jmikola / auto-login-bundle
Authenticate users in your Symfony app via a single query parameter (e.g. email and newsletter links).
Installs: 314 946
Dependents: 0
Suggesters: 0
Security: 0
Stars: 84
Watchers: 9
Forks: 16
Open Issues: 7
Type:symfony-bundle
Requires
- php: >=7.1
- jmikola/auto-login: ^2.0
- symfony/config: ^4.3 || ^5.0
- symfony/dependency-injection: ^4.3 || ^5.0
- symfony/http-kernel: ^4.3 || ^5.0
- symfony/security-bundle: ^4.3 || ^5.0
Requires (Dev)
- matthiasnoback/symfony-dependency-injection-test: ^3.0 || ^4.0
- phpunit/phpunit: ^7.0 || ^8.0
- symfony/browser-kit: ^4.3 || ^5.0
- symfony/framework-bundle: ^4.3 || ^5.0
README
This bundle integrates the AutoLogin library with Symfony, which implements a security firewall listener to authenticate users based on a single query parameter. This is useful for providing one-click login functionality in email and newsletter links.
Installation
The bundle is published as a package and is installable via Composer:
$ composer require jmikola/auto-login-bundle=^2.0
Activate the bundle in your application kernel:
class AppKernel extends Kernel { public function registerBundles() { $bundles = array( // ... new Jmikola\AutoLoginBundle\JmikolaAutoLoginBundle(), // ... ); } }
Compatibility
This bundle requires Symfony 4.3 or above.
Usage and Configuration
You need to create a new UserProvider
service that implements
Jmikola\AutoLogin\User\AutoLoginUserProviderInterface
. This service is
responsible for resolving the URL token to a user object.
This bundle registers a firewall listener, which is configured via the
jmikola_auto_login
key in your security component's firewall configuration.
See this example configuration:
# services.yml services: acme.auto_login_user_provider: # Implements Jmikola\AutoLogin\User\AutoLoginUserProviderInterface class: Acme\UserBundle\Security\AcmeAutoLoginUserProvider
# security.yml security: firewalls: main: # We need not specify a "provider" for our firewall or listeners, # since SecurityBundle will default to the first provider defined. jmikola_auto_login: auto_login_user_provider: acme.auto_login_user_provider
In the example above, we specify a custom service for auto_login_user_provider
since the default EntityUserProvider
does not implement
AutoLoginUserProviderInterface
.
When visiting http://example.com/path?_al=foobar
,
AcmeAutoLoginUserProvider::loadUserByAutoLoginToken()
will be invoked with the
value "foobar". This method should resolve that value to a user object or throw
a Jmikola\AutoLogin\Exception\AutoLoginTokenNotFoundException
.
Listener Options
The AutoLoginFactory defines the following listener options:
auto_login_user_provider
: AutoLoginUserProviderInterface service, which provides a method to load users by an auto-login token (i.e. query parameter). If this service is not defined, the listener's user provider will be used by default and an exception will be thrown if the provider does not implement the required interface (in addition to UserProviderInterface).provider
: User provider key. This is a standard option for most security listeners. If undefined, the default user provider for the firewall is used (see: SecurityBundle documentation).token_param
: The query parameter to be checked for an auto-login token. The presence of this query parameter will determine if the auto-login listener attempts authentication. In that respect, it is similar to thecheck_path
option for the form-login listener. If undefined, the option defaults to_al
.override_already_authenticated
: Boolean option determines whether an auto-login token should override an existing, authenticated session. This option defaults to false.
Alternative Configuration Example
In this example, we specify a provider that implements both
Symfony\Component\Security\Core\User\UserProviderInterface
and
Jmikola\AutoLogin\User\AutoLoginUserProviderInterface
. We also customize the
URL parameter to use "auto_login" instead of the default "_al":
# services.yml services: acme.versatile_user_provider: # This class implements UserProviderInterface and # AutoLoginUserProviderInterface class: Acme\UserBundle\Security\VersatileUserProvider
# security.yml security: providers: acme_user_provider: id: acme.versatile_user_provider firewalls: main: jmikola_auto_login: token_param: auto_login # We need not configure the auto_login_user_provider option here, as the # bundle will default to the firewall's default user provider, which # implements the necessary interface.
FOSUserBundle Configuration Example
If you are using FOSUserBundle, defining a service ID for your user provider
will look familiar. You can easily integrate this bundle with FOSUserBundle by
defining a custom service for fos_user.user_manager
:
services: acme.user_manager: # This class extends the appropriate UserManager from FOSUserBundle # and implements Jmikola\AutoLogin\User\AutoLoginUserProviderInterface class: Acme\UserBundle\Model\UserManager # Note: the remaining service configuration is abridged fos_user: service: user_manager: acme.user_manager