如何在OroCRM中擴展認證

我需要爲我的需要擴展認證機制。要做到這一點，我創建Custom Form Password Authenticator

1）我改變防火牆設置

main: 
      ... 
      #organization-form-login: 
      simple_form: 
       authenticator:    my_authenticator 
       csrf_provider:    form.csrf_provider 
       check_path:     oro_user_security_check 
       login_path:     oro_user_security_login 
      ...

2）我的my_authenticator創建的服務

services: 
    ... 
    my_authenticator: 
     class:  OQ\SecurityBundle\Security\MyAuthenticator 
     arguments: 
      - @oro_organization.organization_manager 
    ...

3）這裏是MyAuthenticator

代碼

namespace OQ\SecurityBundle\Security; 

use Symfony\Component\Config\Definition\Exception\Exception; 
use Symfony\Component\HttpFoundation\Request; 
use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface; 
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; 
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; 
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; 
use Symfony\Component\Security\Core\Exception\AuthenticationException; 
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; 
use Symfony\Component\Security\Core\User\UserProviderInterface; 
Use Oro\Bundle\SecurityBundle\Authentication\Token\UsernamePasswordOrganizationToken; 
use Oro\Bundle\OrganizationBundle\Entity\Manager\OrganizationManager; 

class MyAuthenticator implements SimpleFormAuthenticatorInterface 
{ 
    /** @var OrganizationManager */ 
    protected $manager; 

    public function __construct(OrganizationManager $manager) 
    { 
     $this->manager = $manager; 
    } 

    public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) 
    { 

     // Here will be my special checks 

     //Here i try to get username and force authentication 

     try { 
      $user = $userProvider->loadUserByUsername($token->getUsername()); 
     } catch (UsernameNotFoundException $e) { 
      throw new AuthenticationException('This user not allowed'); 
     } 

     // If everythin' is ok - create a token 
     if ($user) { 
      return new UsernamePasswordOrganizationToken(
       $user, 
       $user->getPassword(), 
       $providerKey, 
       $this->manager->getOrganizationById(1) 
      ); 
     } else { 
      throw new AuthenticationException('Invalid username or password'); 
     } 


    } 

    public function supportsToken(TokenInterface $token, $providerKey) 
    { 
     return $token instanceof UsernamePasswordOrganizationToken 
     && $token->getProviderKey() === $providerKey; 
    } 

    public function createToken(Request $request, $username, $password, $providerKey) 
    { 
     //UsernamePasswordOrganizationToken 
     return new UsernamePasswordOrganizationToken($username, $password, $providerKey, $this->manager->getOrganizationById(1)); 
    } 
}

當我嘗試認證我們呃 - 我成功登錄了，但除了黑色標題和分析器以外，我什麼也沒看到。 Profiler對我說，我以USER_NAME身份登錄（黃色），未通過身份驗證（紅色）。你能給我一個建議 - 如何使工作？還有一個問題 - 我如何在這個認證器類中檢索用戶的組織？

來源

2015-09-05 Stepan Yudin

如果檢查UsernamePasswordToken構造你會看到它需要你爲了使通過$角色也驗證 parent::setAuthenticated(count($roles) > 0);

而且它不可能改變身份驗證標誌setAuthenticated後（見代碼爲什麼）。

還檢查UserAuthenticationProvider類以瞭解發生了什麼。

我希望這會有所幫助。

來源

2015-09-05 11:12:13 ishakuta

ThatsIt！我沒有指定用戶角色，因爲此參數在UsernamePasswordOrganizationToken中是可選的。現在它可以工作，謝謝！ –

如何在OroCRM中擴展認證

回答

相關問題