Symfony2 custom user checker based on accepted eula

Asked 19/6, 2012 at 12:11 Answered 20/1, 2015 at 11:1

authentication symfony doctrine-orm eula

I want to create custom user checker to validate login action against last accepted eula. ' Idea is quite simple, there will be many versions of eula and user can't login untill he accept the lastest eula.

Scenario is:

User creates new account and accepts eula.
Eula gets updated
User tries to login, but he didnt accept lastest eula
User gets the same login form but with additional field "accept newest eula"
User logs in and system inserts information: Current date and time, User id, Eula id to keep track of eula acceptance.

I found this: https://groups.google.com/forum/#!msg/symfony2/D0V0bFks9S0/Qg9mrbpfB3IJ

But unfortunately there is no full version of custom user checker. How do I implement the rest of it?

Pressman answered 19/6, 2012 at 12:11 Comment(1)

I know this question is dated... But I'm facing a situation where I feel the need to override the user checker. Have you found a solution? – Minima 20/9, 2013 at 13:39

The answer is actually quite obvious. In your custom bundle:

config.yml

parameters:
    security.user_checker.class: Acme\Bundle\UserBundle\Security\UserChecker

Userchecker:

class UserChecker extends BaseUserChecker
{
    /**
     * {@inheritdoc}
     */
    public function checkPreAuth(UserInterface $user)
    {
        //do your custom preauth stuff here
        parent::checkPreAuth($user);
    }
}

Minima answered 20/9, 2013 at 14:17 Comment(0)

You can redefine Symfony's user checker service (security.user_checker) in your bundle:

# services.yml
security.user_checker:
    class: MyBundle\Checker\UserChecker
    arguments: [ "@some.service", "%some.param%" ]

Then extend Symfony's UserChecker:

# UserChecker.php

use Symfony\Component\Security\Core\User\UserChecker as BaseUserChecker;

class UserChecker extends BaseUserChecker
{
    public function checkPreAuth(UserInterface $user)
    {
        parent::checkPreAuth($user);

        // your stuff
    }

    public function checkPostAuth(UserInterface $user)
    {
        parent::checkPostAuth($user);

        // your stuff
    }
}

The security.user_checker service gets called in \Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider::authenticate() during the authentication process

Hoyden answered 20/1, 2015 at 11:1 Comment(1)

in your services.yml please change to: services: security.user_checker: – Honolulu 22/10, 2015 at 6:39

Why not attach event listener to the kernel.request event and watch if the current logged user has accepted the latest EULA?

To get the current user you can use something like this:

$securityContext = $this->container->get('security.context');
if (!$securityContext) {
    return;
}

$user = $securityContext->getToken()->getUser();

Paunchy answered 19/6, 2012 at 16:30 Comment(2)

Event listener would be the same as checking on every user action. Maybe more flexible but still you would be authenticated in this case. I need to check this before user would be authed. – Pressman 20/6, 2012 at 7:22

In this case you should use a marked stored inside the session. You can get the session from the request, which is available in this event. – Paunchy 20/6, 2012 at 8:57

Recommended topics

Hot tags