通过Symfony 2中的其他字段对用户进行身份验证和注册

Question

I have Symfony 2.3 project. FOS User Bundle and Sonata User Bundle installed. Now I need to login a user not only by user name and password but by a card number and PIN code. A user can have only one card but the card could be connected with several users. And the algorithm is when a user has entered his user name, password, card number and PIN I should check all the data and if there are the user with the card in the DB he is logging in. But if there card info is valid but the entered user data is invalid I should register the new user with the user name and password in the DB and log in him right away.

I've created the Card Entity with the two fields and relation with User entity. The User entity was extended from Sonata User Bundle. This is the Card entity code:

namespace Acme\BoardBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Validator\Constraints as Assert;
use Doctrine\Common\Collections\ArrayCollection;
use Acme\UserBundle\Entity\User as User;

/**
 * @ORM\Entity
 * @ORM\Table(name="yam_card")
 */
class Card
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @ORM\Column(type="string", length=255)
     * @Assert\NotBlank()
     * @Assert\Length(min = "6")
     * @Assert\Length(max = "6")
     */
    protected $number;

    /**
     * @ORM\Column(type="string", length=255)
     * @Assert\NotBlank()
     * @Assert\Length(min = "4")
     * @Assert\Length(max = "4")
     */
    protected $pin;

    /**
     * @ORM\OneToMany(targetEntity="Acme\UserBundle\Entity\User", mappedBy="card", cascade={"remove"})
     */
    protected $users;


    public function __toString()
    {
      return (string)$this->number;
    }

    public function __construct()
    {
        $this->users = new ArrayCollection();
    }

    /**
     * Get id
     *
     * @return integer 
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * Set number
     *
     * @param string $number
     */
    public function setNumber($number)
    {
        $this->number = $number;
    }

    /**
     * Get number
     *
     * @return string 
     */
    public function getNumber()
    {
        return $this->number;
    }

    /**
     * Set pin
     *
     * @param string $pin
     */
    public function setPin($pin)
    {
        $this->pin = $pin;
    }

    /**
     * Get pin
     *
     * @return string 
     */
    public function getPin()
    {
        return $this->pin;
    }

    /**
     * Add users
     *
     * @param \Acme\UserBundle\Entity\User $users
     * @return Card
     */
    public function addUser(\Acme\UserBundle\Entity\User $users)
    {
        $this->users[] = $users;

        return $this;
    }

    /**
     * Remove users
     *
     * @param \Acme\UserBundle\Entity\User $users
     */
    public function removeUser(\Acme\UserBundle\Entity\User $users)
    {
        $this->users->removeElement($users);
    }

    /**
     * Get users
     *
     * @return \Doctrine\Common\Collections\Collection 
     */
    public function getUsers()
    {
        return $this->users;
    }
}

And a peace of code of the User entity with the relation:

namespace Acme\UserBundle\Entity;

use Sonata\UserBundle\Entity\BaseUser as BaseUser;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
use \Acme\BoardBundle\Entity\Card;

/**
 * @ORM\Entity
 * @ORM\HasLifecycleCallbacks
 * @ORM\Table(name="fos_user")
 */
class User extends BaseUser
{
    ...

    protected $card;

    /**
     * Set card
     *
     * @param \Acme\BoardBundle\Entity\Card $card
     * @return Card
     */
    public function setCard(\Acme\BoardBundle\Entity\Card $card)
    {
        $this->card = $card;

        return $this;
    }

    /**
     * Get card
     *
     * @return \Acme\BoardBundle\Entity\Card
     */
    public function getCard()
    {
        return $this->card;
    }
}

User.orm.xml:

<?xml version="1.0" encoding="UTF-8"?>
<doctrine-mapping xmlns="http://doctrine-project.org/schemas/orm/doctrine-mapping"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation="http://doctrine-project.org/schemas/orm/doctrine-mapping
                  http://doctrine-project.org/schemas/orm/doctrine-mapping.xsd">

    <entity name="Acme\UserBundle\Entity\User" table="fos_user">

        ...

        <many-to-one field="card" target-entity="Acme\BoardBundle\Entity\Card" inversed-by="users">
            <join-column name="card" referenced-column-name="id" />
        </many-to-one>
    </entity>
</doctrine-mapping>

The question is what class (or interface) should I redefine to add the check for the two additional parameters (card number and PIN) and how can I make it?

I've found the UserProvider class which implements UserProviderInterface. But the class has loadUserByUsername() method which loads user by user name and works with the user object already. The class doesn't receive a responce object from where I can get the card number and PIN code from the login form. Also I've found a solution for checking additional user status parameter by extending UserChecker class from Symfony Security Core. There checkPreAuth and checkPostAuth methods was used but there I can also work with the User object only. So I guess that I should use some listener or something like that to check the receiving user name, password, card number and PIN code from the request on equality with the users which was registered in my DB. But I can't find the entering point.

Answer 1

You can manually login a use once you are sure the passed Card is valid and belongs to that User . Make sure you trigger an InteractiveLoginEvent to let all listeners know the login happened:

    // 'main' is the name of the firewall to login to
    $token = new UsernamePasswordToken($validatedCard->getUser(), null, 'main', $validatedCard->getUser()->getRoles());
    $this->get('security.token_storage')->setToken($token);

    // Notify the dispatcher, so LoginListener is triggered
    $loginEvent = new InteractiveLoginEvent($request, $token);
    $this->get('event_dispatcher')->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $loginEvent);