我可以使用Sytrfony 4上的Doctrine(findOneBy())通过用户名和密码获取用户吗?
[英]Can I get a user by their username and password using Doctrine (findOneBy()) on Symfony 4?
问题描述
I want to get a user by their username and password using Doctrine ( findOneBy() method), on Symfony4. 
我希望在Symfony4上使用Doctrine( findOneBy()方法)通过用户名和密码获取用户。
security:
encoders:
App\Entity\User:
algorithm: argon2i
$username= $request->request->get('username');
$password = $request->request->get('password');
$user= $this->em->getRepository(User::class)->findOneBy([
'username'=>$username,
'passsword'=>$password
]);
return new Response($user);
4 个解决方案
解决方案1
3 2019-08-19 15:31:18
The correct way to do this is to fetch the user by their username, and then verify the password using Symfony's password encoder. 执行此操作的正确方法是通过用户名获取用户,然后使用Symfony的密码编码器验证密码。
Eg: 例如:
public function __construct(UserPasswordEncoderInterface $encoder) {
$this->encoder = $encoder;
}
public function yourAction(Request $request) {
$username = $request->request->get('username');
$password = $request->request->get('password');
$user = $this->em->getRepository(User::class)->findOneBy(['username'=>$username]);
if ($user === null) {
// user not found
// throw exception or return error or however you handle it
}
if (! $this->encoder->isPasswordValid($user, $password)) {
// invalid password
// throw exception, or return error, or however you handle it
}
//...
}
Remember that you would need to add the use Symfony\\Component\\Security\\Core\\Encoder\\UserPasswordEncoderInterface; 请记住,您需要添加use Symfony\\Component\\Security\\Core\\Encoder\\UserPasswordEncoderInterface; statement at the top of your script. 脚本顶部的语句。
解决方案2
2 2019-08-19 14:19:13
technically, you can find a user if you know the username and the passwort (hash). 从技术上讲,如果您知道用户名和密码(哈希),就可以找到用户。
However, since the hash usually is salted with a random salt, you can't find a user by username and plain text password. 但是,由于散列通常使用随机盐,因此无法通过用户名和纯文本密码找到用户。
The clean approach here is to fetch the user by username and check the password (via password_verify or the symfony version (or see yivi's answer )). 这里干净的方法是通过用户名获取用户并检查密码(通过password_verify或symfony版本 (或参见yivi的答案 ))。
解决方案3
0 2019-08-20 12:05:58
I think to pass multiple criteria, you have to use the "findBy" method 我想要通过多个标准,你必须使用“findBy”方法
$username= $request->request->get('username');
$password = $request->request->get('password');
$user= $this->em->getRepository(User::class)->findBy(
[
'username' => $username,
'password'=> $password
],
[],
1
);
return new Response($user);
You can find detail explanation of doctrine methods here 你可以在这里找到教义方法的详细解释
解决方案4
-2 2019-08-19 14:27:22
You could create a new method inside your repository (App/Repository/UserRepository.php) where you can give username and password too and send back the result. 您可以在存储库(App / Repository / UserRepository.php)中创建一个新方法,您也可以在其中提供用户名和密码并发回结果。
public function getUserByUsernameAndPassword(string $username, string $password)
{
$qb = $this->createQueryBuilder('u')
->andWhere('u.username = :username')
->andWhere('u.password LIKE :password')
->setParameter('username', $username )
->setParameter('password', $password )
->getQuery();
return $qb->getResult();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.