 file changed, 68 insertions(+), 30 deletions(-) diff --git a/cookbook/security/api_key_authentication.rst b/cookbook/security/api_key_authentication.rst index a8371db8e29..809263db9c7 100644 --- a/cookbook/security/api_key_authentication.rst +++ b/cookbook/security/api_key_authentication.rst @@ -22,8 +22,8 @@ Your exact situation may differ, but in this example, a token is read from an ``apikey`` query parameter, the proper username is loaded from that value and then a User object is created:: - // src/Acme/HelloBundle/Security/ApiKeyAuthenticator.php - namespace Acme\HelloBundle\Security; + // src/AppBundle/Security/ApiKeyAuthenticator.php + namespace AppBundle\Security; use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -142,8 +142,8 @@ used by Symfony's core user provider system). The ``$userProvider`` might look something like this:: - // src/Acme/HelloBundle/Security/ApiKeyUserProvider.php - namespace Acme\HelloBundle\Security; + // src/AppBundle/Security/ApiKeyUserProvider.php + namespace AppBundle\Security; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Core\User\User; @@ -187,6 +187,44 @@ The ``$userProvider`` might look something like this:: } } +No register your user provider as service. + +.. configuration-block:: + + .. code-block:: yaml + + # app/config/services.yml + services: + api_key_user_provider: + class: AppBundle\Security\ApiKeyUserProvider + + .. code-block:: xml + + + + + + + + + + + + .. code-block:: php + + // app/config/services.php + use Symfony\Component\DependencyInjection\Definition; + + // ... + + $container->setDefinition('api_key_user_provider', new Definition( + 'AppBundle\Security\ApiKeyUserProvider', + )); + .. note:: Read the dedicated article to learn @@ -226,8 +264,8 @@ you can use to create an error ``Response``. .. code-block:: php - // src/Acme/HelloBundle/Security/ApiKeyAuthenticator.php - namespace Acme\HelloBundle\Security; + // src/AppBundle/Security/ApiKeyAuthenticator.php + namespace AppBundle\Security; use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; @@ -265,8 +303,8 @@ your custom user provider as a service called ``your_api_key_user_provider`` # ... apikey_authenticator: - class: Acme\HelloBundle\Security\ApiKeyAuthenticator - arguments: ["@your_api_key_user_provider"] + class: AppBundle\Security\ApiKeyAuthenticator + arguments: ["@api_key_user_provider"] .. code-block:: xml @@ -280,9 +318,9 @@ your custom user provider as a service called ``your_api_key_user_provider`` - + @@ -296,8 +334,8 @@ your custom user provider as a service called ``your_api_key_user_provider`` // ... $container->setDefinition('apikey_authenticator', new Definition( - 'Acme\HelloBundle\Security\ApiKeyAuthenticator', - array(new Reference('your_api_key_user_provider')) + 'AppBundle\Security\ApiKeyAuthenticator', + array(new Reference('api_key_user_provider')) )); Now, activate it in the ``firewalls`` section of your security configuration @@ -319,8 +357,8 @@ using the ``simple_preauth`` key: authenticator: apikey_authenticator providers: - simple_preauth: - id: your_api_key_user_provider + api_key_user_provider: + id: api_key_user_provider .. code-block:: xml @@ -341,7 +379,7 @@ using the ``simple_preauth`` key: - + @@ -363,7 +401,7 @@ using the ``simple_preauth`` key: ), 'providers' => array( 'simple_preauth' => array( - 'id' => 'your_api_key_user_provider', + 'id' => 'api_key_user_provider', ), ), )); @@ -406,8 +444,8 @@ configuration or set it to ``false``: authenticator: apikey_authenticator providers: - simple_preauth: - id: your_api_key_user_provider + api_key_user_provider: + id: api_key_user_provider .. code-block:: xml @@ -428,7 +466,7 @@ configuration or set it to ``false``: - + @@ -448,8 +486,8 @@ configuration or set it to ``false``: ), ), 'providers' => array( - 'simple_preauth' => array( - 'id' => 'your_api_key_user_provider', + 'api_key_user_provider' => array( + 'id' => 'api_key_user_provider', ), ), )); @@ -459,7 +497,7 @@ case the API key (i.e. ``$token->getCredentials()``) - are not stored in the ses for security reasons. To take advantage of the session, update ``ApiKeyAuthenticator`` to see if the stored token has a valid User object that can be used:: - // src/Acme/HelloBundle/Security/ApiKeyAuthenticator.php + // src/AppBundle/Security/ApiKeyAuthenticator.php // ... class ApiKeyAuthenticator implements SimplePreAuthenticatorInterface @@ -513,7 +551,7 @@ stored in the database, then you may want to re-query for a fresh version of the user to make sure it's not out-of-date. But regardless of your requirements, ``refreshUser()`` should now return the User object:: - // src/Acme/HelloBundle/Security/ApiKeyUserProvider.php + // src/AppBundle/Security/ApiKeyUserProvider.php // ... class ApiKeyUserProvider implements UserProviderInterface @@ -553,7 +591,7 @@ a certain URL (e.g. the redirect URL in OAuth). Fortunately, handling this situation is easy: just check to see what the current URL is before creating the token in ``createToken()``:: - // src/Acme/HelloBundle/Security/ApiKeyAuthenticator.php + // src/AppBundle/Security/ApiKeyAuthenticator.php // ... use Symfony\Component\Security\Http\HttpUtils; @@ -565,7 +603,7 @@ current URL is before creating the token in ``createToken()``:: protected $httpUtils; - public function __construct(ApiKeyUserProviderInterface $userProvider, HttpUtils $httpUtils) + public function __construct(UserProviderInterface $userProvider, HttpUtils $httpUtils) { $this->userProvider = $userProvider; $this->httpUtils = $httpUtils; @@ -601,8 +639,8 @@ service: # ... apikey_authenticator: - class: Acme\HelloBundle\Security\ApiKeyAuthenticator - arguments: ["@your_api_key_user_provider", "@security.http_utils"] + class: AppBundle\Security\ApiKeyAuthenticator + arguments: ["@api_key_user_provider", "@security.http_utils"] .. code-block:: xml @@ -616,9 +654,9 @@ service: - + @@ -635,7 +673,7 @@ service: $container->setDefinition('apikey_authenticator', new Definition( 'Acme\HelloBundle\Security\ApiKeyAuthenticator', array( - new Reference('your_api_key_user_provider'), + new Reference('api_key_user_provider'), new Reference('security.http_utils') ) )); From 97aa12deb684a71a0b7ed3226984bbec60ca10be Mon Sep 17 00:00:00 2001 From: Peter Rehm Date: Sat, 24 Jan 2015 09:49:00 +0100 Subject: [PATCH 3/4] Updated as per discussion --- cookbook/security/api_key_authentication.rst | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/cookbook/security/api_key_authentication.rst b/cookbook/security/api_key_authentication.rst index 809263db9c7..475c597902b 100644 --- a/cookbook/security/api_key_authentication.rst +++ b/cookbook/security/api_key_authentication.rst @@ -187,7 +187,7 @@ The ``$userProvider`` might look something like this:: } } -No register your user provider as service. +Now register your user provider as service: .. configuration-block:: @@ -196,7 +196,7 @@ No register your user provider as service. # app/config/services.yml services: api_key_user_provider: - class: AppBundle\Security\ApiKeyUserProvider + class: AppBundle\Security\ApiKeyUserProvider .. code-block:: xml @@ -217,13 +217,10 @@ No register your user provider as service. .. code-block:: php // app/config/services.php - use Symfony\Component\DependencyInjection\Definition; // ... - - $container->setDefinition('api_key_user_provider', new Definition( - 'AppBundle\Security\ApiKeyUserProvider', - )); + $container + ->register('api_key_user_provider', 'AppBundle\Security\ApiKeyUserProvider'); .. note:: @@ -400,7 +397,7 @@ using the ``simple_preauth`` key: ), ), 'providers' => array( - 'simple_preauth' => array( + 'api_key_user_provider' => array( 'id' => 'api_key_user_provider', ), ), @@ -671,7 +668,7 @@ service: // ... $container->setDefinition('apikey_authenticator', new Definition( - 'Acme\HelloBundle\Security\ApiKeyAuthenticator', + 'AppBundle\Security\ApiKeyAuthenticator', array( new Reference('api_key_user_provider'), new Reference('security.http_utils') From 308fa53c960411748eb050896526fff4e1a3df1a Mon Sep 17 00:00:00 2001 From: Peter Rehm Date: Sun, 25 Jan 2015 19:43:19 +0100 Subject: [PATCH 4/4] Removed unneeded spaces --- cookbook/security/api_key_authentication.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cookbook/security/api_key_authentication.rst b/cookbook/security/api_key_authentication.rst index 475c597902b..35db1d890fc 100644 --- a/cookbook/security/api_key_authentication.rst +++ b/cookbook/security/api_key_authentication.rst @@ -397,8 +397,8 @@ using the ``simple_preauth`` key: ), ), 'providers' => array( - 'api_key_user_provider' => array( - 'id' => 'api_key_user_provider', + 'api_key_user_provider' => array( + 'id' => 'api_key_user_provider', ), ), )); @@ -483,8 +483,8 @@ configuration or set it to ``false``: ), ), 'providers' => array( - 'api_key_user_provider' => array( - 'id' => 'api_key_user_provider', + 'api_key_user_provider' => array( + 'id' => 'api_key_user_provider', ), ), ));