[英]listen to request before authentication or rewrite /login_check in symfony3
I'm trying to register an eventListener which would be called before the /login_check tries to login the user. 我正在尝试注册一个eventListener,它将在/ login_check尝试登录用户之前被调用。
I'm writing a DDoS protection, iIlog in database each try (date, user_id, is_failure), and if an user has more than N wrong attempts to login, I generate a token sent by email to the right user email. 我正在编写DDoS保护,每次尝试都在数据库中iIlog(日期,user_id,is_failure),如果用户有超过N次错误的登录尝试,我会生成一个通过电子邮件发送给正确的用户电子邮件的令牌。 Anyone without this token will be forbidden to try another login during 10 minutes.
没有此令牌的任何人都将被禁止在10分钟内尝试再次登录。
To proceed, I need to: 要继续,我需要:
I didn't find any event about "pre_authentication", do you have a solution ? 我没有发现有关“ pre_authentication”的任何事件,您有解决方案吗?
I won't write the code in a repository method to lad an user, it's not its place. 我不会在存储库方法中编写代码来吸引用户,这不是它的位置。
Thanks 谢谢
I had a similar problem a few days ago. 几天前我也遇到了类似的问题。 And like you said i couldn't find a suitable "pre_authentication" either at which point i could execute my checks even before the authentication was attempted.
就像您说的那样,即使在尝试进行身份验证之前,我也无法执行合适的“ pre_authentication”,这时我仍可以执行检查。 (AuthenticationSuccess and AuthenticationFailure Handler weren't an option in my case since i wanted to block the attempt before it was even tried)
(在我的情况下,AuthenticationSuccess和AuthenticationFailure Handler不是一个选项,因为我想在尝试之前阻止尝试)
But in the end i found an approach that did work in my case (although there may be a better one but i couldn't find it). 但是最后,我找到了一种适用于我的情况的方法(尽管可能有更好的方法,但我找不到)。
If your application is using the default username/password authentication you could do this: 如果您的应用程序使用默认的用户名/密码身份验证,则可以执行以下操作:
Extend the UsernamePasswordFormAuthenticationListener 扩展UsernamePasswordFormAuthenticationListener
class UsernamePasswordFormAuthenticationListener extends \\Symfony\\Component\\Security\\Http\\Firewall\\UsernamePasswordFormAuthenticationListener { /** @var EntityManagerInterface */ protected $entityManager; /** * setter is called through DI container * * @param EntityManagerInterface $entityManager */ public function setEntityManager(EntityManagerInterface $entityManager) { $this->entityManager = $entityManager; } /** * * @param Request $request * * @return null|RedirectResponse|\\Symfony\\Component\\HttpFoundation\\Response|\\Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface */ protected function attemptAuthentication(Request $request) { //do your logic and whatnot here // iE return a redirect repsonse if the token is needed but missing return parent::attemptAuthentication($request); } }
Overwrite the original service in your services.yml 覆盖您的services.yml中的原始服务
security.authentication.listener.form: class: AppBundle\\Listener\\UsernamePasswordFormAuthenticationListener parent: security.authentication.listener.abstract abstract: true calls: [ [setEntityManager, ["@doctrine.orm.entity_manager"]] ]
(Using setter injection here because the constructor needs like a ton of parameters) (此处使用setter注入是因为构造函数需要大量参数)
Maybe this approach could fit your needs and nobody has a better idea 也许这种方法可以满足您的需求,但是没有人有更好的主意
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.