@@ -435,23 +435,61 @@ into a security
435
435
Security Passports
436
436
~~~~~~~~~~~~~~~~~~
437
437
438
+ .. versionadded :: 5.2
439
+
440
+ The ``UserBadge `` was introduced in Symfony 5.2. Prior to 5.2, the user
441
+ instance was provided directly to the passport.
442
+
438
443
A passport is an object that contains the user that will be authenticated as
439
444
well as other pieces of information, like whether a password should be checked
440
445
or if "remember me" functionality should be enabled.
441
446
442
447
The default
443
448
:class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ Passport `
444
- requires a user object and credentials. The following credential classes
445
- are supported by default:
449
+ requires a user and credentials.
450
+
451
+ Use the
452
+ :class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ Badge\\ UserBadge `
453
+ to attach the user to the passport. The ``UserBadge `` requires a user
454
+ identifier (e.g. the username or email), which is used to load the user
455
+ using :ref: `the user provider <security-user-providers >`::
456
+
457
+ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
458
+
459
+ // ...
460
+ $passport = new Passport(new UserBadge($email), $credentials);
461
+
462
+ .. note ::
446
463
464
+ You can optionally pass a user loader as second argument to the
465
+ ``UserBadge ``. This callable receives the ``$userIdentifier ``
466
+ and must return a ``UserInterface `` object (otherwise a
467
+ ``UsernameNotFoundException `` is thrown)::
468
+
469
+ // ...
470
+ $passport = new Passport(
471
+ new UserBadge($email, function ($userIdentifier) {
472
+ return $this->userRepository->findOneBy(['email' => $userIdentifier]);
473
+ }),
474
+ $credentials
475
+ );
476
+
477
+ The following credential classes are supported by default:
447
478
448
479
:class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ Credentials\\ PasswordCredentials `
449
480
This requires a plaintext ``$password ``, which is validated using the
450
- :ref: `password encoder configured for the user <security-encoding-user-password >`.
481
+ :ref: `password encoder configured for the user <security-encoding-user-password >`::
482
+
483
+ use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
484
+
485
+ // ...
486
+ return new Passport($user, new PasswordCredentials($plaintextPassword));
451
487
452
488
:class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ Credentials\\ CustomCredentials `
453
489
Allows a custom closure to check credentials::
454
490
491
+ use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
492
+
455
493
// ...
456
494
return new Passport($user, new CustomCredentials(
457
495
// If this function returns anything else than `true`, the credentials
@@ -467,21 +505,13 @@ are supported by default:
467
505
468
506
469
507
Self Validating Passport
470
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
471
- If you don't need any credentials to be checked (e.g. a JWT token), you can use the
472
- :class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ SelfValidatingPassport `.
473
- This class only requires a ``UserBadge `` object and optionally `Passport Badges `_.
474
-
475
- You can also pass a user loader to the ``UserBadge ``. This callable receives the
476
- ``$userIdentifier `` as argument and must return a ``UserInterface `` object
477
- (otherwise a ``UsernameNotFoundException `` is thrown). If this is not set,
478
- the default user provider will be used with ``$userIdentifier `` as username::
479
-
480
- // ...
481
- return new SelfValidatingPassport(new UserBadge($email, function ($username) {
482
- return $this->userRepository->findOneBy(['email' => $username]);
483
- });
508
+ ........................
484
509
510
+ If you don't need any credentials to be checked (e.g. when using API
511
+ tokens), you can use the
512
+ :class: `Symfony\\ Component\\ Security\\ Http\\ Authenticator\\ Passport\\ SelfValidatingPassport `.
513
+ This class only requires a ``UserBadge `` object and optionally `Passport
514
+ Badges `_.
485
515
486
516
Passport Badges
487
517
~~~~~~~~~~~~~~~
@@ -511,16 +541,21 @@ the following badges are supported:
511
541
initiated). This skips the
512
542
:doc: `pre-authentication user checker </security/user_checkers >`.
513
543
514
- For instance, if you want to add CSRF and password migration to your custom
515
- authenticator, you would initialize the passport like this::
544
+ .. versionadded :: 5.2
545
+
546
+ Since 5.2, the ``PasswordUpgradeBadge `` is automatically added to
547
+ the passport if the passport has ``PasswordCredentials ``.
548
+
549
+ For instance, if you want to add CSRF to your custom authenticator, you
550
+ would initialize the passport like this::
516
551
517
552
// src/Service/LoginAuthenticator.php
518
553
namespace App\Service;
519
554
520
555
// ...
521
556
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
522
557
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
523
- use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge ;
558
+ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge ;
524
559
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
525
560
use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
526
561
@@ -532,14 +567,13 @@ authenticator, you would initialize the passport like this::
532
567
$username = $request->request->get('username');
533
568
$csrfToken = $request->request->get('csrf_token');
534
569
535
- // ... get the $user from the $username and validate no
536
- // parameter is empty
570
+ // ... validate no parameter is empty
537
571
538
- return new Passport($user, new PasswordCredentials($password), [
539
- // $this->userRepository must implement PasswordUpgraderInterface
540
- new PasswordUpgradeBadge ($password, $this->userRepository ),
541
- new CsrfTokenBadge('login', $csrfToken),
542
- ] );
572
+ return new Passport(
573
+ new UserBadge($user),
574
+ new PasswordCredentials ($password),
575
+ [ new CsrfTokenBadge('login', $csrfToken)]
576
+ );
543
577
}
544
578
}
545
579
0 commit comments