You shall not pass!Adam Polak

About meAdam Polak

Developer at The Software House

polakadam@outlook.com

fb: polak.adam1

Client

Mr. Janusz

Existing app

Task 1• admin can remove any idea• logged user can add new ideas• logged user can remove his ideas

Authorization

Security• highly configurable• easy to use• integrated with Symfony 2

Encodersencoders: Example2Bundle\Entity\User: algorithm: bcrypt cost: 12

interface PasswordEncoderInterface

public function encodePassword($raw, $salt);

public function isPasswordValid($encoded, $raw, $salt);

Example2Bundle\Entity\User: id: our.custom.encoder.service.id

Providersproviders: users: entity: class: Example2Bundle:User property: username

interface UserProviderInterface

public function loadUserByUsername($username);

public function refreshUser(UserInterface $user);

public function supportsClass($class);

Firewallsfirewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: ~ form_login: login_path: example_2_login check_path: example_2_login_check username_parameter: login_type[login] password_parameter: login_type[password] default_target_path: /example-2 #Target can be specified as a form parameter ex. #target_path_parameter: login_type[redirect] provider: users logout: path: /example-2/logout target: /example-2

access_control: - { path: ^/example-2, roles: IS_AUTHENTICATED_ANONYMOUSLY}

ShowTime

Votersinterface VoterInterface{ const ACCESS_GRANTED = 1; const ACCESS_ABSTAIN = 0; const ACCESS_DENIED = -1; public function supportsAttribute($attribute); public function supportsClass($class); public function vote(TokenInterface $token, $object, array $attributes); }

Too complicated

Voters v2abstract class AbstractVoter implements VoterInterface{ public function supportsAttribute($attribute); public function supportsClass($class); public function vote(TokenInterface $token, $object, array $attributes); abstract protected function getSupportedClasses(); abstract protected function getSupportedAttributes(); abstract protected function isGranted($attribute, $object, $user = null); }

Are we done yet ?

Voters

services: comment.voter: class: Example3Bundle\Voter\CommentVoter tags: - { name: security.voter }

Talk is cheap.Show me the code.

Task 2• integration with facebook connect• user should be logged in if his email is the same as the one on

facebook account

Custom Provider• Token• Listener• Authentication provider• Factory

Token• keeps request information required for authentication• after authentication it keeps logged user object

Tokeninterface TokenInterface{ public function __toString(); public function getRoles(); public function getCredentials(); public function getUser(); public function setUser($user); public function getUsername(); public function isAuthenticated(); public function setAuthenticated($isAuthenticated); public function eraseCredentials(); public function getAttributes(); public function setAttributes(array $attributes); public function hasAttribute($name); public function getAttribute($name); public function setAttribute($name, $value); }

Token

abstract class AbstractToken implements TokenInterface{ public function getCredentials();

}

Listener• checks request for information required for authorisation• creates non authenticated token• starts authorisation process

interface ListenerInterface{ public function handle(GetResponseEvent $event); }

Authentication Provider• authorises a given type of token• adds user to authorised token

interface AuthenticationProviderInterface extends AuthenticationManagerInterface{ public function supports(TokenInterface $token); }

interface AuthenticationManagerInterface{ public function authenticate(TokenInterface $token); }

Factory• assigns services to container• creates provider instance for each firewall• can define additional configuration parameters for our provider

Factoryinterface SecurityFactoryInterface{ public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint); public function getPosition(); public function getKey(); public function addConfiguration(NodeDefinition $builder); }

$extension = $container->getExtension('security'); $extension->addSecurityListenerFactory(new OurCustomFactory());

Code ?

Task 3

Something you know Something you have

Authorisation process• user log in• send authorisation code on user email• display authorisation code form• authorise user

Listener

form_login: success_handler: authentication.two_factor.listener

interface AuthenticationSuccessHandlerInterface{ public function onAuthenticationSuccess(Request $request, TokenInterface $token); }

How it works ?

Thank you