well .. I am not your client to be asked if i like or not :)But making this
you are sure that noone would be able to login unless he has 'high'
credentials, witouth compromise your sfGuard code
On Sun, Jun 21, 2009 at 9:11 AM, dziobacz <aaabbbcccda...@gmail.com> wrote:
>
> ok so next trial :)
>
> In \sf_sandbox\apps\backend\lib I created loginForAdminFilter.class:
>
> class loginForAdminFilter extends sfFilter
> {
> public function execute($filterChain)
> {
> $user = $this->getContext()->getUser();
>
> if($user->isAuthenticated())
> {
> if(!$user->hasCredential('high'))
> {
> $user->setFlash('news1', 'Only admin can log in
> here.');
> $user->signOut();
> }
> }
>
> $filterChain->execute();
> }
> }
>
> And in \sf_sandbox\apps\backend\config\filters.yml:
>
> rendering: ~
> security: ~
>
> # insert your own filters here
> //MY OWN FILTR:
> logowanie:
> class: loginForAdminFilter
>
> cache: ~
> common: ~
> execution: ~
>
>
>
> Now correct ??????
>
>
> On 20 Cze, 22:23, Alexandru-Emil Lupu <gang.al...@gmail.com> wrote:
> > hi!Yes, anyone can login, but without having credentials, you may kick hm
> > out.
> > I would rather modify myUserClass to kick the guy out. Another quick and
> > dirty method would be creating a filter to check this out. if you say
> that
> > your security is very important, i would use a "dirty" method, just to be
> > sure that if the person manage somehow to enter there (maybe a
> > crossapplication link), i would be able to kick him out via @logout.
> > It might be an extra check-up, but will keep you the application safe
> (also,
> > will allow you to skip if the user is loged in or have credentials in
> your
> > other modules).
> > A
> >
> >
> >
> > On Sat, Jun 20, 2009 at 10:58 PM, dziobacz <aaabbbcccda...@gmail.com>
> wrote:
> >
> > > Alexandru so I have made in modules \sfGuardAuth\actions
> > > \actions.class.php:
> >
> > > require_once(sfConfig::get('sf_plugins_dir').'/sfDoctrineGuardPlugin/
> > > modules/sfGuardAuth/lib/BasesfGuardAuthActions.class.php');
> >
> > > class sfGuardAuthActions extends BasesfGuardAuthActions
> > > {
> > > public function executeCustomLogin($request)
> > > {
> > > parent::executeSignin($request);
> > > $this->setTemplate('Signin');
> >
> > > if(!$this->getUser()->hasCredential('high'))
> > > {
> > > $this->getUser()->setFlash('news1', 'Only admin
> > > can login.');
> > > $this->getUser()->setAuthenticated(false);
> > > }
> > > }
> > > }
> >
> > > But still each person can login - I think because in
> > > BasesfGuardAuthActions after successful login we have redirect ??
> >
> > > On 20 Cze, 21:13, Alexandru-Emil Lupu <gang.al...@gmail.com> wrote:
> > > > Do not use LDAP, unless you want to use a LDAp server for login. in
> your
> > > > case i would not use.For instance, i would make a directory called
> > > > "customLogin" into my modules folder, and then i would just create a
> > > > "customLogin/actions/actions.class.php" wthat would inherit the
> > > > 'sfGuardAuth' method. In my settings.yml, i would instruct symfony
> to
> > > use
> > > > my custom module for sign in.
> > > > after that ... in my custom execute* method i would call
> "parent::signIn"
> > > or
> > > > so, and after that i would make my own checks.
> >
> > > > public function executeCustomLogin($request){
> > > > parent::executeSignin($request);
> >
> > > > if(!$this->getUser()->hasCredential('high'))
> > > > {
> > > > $this->getUser()->setFlash('news1', 'Only
> admin
> > > can
> > > > login.');
> > > > $this->getUser()->setAuthenticated(false);
> > > > }
> >
> > > > }
> >
> > > > LOOL sorry .. i have reread your initial post, and you make the
> things
> > > > correctly... however, i would not copy/paste the sign in method
> (DRY). I
> > > > would rather use an inheritance based code... see my above example.
> >
> > > > Alecs
> >
> > > > On Sat, Jun 20, 2009 at 9:07 PM, dziobacz <aaabbbcccda...@gmail.com>
> > > wrote:
> >
> > > > > I thought of course about section 'Check the user password with an
> > > > > external method' hehe :)
> >
> > > > > How can I change it: $user = LDAP::getUser($username); ??
> > > > > sfGuardUser::getUser($username) or what ?
> >
> > > > > On 20 Cze, 19:41, Gábor Fási <maerl...@gmail.com> wrote:
> > > > > > Nope, I meant the one above: "Check the user password with an
> > > external
> > > > > method"
> > > > > > I guess anywhere in your lib folder, just make sure it's static,
> > > > > > callable and the autoload finds it.
> >
> > > > > > On Sat, Jun 20, 2009 at 19:15, dziobacz<aaabbbcccda...@gmail.com
> >
> > > wrote:
> >
> > > > > > > Is this section: 'Change the algorithm used to store passwords'
> on
> > > > > > >http://www.symfony-project.org/plugins/sfGuardPlugin??
> > > > > > > But where can I place this function
> checkLDAPPassword($username,
> > > > > > > $password) ? In which file ?
> >
> > > > > > > On 20 Cze, 18:49, Gábor Fási <maerl...@gmail.com> wrote:
> > > > > > >> No, you shouldn't.
> > > > > > >> Check the docs again instead: you can tell sfGuard what
> function
> > > to
> > > > > > >> call to check the username/password, and there you can check
> if
> > > the
> > > > > > >> given user is admin or not. The error message will say that
> the
> > > given
> > > > > > >> user/pass is invalid instead of your 'only admin may login',
> but I
> > > > > > >> think that's good enough.
> >
> > > > > > >> On Sat, Jun 20, 2009 at 18:45, dziobacz<
> aaabbbcccda...@gmail.com>
> > > > > wrote:
> >
> > > > > > >> > I know about credentials - but with credentials user CAN
> login
> > > but
> > > > > he
> > > > > > >> > hasn't acces permission to pages. I thought about that user
> > > CAN'T
> > > > > > >> > login if he isn't admin or if was banned. You think that I
> > > shouldn't
> > > > > > >> > modify signin() method ??
> >
> > > > > > >> > On 20 Cze, 17:32, Alexandru-Emil Lupu <gang.al...@gmail.com
> >
> > > wrote:
> > > > > > >> >> check this out.
> > > > >http://www.symfony-project.org/plugins/sfGuardPlugin
> > > > > > >> >> <http://www.symfony-project.org/plugins/sfGuardPlugin>by
> > > modifing
> > > > > the
> > > > > > >> >> sfGuardPlugin, you make a mistake, because you woun't be
> able
> > > to
> > > > > update it.
> >
> > > > > > >> >> <http://www.symfony-project.org/plugins/sfGuardPlugin>
> >
> > > > > > >> >> Secure some modules or your entire application in
> security.yml
> >
> > > > > > >> >> default:
> > > > > > >> >> is_secure: on
> >
> > > > > > >> >> Check out the docs & mail list archive, there is a
> > > > > "has_credentials" or
> > > > > > >> >> "require credential' setting for your yaml config.
> > > > > > >> >> alecs
> >
> > > > > > >> >> On Sat, Jun 20, 2009 at 5:56 PM, dziobacz <
> > > > > aaabbbcccda...@gmail.com> wrote:
> >
> > > > > > >> >> > Standard signin() method looks:
> >
> > > > > > >> >> > class BasesfGuardAuthActions extends sfActions
> > > > > > >> >> > {
> > > > > > >> >> > public function executeSignin($request)
> > > > > > >> >> > {
> > > > > > >> >> > $user = $this->getUser();
> > > > > > >> >> > if ($user->isAuthenticated())
> > > > > > >> >> > {
> > > > > > >> >> > return $this->redirect('@homepage');
> > > > > > >> >> > }
> >
> > > > > > >> >> > $class =
> sfConfig::get('app_sf_guard_plugin_signin_form',
> > > > > > >> >> > 'sfGuardFormSignin');
> > > > > > >> >> > $this->form = new $class();
> >
> > > > > > >> >> > if ($request->isMethod('post'))
> > > > > > >> >> > {
> > > > > > >> >> > $this->form->bind($request->getParameter('signin'));
> > > > > > >> >> > if ($this->form->isValid())
> > > > > > >> >> > {
> > > > > > >> >> > $values = $this->form->getValues();
> > > > > > >> >> > $remember = isset($values['remember']) ?
> > > > > $values['remember'] :
> > > > > > >> >> > false;
> >
> > > > > > >> >> > $this->getUser()->signin($values['user'],
> $remember);
> >
> > > > > > >> >> > $signinUrl = sfConfig::get
> > > > > > >> >> > ('app_sf_guard_plugin_success_signin_url',
> > > > > $user->getReferer($request-
> > > > > > >> >> > >getReferer()));
> >
> > > > > > >> >> > return $this->redirect('' != $signinUrl ?
> $signinUrl :
> > > > > > >> >> > '@homepage');
> > > > > > >> >> > }
> > > > > > >> >> > }
> > > > > > >> >> > else
> > > > > > >> >> > {
> > > > > > >> >> > if ($request->isXmlHttpRequest())
> > > > > > >> >> > {
> > > > > > >> >> > $this->getResponse()->setHeaderOnly(true);
> > > > > > >> >> > $this->getResponse()->setStatusCode(401);
> >
> > > > > > >> >> > return sfView::NONE;
> > > > > > >> >> > }
> >
> > > > > > >> >> > $user->setReferer($request->getReferer());
> >
> > > > > > >> >> > $module = sfConfig::get('sf_login_module');
> > > > > > >> >> > if ($this->getModuleName() != $module)
> > > > > > >> >> > {
> > > > > > >> >> > return $this->redirect($module.'/'.sfConfig::get
> > > > > > >> >> > ('sf_login_action'));
> > > > > > >> >> > }
> >
> > > > > > >> >> > $this->getResponse()->setStatusCode(401);
> > > > > > >> >> > }
> > > > > > >> >> > }
> >
> > > > > > >> >> > ....................
> > > > > > >> >> > }
> >
> > > > > > >> >> > In my application admin has 'high' credentials. So in
> > > > > \sf_sandbox\apps
> > > > > > >> >> > \frontend\modules I created
> > > > > sfGuardAuth\actions\actions.class.php
> > > > > > >> >> > with that code:
> >
> > > > > > >> >> > class sfGuardAuthActions extends BasesfGuardAuthActions
> > > > > > >> >> > {
> > > > > > >> >> > public function executeSignin($request)
> > > > > > >> >> > {
> > > > > > >> >> > $user = $this->getUser();
> > > > > > >> >> > if ($user->isAuthenticated())
> > > > > > >> >> > {
> > > > > > >> >> > return $this->redirect('@homepage');
> > > > > > >> >> > }
> >
> > > > > > >> >> > $class =
> sfConfig::get('app_sf_guard_plugin_signin_form',
> > > > > > >> >> > 'sfGuardFormSignin');
> > > > > > >> >> > $this->form = new $class();
> >
> > > > > > >> >> > if ($request->isMethod('post'))
> > > > > > >> >> > {
> > > > > > >> >> > $this->form->bind($request->getParameter('signin'));
> > > > > > >> >> > if ($this->form->isValid())
> > > > > > >> >> > {
> > > > > > >> >> > $values = $this->form->getValues();
> > > > > > >> >> > $remember = isset($values['remember']) ?
> > > > > $values['remember'] :
> > > > > > >> >> > false;
> >
> > > > > > >> >> > $this->getUser()->signin($values['user'],
> $remember);
> >
> > > > > > >> >> > $signinUrl = sfConfig::get
> > > > > > >> >> > ('app_sf_guard_plugin_success_signin_url',
> > > > > $user->getReferer($request-
> > > > > > >> >> > >getReferer()));
> >
> > >
> ///////////////////////////////////////////////////////////////////////////////////
> > > > > > >> >> > //MINE ADDED CODE:
> >
> > > > > > >> >> >
> if(!$this->getUser()->hasCredential('high'))
> > > > > > >> >> > {
> > > > > > >> >> >
> $this->getUser()->setFlash('news1',
> > > 'Only
> > > > > admin can
> > > > > > >> >> > login.');
> >
> > > $this->getUser()->setAuthenticated(false);
> > > > > > >> >> > }
> >
> > >
> /////////////////////////////////////////////////////////////////////////////////////
> >
> > > > > > >> >> > return $this->redirect('' != $signinUrl ?
> $signinUrl :
> > > > > > >> >> > '@homepage');
> > > > > > >> >> > }
> > > > > > >> >> > }
> > > > > > >> >> > else
> > > > > > >> >> > {
> > > > > > >> >> > if ($request->isXmlHttpRequest())
> > > > > > >> >> > {
> > > > > > >> >> > $this->getResponse()->setHeaderOnly(true);
> > > > > > >> >> > $this->getResponse()->setStatusCode(401);
> >
> > > > > > >> >> > return sfView::NONE;
> > > > > > >> >> > }
> >
> > > > > > >> >> > $user->setReferer($request->getReferer());
> >
> > > > > > >> >> > $module = sfConfig::get('sf_login_module');
> > > > > > >> >> > if ($this->getModuleName() != $module)
> > > > > > >> >> > {
> > > > > > >> >> > return $this->redirect($module.'/'.sfConfig::get
> > > > > > >> >> > ('sf_login_action'));
> > > > > > >> >> > }
> >
> > > > > > >> >> > $this->getResponse()->setStatusCode(401);
> > > > > > >> >> > }
> > > > > > >> >> > }
> >
> > > > > > >> >> > }
> >
> > > > > > >> >> > Something like that or I should change something ? It
> works
> > > but
> > > > > is it
> > > > > > >> >> > correct ? I want make sure because security is very
> > > important.
> >
> > > > > > >> >> --
> > > > > > >> >> I am on twitter:http://twitter.com/alecslupu
> > > > > > >> >> I am on linkedIn:http://www.linkedin.com/in/alecslupu
> > > > > > >> >> Tel: (+4)0748.543.798
> >
> > > > --
> > > > I am on twitter:http://twitter.com/alecslupu
> > > > I am on linkedIn:http://www.linkedin.com/in/alecslupu
> > > > Tel: (+4)0748.543.798
> >
> > --
> > I am on twitter:http://twitter.com/alecslupu
> > I am on linkedIn:http://www.linkedin.com/in/alecslupu
> > Tel: (+4)0748.543.798
> >
>
--
I am on twitter: http://twitter.com/alecslupu
I am on linkedIn: http://www.linkedin.com/in/alecslupu
Tel: (+4)0748.543.798
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
