验证用户是否在 symfony2 中通过身份验证

Verify if user is authenticated in symfony2

我试图在 symfony2 中创建一个简单的登录应用程序,但我什么都不懂。 我的路由文件:

shop_show_login_page:
path: /login
defaults: { _controller: ShopDesktopBundle:User:loginPage }

shop_login_user:
path: /loginUser
defaults: { _controller: ShopDesktopBundle:User:loginCheck }

我的控制器有这两种方法:

public function loginPageAction(){
    return $this->render('ShopDesktopBundle:User:loginPage.html.twig');
}
public function loginCheckAction(Request $request){
    $request = $this->get('request');
    $password = $request->request->get('password');
    $login    = $request->request->get('username');
    $em = $this->getDoctrine()->getEntityManager();
    $repository = $em->getRepository('ShopDesktopBundle:Customer');
    $user = $repository->findOneBy(array('customer_login'=> $login, 'customer_password'=> $password));
    if($user){
        return $this->redirect($this->generateUrl('shop_desktop_homepage'));
    }else{
        return $this->render('ShopDesktopBundle:User:loginPage.html.twig',array('message_failed' => 'Error'));
    }
}

我的表单可见:

 <form action="{{ path('shop_login_user') }}" method="post">
                <div class="form-group">
                    <div class="input-group">
                        <span class="input-group-addon"><i class="fa fa-user"></i></span>
                        <input type="text" class="form-control" placeholder="Username" name="username">
                    </div>
                </div>
                <div class="form-group">
                    <div class="input-group">
                        <span class="input-group-addon"><i class="fa fa-lock"></i></span>
                        <input type="text" class="form-control" placeholder="Password" name="password">
                    </div>
                </div>
                <div class="form-group">
                    <button type="submit" class="button">Autentificare</button>
                </div>
            </form>

此系统登录时工作正常,但问题出在 layout.html.twig:

{% if app.user %}
     <p>Test</p>
{% elseif not app.user %}
     <span><a href="{{ path('shop_show_login_page') }}" style="color: #ffffff;">Login / Register</a></span>
{% endif %}

我的security.yml:

security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
    Symfony\Component\Security\Core\User\User: plaintext

# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
    in_memory:
        memory:
            users:
                user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }

# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    secured_area:
        pattern:    ^/
        form_login:
            check_path: shop_login_user
            login_path: shop_show_login_page
        logout:
            path:   _demo_logout
            target: _demo
        #anonymous: ~
        #http_basic:
        #    realm: "Secured Demo Area"

# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/cookbook/security/access_control.html
access_control:
    #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

所以我想在页面 "Test" 中查看用户是否成功通过身份验证以及 Login/Register 是否身份验证失败。我用"if app.user"试过,但我不明白原理。

有几种方法可以检查用户是否已通过身份验证。

一个是 app.user,就像你试过的那样:

{% if app.user is not empty %}

这将检查您的用户对象是否填充了数据。

您也可以使用is_granted()

{% if is_granted('IS_AUTHENTICATED_FULLY') %}

-更新-

您在评论中提供的错误可能是由于您在没有防火墙的情况下尝试使用 is_granted 函数造成的。如果是这种情况,您可以先检查是否有安全令牌,然后再使用 if app.security.token is not empty 调用 is_granted。你会包括你的 security.yml 文件吗?

-更新-

您的安全文件需要正确设置才能使您的身份验证生效。默认行为设置为给你一个起点,但你必须配置你的防火墙。看看并仔细阅读Symfony中关于Security的章节。