I have a flag for my users for "active", and if it is set to zero or zero, I will not allow login.
I tried several approaches and figured out a bit.
If I make an exit route, the flash message is not saved, so the user does not see anything.
I looked at adding a check in the login form so that it throws a normal form error if the flag was not set to true, but in this folder (provider / Bundles / FOS / UserBundle / Form / Type) I find nothing for the login form, only registration, etc., so I donβt know where to put it or where to inherit to redefine.
I also tried, as suggested here, manually logging out, but that left me with a white screen of death ...
Any suggestions how easy it is to accomplish this?
************** UPDATE ************
I realized that I would probably want to do this by adding a validator to the login form. I currently encoded it into the controller of the first route to which the user is sent, but this will not provide much security if the user enters the route before entering the system, because if I successfully log in, my default landing page after login will not be the route , to which the user is taken, but he will land along the route of his choice ...
*** UPDATE AGAIN ****
So the service configuration file has this ...
<service id="security.user_checker" class="%security.user_checker.class%" public="false" />
And this parameter is defined here ...
<parameter key="security.user_checker.class">Symfony\Component\Security\Core\User\UserChecker</parameter>
So, in order to change login logins, I need to redefine
Symfony\Component\Security\Core\User\UserChecker
Now I did this by overriding this option above in my own .ini options in a / config symfony application like this
security.user_checker.class = BizTV\UserBundle\Controller\UserChecker
.. and added this check to myChecker ...
//Test for companylock... if ( !$user->getCompany()->getActive() ) { throw new LockedException('The company of this user is locked.', $user); }
Here is the whole file:
<?php /* * This file is part of the Symfony package. * * (c) Fabien Potencier < fabien@symfony.com > * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ //Override by Mattias namespace BizTV\UserBundle\Controller; //namespace Symfony\Component\Security\Core\User; use Symfony\Component\Security\Core\Exception\CredentialsExpiredException; use Symfony\Component\Security\Core\Exception\LockedException; use Symfony\Component\Security\Core\Exception\DisabledException; use Symfony\Component\Security\Core\Exception\AccountExpiredException; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserChecker as OriginalUserChecker; /** * UserChecker checks the user account flags. * * @author Fabien Potencier < fabien@symfony.com > */ class UserChecker extends OriginalUserChecker { /** * {@inheritdoc} */ public function checkPreAuth(UserInterface $user) { //Test for companylock... if ( !$user->getCompany()->getActive() ) { throw new LockedException('The company of this user is locked.', $user); } if (!$user instanceof AdvancedUserInterface) { return; } if (!$user->isCredentialsNonExpired()) { throw new CredentialsExpiredException('User credentials have expired.', $user); } } /** * {@inheritdoc} */ public function checkPostAuth(UserInterface $user) { //Test for companylock... if ( !$user->getCompany()->getActive() ) { throw new LockedException('The company of this user is locked.', $user); } if (!$user instanceof AdvancedUserInterface) { return; } if (!$user->isAccountNonLocked()) { throw new LockedException('User account is locked.', $user); } if (!$user->isEnabled()) { throw new DisabledException('User account is disabled.', $user); } if (!$user->isAccountNonExpired()) { throw new AccountExpiredException('User account has expired.', $user); } } }
* Update nb 3 ******** Now I just left to make sure that it really checks the standard user lock, which, surprisingly, does not make it out of the box. (Thanks nifr for taking me so far!)
My user entity starts this way, and as Nifr said, I need to implement AdvancedUserInterface, but this is probably not a way to do this, since it still does not check this lock ... but it throws me no error message (if I Iβll change them and put implememts AdvancedUserInterface, and then EXTENDs baseUser gives an error, so ...)
<?php // src/BizTV/UserBundle/Entity/User.php namespace BizTV\UserBundle\Entity; use BizTV\UserBundle\Validator\Constraints as BizTVAssert; use Symfony\Component\Security\Core\User\AdvancedUserInterface; use FOS\UserBundle\Entity\User as BaseUser; use Doctrine\ORM\Mapping as ORM; use BizTV\BackendBundle\Entity\company as company; /** * @ORM\Entity * @ORM\Table(name="fos_user") */ class User extends BaseUser implements AdvancedUserInterface {
Not sure how the way you do it, when you both extend the base user and try to implement AdvancedUserInterface, when everything is done as described above, I still can not use the functions that it should add (but this also does not give me error message) but if I switch places EXTENDS and IMPLEMENTS like this (line 18) ...
class User implements AdvancedUserInterface extends BaseUser
... I get this error:
Parse error: syntax error, unexpected T_EXTENDS, expecting '{' in /var/www/cloudsign/src/BizTV/UserBundle/Entity/User.php on line 18