Skip to content

Commit 01cb2b0

Browse files
committed
[#14672] Updated more docs related to the UserBadge
1 parent 8cf987f commit 01cb2b0

File tree

1 file changed

+61
-27
lines changed

1 file changed

+61
-27
lines changed

security/experimental_authenticators.rst

Lines changed: 61 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -435,23 +435,61 @@ into a security
435435
Security Passports
436436
~~~~~~~~~~~~~~~~~~
437437

438+
.. versionadded:: 5.2
439+
440+
The ``UserBadge`` was introduced in Symfony 5.2. Prior to 5.2, the user
441+
instance was provided directly to the passport.
442+
438443
A passport is an object that contains the user that will be authenticated as
439444
well as other pieces of information, like whether a password should be checked
440445
or if "remember me" functionality should be enabled.
441446

442447
The default
443448
:class:`Symfony\\Component\\Security\\Http\\Authenticator\\Passport\\Passport`
444-
requires a user object and credentials. The following credential classes
445-
are supported by default:
449+
requires a user and credentials.
450+
451+
Use the
452+
:class:`Symfony\\Component\\Security\\Http\\Authenticator\\Passport\\Badge\\UserBadge`
453+
to attach the user to the passport. The ``UserBadge`` requires a user
454+
identifier (e.g. the username or email), which is used to load the user
455+
using :ref:`the user provider <security-user-providers>`::
456+
457+
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
458+
459+
// ...
460+
$passport = new Passport(new UserBadge($email), $credentials);
461+
462+
.. note::
446463

464+
You can optionally pass a user loader as second argument to the
465+
``UserBadge``. This callable receives the ``$userIdentifier``
466+
and must return a ``UserInterface`` object (otherwise a
467+
``UsernameNotFoundException`` is thrown)::
468+
469+
// ...
470+
$passport = new Passport(
471+
new UserBadge($email, function ($userIdentifier) {
472+
return $this->userRepository->findOneBy(['email' => $userIdentifier]);
473+
}),
474+
$credentials
475+
);
476+
477+
The following credential classes are supported by default:
447478

448479
:class:`Symfony\\Component\\Security\\Http\\Authenticator\\Passport\\Credentials\\PasswordCredentials`
449480
This requires a plaintext ``$password``, which is validated using the
450-
:ref:`password encoder configured for the user <security-encoding-user-password>`.
481+
:ref:`password encoder configured for the user <security-encoding-user-password>`::
482+
483+
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
484+
485+
// ...
486+
return new Passport($user, new PasswordCredentials($plaintextPassword));
451487

452488
:class:`Symfony\\Component\\Security\\Http\\Authenticator\\Passport\\Credentials\\CustomCredentials`
453489
Allows a custom closure to check credentials::
454490

491+
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
492+
455493
// ...
456494
return new Passport($user, new CustomCredentials(
457495
// If this function returns anything else than `true`, the credentials
@@ -467,21 +505,13 @@ are supported by default:
467505

468506

469507
Self Validating Passport
470-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
471-
If you don't need any credentials to be checked (e.g. a JWT token), you can use the
472-
:class:`Symfony\\Component\\Security\\Http\\Authenticator\\Passport\\SelfValidatingPassport`.
473-
This class only requires a ``UserBadge`` object and optionally `Passport Badges`_.
474-
475-
You can also pass a user loader to the ``UserBadge``. This callable receives the
476-
``$userIdentifier`` as argument and must return a ``UserInterface`` object
477-
(otherwise a ``UsernameNotFoundException`` is thrown). If this is not set,
478-
the default user provider will be used with ``$userIdentifier`` as username::
479-
480-
// ...
481-
return new SelfValidatingPassport(new UserBadge($email, function ($username) {
482-
return $this->userRepository->findOneBy(['email' => $username]);
483-
});
508+
........................
484509

510+
If you don't need any credentials to be checked (e.g. when using API
511+
tokens), you can use the
512+
:class:`Symfony\\Component\\Security\\Http\\Authenticator\\Passport\\SelfValidatingPassport`.
513+
This class only requires a ``UserBadge`` object and optionally `Passport
514+
Badges`_.
485515

486516
Passport Badges
487517
~~~~~~~~~~~~~~~
@@ -511,16 +541,21 @@ the following badges are supported:
511541
initiated). This skips the
512542
:doc:`pre-authentication user checker </security/user_checkers>`.
513543

514-
For instance, if you want to add CSRF and password migration to your custom
515-
authenticator, you would initialize the passport like this::
544+
.. versionadded:: 5.2
545+
546+
Since 5.2, the ``PasswordUpgradeBadge`` is automatically added to
547+
the passport if the passport has ``PasswordCredentials``.
548+
549+
For instance, if you want to add CSRF to your custom authenticator, you
550+
would initialize the passport like this::
516551

517552
// src/Service/LoginAuthenticator.php
518553
namespace App\Service;
519554

520555
// ...
521556
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
522557
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
523-
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\PasswordUpgradeBadge;
558+
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
524559
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
525560
use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
526561

@@ -532,14 +567,13 @@ authenticator, you would initialize the passport like this::
532567
$username = $request->request->get('username');
533568
$csrfToken = $request->request->get('csrf_token');
534569

535-
// ... get the $user from the $username and validate no
536-
// parameter is empty
570+
// ... validate no parameter is empty
537571

538-
return new Passport($user, new PasswordCredentials($password), [
539-
// $this->userRepository must implement PasswordUpgraderInterface
540-
new PasswordUpgradeBadge($password, $this->userRepository),
541-
new CsrfTokenBadge('login', $csrfToken),
542-
]);
572+
return new Passport(
573+
new UserBadge($user),
574+
new PasswordCredentials($password),
575+
[new CsrfTokenBadge('login', $csrfToken)]
576+
);
543577
}
544578
}
545579

0 commit comments

Comments
 (0)